State Cyber Leaders Beg Congress for More Funding, Support TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposbyRob WrightMay 26, 20264 Min ReadApplication SecurityThe Hackers Behind Shai-Hulud: Lucky or Skilled?The Hackers Behind Shai-Hulud: Lucky or Skilled?byAlexander CulafiMay 26, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite PapersHeard It From a CISOReporters' NotebookPartner PerspectivesMeet the EditorsAdvertise With Us About UsDark Reading Resource LibraryThreat IntelligenceEndpoint SecurityCybersecurity OperationsCyber RiskCybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.State Cyber Leaders Beg Congress for More Funding, SupportA recent congressional hearing highlighted how states are reeling from federal cutbacks to important cyber grants and information sharing initiatives amid damaging attacks to critical infrastructure.Arielle Waldman,Features Writer,Dark ReadingMay 26, 20264 Min ReadSource: Gang Liu via Alamy Stock PhotoAs states grapple with sophisticated attackers, they are on their own to deliver answers. At the same time, they face harrowing budget and resource cuts.Attackers have access to tools and services to help them craft sophisticated attacks and ransomware gangs are becoming more relentless with their extortion demands – following through on data leak promises. Despite the threat pile on, states are receiving less federal help than ever.The problem came to a head earlier this month during the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection hearing titled, “State and Local Cybersecurity: Escalating Threats, Federal Partnership, and the Resilience of America’s Communities.” Security leaders for the states of Tennessee, Florida, and New York urged lawmakers at the hearing to restore funding to the Cybersecurity and Infrastructure Security Agency (CISA) and the Information Sharing Analysis Center (ISAC) ecosystem, particularly the Multi-State Information Sharing and Analysis Center (MS-ISAC). Related:Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026The MS-ISAC is now a subscription model rather than free, which complicates the relationship between different levels of governments. Over the past year, the administration downsized CISA's staff, resources, and funding as well. When Colin Ahern, New York's director of security and intelligence, took the stand he called the hearing "urgent" and begged the federal government "to be a partner to all 50 states."  State leaders and CISOs also called on Congress to reauthorize and enhance the State and Local Cybersecurity Grant Program (SLCGP), which witness Kristin Darby, chief information officer for the state of Tennessee, described as "one of the most effective tools available to strengthen our collective defense." States require more tools because as Darby highlighted, rapid AI growth accelerated attack scale and speed, threat actors increasingly rely on supply chain compromise, and exploitation of identity systems, cloud environment, and zero-days peaked.On the other hand, states face severe budget, staff, and resource cuts. "The federal government’s actions over the past year have led to the breakdown in trust with state and local officials, particularly with respect to election cybersecurity," Darby said during the testimony. Federal Cutbacks Affect EveryoneWhen states need more help, it causes a trickle-down effect. Municipalities and small business are always running up against a lack of resources because of tightening municipal budgets, tightening state, and federal budgets, explains MassCyberCenter director John Petrozzelli. Faced with those shortages, it then becomes a matter of how do they prioritize resources? Related:Cybersecurity Predictions for 2026: Navigating the Future of Digital ThreatsWhen you layer on cyber threats, it becomes even more dangerous, Petrozzelli tells Dark Reading. He's observed increasing risks across the identity surface, from credential stealing and threat actors' breaking into user accounts. It's continuing to grow but that has been aided by AI, he warns. "And then you have the AI tools that are on the market and tools that have been corrupted by state actors like China or Russia to use against critical infrastructure," he says. Many federally funded services are still available to municipalities like CISA's vulnerability and web application scanning, says Petrozzelli, adding that municipalities can sign up for free. But he echoed one significant change that the Committee hearing looked to address as well."The change is there's a cost to be a member of MS-ISAC and MS-ISAC isn't a federal entity, but they were funded by CISA," Petrozzelli says.How To Prioritize Cyber With Limited FundingAs federal funding wanes, states are forced to take action on their own. Collaboration is a big component of what MassCyberCenter aims to do. Training programs are one prime example. MassCyberCenter tries to point municipalities and small businesses in the right direction, "especially if there's a person who does something better than we do." MassCyberCenter is a state-level initiative that focuses on workforce development for public and private entities, as well as boosting public cybersecurity awareness.Related:Why a 17-Year-Old Built an AI Model to Expose Deepfake MapsOne source Petrozzelli  points to is the Massachusetts Executive Office of Technology Services and Security (EOTSS) which provides KnowBe4 training. That means free cybersecurity awareness training and phishing tests for municipalities or school systems. MassCyberCenter and the Office of Consumer Affairs and Business Regulation also published a joint data breach report to provide residents with feedback on data breach trends. It showed how crucial it is for organizations to patch vulnerabilities on internet-facing devices. The center offers grants, mentorship programs, and a state-funded security operations center (SOC) that includes managed endpoint detection and response around the clock, vulnerability assessment, Active Directory, and software and asset inventory."If someone signs up for our SOC, they get MS-ISAC membership and they get another program, malicious domain blocking and reporting plus," he says. "Someone with limited funding doesn't have to prioritize, 'Am I going to put money in this membership or this soc'?" About the AuthorArielle WaldmanFeatures Writer, Dark ReadingArielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, providing context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. Her coverage areas include identity and access management, cyber risk and operations, industrial control systems, operational technology, and ransomware trends.    She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at TechTarget SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.   See more from Arielle WaldmanWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyEssential News & Insights from Black Hat USA 2025How Enterprises Are Harnessing Emerging Technologies in CybersecurityAccess More ResearchWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackDefending in the Shadow Era: When the CVE Feed Goes DarkBuilding SecOps That Make the Most of Every DollarAI-Powered Credential Security: Intelligence Without ExposureAI-Powered Cybersecurity for Resource-Constrained OrganizationsMore WebinarsEdge PicksApplication SecurityAI Agents in Browsers Light on Cybersecurity, Bypass ControlsAI Agents in Browsers Light on Cybersecurity, Bypass ControlsCyber RiskBrowser Extensions Pose Heightened, but Manageable, Security RisksBrowser Extensions Pose Heightened, but Manageable, Security RisksLatest Articles in The EdgeCyber RiskVerizon DBIR: Healthcare Fends Off Increased Social Engineering AttacksMay 22, 2026|5 Min ReadCyberattacks & Data BreachesProcesses & Culture Top Reasons Behind Data BreachesMay 20, 2026|6 Min ReadCyber RiskHow CISOs Should Prep for Agentic-Ready AI BOMsMay 20, 2026|11 Min ReadCybersecurity AnalyticsWhat Will Make AI BOMs Real?May 19, 2026|3 Min ReadRead More The EdgeWant more Dark Reading stories in your Google search results?Black Hat Asia | Marina Bay Sands, SingaporeExperience cutting-edge cybersecurity insights in this four-day event. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

State cyber leaders recently advocated before Congress for increased funding and support, highlighting the systemic challenges states face in addressing escalating cyber threats to critical infrastructure amidst federal cutbacks to cybersecurity grants and information sharing initiatives. This concern was brought to the forefront during the House Homeland Security Subcommittee hearing on state and local cybersecurity, which examined the escalating threats and the efficacy of federal partnerships. Security leaders from states including Tennessee, Florida, and New York emphasized the critical need to restore funding to agencies like the Cybersecurity and Infrastructure Security Agency (CISA) and the Information Sharing Analysis Center (ISAC) ecosystem, particularly the Multi-State Information Sharing and Analysis Center (MS-ISAC).

A significant complication arose as the MS-ISAC transitioned to a subscription model rather than operating freely, which altered the relationship between various governmental levels. Concurrently, the federal administration had reduced the staffing, resources, and funding allocated to CISA over the preceding year. Furthermore, states asserted that they require additional tools because rapid advancements in artificial intelligence accelerated attack scale and speed, leading to a greater reliance by threat actors on supply chain compromises and the exploitation of identity systems, cloud environments, and zero-day vulnerabilities. Kristin Darby, chief information officer for the state of Tennessee, noted that these heightened risks necessitate more robust defenses.

These federal actions have created a detrimental trickle-down effect, as municipalities and small businesses face resource shortages due to tightening municipal, state, and federal budgets, forcing difficult prioritization decisions regarding cyber security spending. John Petrozzelli, director of the MassCyberCenter, observed that when layered upon cyber threats, risks multiply, especially concerning identity surface issues, which are being further exacerbated by artificial intelligence-aided credential theft and the use of AI tools corrupted by state actors against critical infrastructure. While some federally funded services, such as CISA’s vulnerability and web application scanning, remain available free of charge to municipalities, Petrozzelli pointed out a systemic issue regarding cost; the MS-ISAC is not a federal entity but was funded by CISA, leading to questions about equitable access.

To navigate these resource constraints, states are increasingly focusing on collaboration and targeted workforce development initiatives. The MassCyberCenter promotes training programs and seeks to guide municipalities and small businesses toward effective resource allocation, emphasizing the importance of upskilling personnel. Effective measures for bolstering defense include free cybersecurity awareness training and phishing tests, such as those offered through the Massachusetts Executive Office of Technology Services and Security (EOTSS) KnowBe4 training, and state-funded security operations centers that incorporate managed endpoint detection and response, vulnerability assessments, and asset inventory management. Petrozzelli suggests that by engaging in these collaborative efforts, entities with limited funding can prioritize necessary security measures without having to choose between membership fees for groups like the MS-ISAC and operational security infrastructure. These initiatives demonstrate that providing direct resources, like a state-funded security operations center, inclusive of broader sharing mechanisms, allows entities to manage limited budgets effectively against complex, evolving cyber risks.