CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 27, 2026

State Cyber Leaders Beg Congress for More Funding, Support

Dark Reading Archived May 27, 2026 ✓ Full text saved

A recent congressional hearing highlighted how states are reeling from federal cutbacks to important cyber grants and information sharing initiatives amid damaging attacks to critical infrastructure.

Full text archived locally
✦ AI Summary · Claude Sonnet


    THREAT INTELLIGENCE ENDPOINT SECURITY CYBERSECURITY OPERATIONS CYBER RISK Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. State Cyber Leaders Beg Congress for More Funding, Support A recent congressional hearing highlighted how states are reeling from federal cutbacks to important cyber grants and information sharing initiatives amid damaging attacks to critical infrastructure. Arielle Waldman,Features Writer,Dark Reading May 26, 2026 4 Min Read SOURCE: GANG LIU VIA ALAMY STOCK PHOTO As states grapple with sophisticated attackers, they are on their own to deliver answers. At the same time, they face harrowing budget and resource cuts. Attackers have access to tools and services to help them craft sophisticated attacks and ransomware gangs are becoming more relentless with their extortion demands – following through on data leak promises. Despite the threat pile on, states are receiving less federal help than ever. The problem came to a head earlier this month during the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection hearing titled, “State and Local Cybersecurity: Escalating Threats, Federal Partnership, and the Resilience of America’s Communities.” Security leaders for the states of Tennessee, Florida, and New York urged lawmakers at the hearing to restore funding to the Cybersecurity and Infrastructure Security Agency (CISA) and the Information Sharing Analysis Center (ISAC) ecosystem, particularly the Multi-State Information Sharing and Analysis Center (MS-ISAC).  Related:Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026 The MS-ISAC is now a subscription model rather than free, which complicates the relationship between different levels of governments. Over the past year, the administration downsized CISA's staff, resources, and funding as well.  When Colin Ahern, New York's director of security and intelligence, took the stand he called the hearing "urgent" and begged the federal government "to be a partner to all 50 states."   State leaders and CISOs also called on Congress to reauthorize and enhance the State and Local Cybersecurity Grant Program (SLCGP), which witness Kristin Darby, chief information officer for the state of Tennessee, described as "one of the most effective tools available to strengthen our collective defense."  States require more tools because as Darby highlighted, rapid AI growth accelerated attack scale and speed, threat actors increasingly rely on supply chain compromise, and exploitation of identity systems, cloud environment, and zero-days peaked. On the other hand, states face severe budget, staff, and resource cuts.  "The federal government’s actions over the past year have led to the breakdown in trust with state and local officials, particularly with respect to election cybersecurity," Darby said during the testimony.  Federal Cutbacks Affect Everyone When states need more help, it causes a trickle-down effect. Municipalities and small business are always running up against a lack of resources because of tightening municipal budgets, tightening state, and federal budgets, explains MassCyberCenter director John Petrozzelli. Faced with those shortages, it then becomes a matter of how do they prioritize resources?  Related:Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats When you layer on cyber threats, it becomes even more dangerous, Petrozzelli tells Dark Reading. He's observed increasing risks across the identity surface, from credential stealing and threat actors' breaking into user accounts. It's continuing to grow but that has been aided by AI, he warns.  "And then you have the AI tools that are on the market and tools that have been corrupted by state actors like China or Russia to use against critical infrastructure," he says.  Many federally funded services are still available to municipalities like CISA's vulnerability and web application scanning, says Petrozzelli, adding that municipalities can sign up for free. But he echoed one significant change that the Committee hearing looked to address as well. "The change is there's a cost to be a member of MS-ISAC and MS-ISAC isn't a federal entity, but they were funded by CISA," Petrozzelli says. How To Prioritize Cyber With Limited Funding As federal funding wanes, states are forced to take action on their own. Collaboration is a big component of what MassCyberCenter aims to do. Training programs are one prime example. MassCyberCenter tries to point municipalities and small businesses in the right direction, "especially if there's a person who does something better than we do." MassCyberCenter is a state-level initiative that focuses on workforce development for public and private entities, as well as boosting public cybersecurity awareness. Related:Why a 17-Year-Old Built an AI Model to Expose Deepfake Maps One source Petrozzelli  points to is the Massachusetts Executive Office of Technology Services and Security (EOTSS) which provides KnowBe4 training. That means free cybersecurity awareness training and phishing tests for municipalities or school systems. MassCyberCenter and the Office of Consumer Affairs and Business Regulation also published a joint data breach report to provide residents with feedback on data breach trends. It showed how crucial it is for organizations to patch vulnerabilities on internet-facing devices.  The center offers grants, mentorship programs, and a state-funded security operations center (SOC) that includes managed endpoint detection and response around the clock, vulnerability assessment, Active Directory, and software and asset inventory. "If someone signs up for our SOC, they get MS-ISAC membership and they get another program, malicious domain blocking and reporting plus," he says. "Someone with limited funding doesn't have to prioritize, 'Am I going to put money in this membership or this soc'?"  About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, providing context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. Her coverage areas include identity and access management, cyber risk and operations, industrial control systems, operational technology, and ransomware trends.     She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at TechTarget SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.     Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar AI-Powered Credential Security: Intelligence Without Exposure AI-Powered Cybersecurity for Resource-Constrained Organizations More Webinars You May Also Like THREAT INTELLIGENCE Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish by Jai Vijayan MAR 17, 2026 THREAT INTELLIGENCE Iran's Cyber-Kinetic War Doctrine Takes Shape by Alexander Culafi MAR 06, 2026 THREAT INTELLIGENCE React2Shell Exploits Flood the Internet as Attacks Continue by Rob Wright DEC 12, 2025 THREAT INTELLIGENCE Chinese Gov't Fronts Trick the West to Obtain Cyber Tech by Nate Nelson, Contributing Writer OCT 06, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge CYBER RISK Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks MAY 22, 2026 CYBERATTACKS & DATA BREACHES Processes & Culture Top Reasons Behind Data Breaches MAY 20, 2026 CYBER RISK How CISOs Should Prep for Agentic-Ready AI BOMs MAY 20, 2026 CYBERSECURITY ANALYTICS What Will Make AI BOMs Real? MAY 19, 2026 Read More The Edge Want more Dark Reading stories in your Google search results? LOADING... BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS
    💬 Team Notes
    Article Info
    Source
    Dark Reading
    Category
    ◇ Industry News & Leadership
    Published
    May 27, 2026
    Archived
    May 27, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗