The Gaming Boardroom

Federal Cuts Put Local, State Agencies at Cyber-Risk

Steve Tyler Leave a comment

Federal Cuts Put Local, State Agencies at Cyber-Risk

Summary

Cybercriminals and nation-state actors are increasingly targeting state and local governments, just as federal cybersecurity funding and staffing that once supported those jurisdictions are being cut. Recent high-profile incidents — including ransomware hits on Nevada and the City of St. Paul, attacks on tribal and state offices, and a ransomware incident affecting Pennsylvania’s Attorney General’s Office — show smaller public-sector organisations are vulnerable because of tighter budgets, fewer experts and reduced federal assistance.

The article highlights reported reductions at CISA, a $10m cut to the Center for Internet Security (CIS) that houses MS-ISAC/EI-ISAC, and broader workforce reductions. Experts warn that while attack volumes may not uniformly rise, the sophistication and operational impact of incidents are increasing: attackers focus on zero-day exploits and operational infrastructure to maximise disruption and ransom pressure. Recommended defensive measures include improved monitoring, immutable backups, regular patching, resilience exercises, and maintaining manual backup processes for critical services.

Key Points

  • Federal cuts and staff reductions at agencies such as CISA reduce the assistance available to state and local governments.
  • Recent attacks on Nevada and St. Paul illustrate operational disruption and high recovery costs (St. Paul’s attack estimated at c. $17m).
  • Attack sophistication is rising — adversaries exploit zero-days and target operational infrastructure to increase pressure on victims.
  • Experts urge resilience measures: network/endpoint/cloud monitoring, immutable backups, patching and employee training.
  • Local governments should rehearse worst-case scenarios and keep manual processes ready to maintain critical services during outages.
  • Restoring federal information-sharing programmes and grant funding (eg MS-ISAC/state/local grants) is seen as crucial to reducing systemic risk.

Why should I read this?

Short version: if you work with or rely on local government IT, this matters — big time. The article lays out why budget cuts at the top leave councils, services and utilities exposed, and gives practical, no-nonsense advice on what to shore up now so essential services keep running when systems fail.

Author style

Punchy and direct — the piece flags the hard numbers, names recent incidents, and doesn’t mince words about the policy choices that make local bodies easy targets. If you need to brief decision-makers or justify cyber spending, this is the kind of concise, evidence-backed write-up that’ll sharpen your case.

Context and Relevance

This article sits at the intersection of cybercrime trends, public-sector budgeting and national resilience. It’s relevant to CISOs, local authority leaders, emergency planners and suppliers to the public sector. The issues raised mirror broader trends: attackers prioritising operational impact, the need for zero-trust monitoring, and the strategic importance of funding information-sharing and response programmes. For anyone responsible for public services, the piece underscores that cyber risk is not just an IT problem but a continuity and national-security issue.

Source

Source: https://www.darkreading.com/cyber-risk/federal-cuts-local-state-agencies-risk

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 The Gaming Boardroom. All rights reserved.