Could state cybersecurity become more difficult under the Trump administration?

Amid speculation about President-elect Donald Trump’s administration and the Republican-controlled Congress, one proposal might have given state and local cybersecurity officials pause: eliminate the Cybersecurity and Infrastructure Security Agency.

Sen. Rand Paul, R-Ky., who is expected to chair the Senate Homeland Security Committee, said POLICY earlier this month that he would like to eliminate or significantly limit CISA’s powers due to concerns about its work combating disinformation.

“Although it is unlikely that we will be able to get rid of CISA, we have survived for 248 years without it,” Paul said. The agency has been around since 2018, when Trump signed it into law.

But CISA plays a crucial role for states seeking to stay on top of cybersecurity threats, and eliminating it altogether could harm those efforts. CISA works with the Multistate Information Sharing and Analysis Center to help bring together state, local, tribal, and territorial governments to share information about vulnerabilities and cyber threats, as well as to enable members to share cybersecurity best practices.

CISA also assists fusion centers, which serve as government-owned and operated information repositories that facilitate early responses to cyberattacks, and provide threat and vulnerability intelligence to vendors working with government customers. Its scope is broad, touching virtually every aspect of national and local cybersecurity.

“We’re all trying to do the right thing: stop the evil and ultimately keep people safe from a cybersecurity perspective,” said Jim Coyle, chief technology officer of the U.S. public sector at cybersecurity company Lookout. “When federal funding that helps implement these programs dries up, many things can be affected.”

A CISA spokesperson said the agency was “committed to ensuring a smooth transition” and referred all further questions to the Trump transition team. In an email, Karoline Leavitt, a spokesperson for the transition, gave no details, but said in an email that Trump was elected “with a resounding majority, giving him the mandate to implement the promises he made during the election campaign. He will deliver.

Most observers are not convinced that Paul’s speech will translate into action, not only because of the bipartisan support CISA enjoys in Congress, but also because of its many roles. “It’s a feature we would certainly like to see continue,” said Mark Ritacco, director of government affairs for the National Association of Counties.

“It sounds a lot like the kinds of things people say when they’re angry because they’re not thinking,” said Angelina Panettieri, legislative director of IT and communications for the National League of Cities. “Cybersecurity is one of those areas that is truly bipartisan, because people understand the consequences of not handling it.”

Funding for state and local cybersecurity may be a more pressing concern. The four-year, $1 billion state and local cybersecurity grant program, created as part of the bipartisan Infrastructure Act of 2021, is ending. at the end of next yearwhile other federal programs could face cuts as Trump seeks to reduce the federal budget.

While the grant program was I never go there Even if this is enough to meet state budgetary needs, it is a good start and demonstrates the federal government’s willingness to help address cybersecurity challenges.

But it must continue in one form or another, experts say.

“It’s an ongoing process,” said Sundaram Lakshmanan, Lookout’s chief technology officer. “This is not an isolated case. It’s a commitment they must make to keep up.

Outside organizations have made similar arguments. The National Association of State Information Officers has constantly argued for more work to be done to ensure the program is effective and that cybersecurity is a “top priority”. A NASCIO spokesperson declined to comment further, except to say their federal priorities next year will be “very similar” to these.

States may want to try to fill some of the cyberspace funding gap if the federal grant program ends, Panettieri said, but that could prove difficult. Many information security officials in the state said they don’t have the budget, staff or reliable expertise to protect themselves, a survey has found. earlier this year by NASCIO and Deloitte.

“I’m not sure it’s feasible, just because the need is so great,” she said. “It would be a real shame to put an end to it because states have had to develop a lot of capacity in this area, not only in cybersecurity, but also in granting subsidies within their cybersecurity entities at the state level. ‘State. It’s been an adjustment, and they’ve learned a lot over the last few years, and I think that’s something we want to continue to build on.

Despite the uncertainty, Panettieri said cybersecurity is something that has “transcended partisanship.” Even if things change in programs or federal aid, the support will still be there, she predicted.

“I don’t see a world in which this wouldn’t be a priority, simply because it’s too clear that the threat to infrastructure in particular is not diminishing over time, and it’s about a real national security problem,” she said.