Budgets passed by states and localities for fiscal year 2026 are now mostly placeholders, according to William Glasgall, public finance adviser for the Volcker Alliance. When legislatures are back in session, they will have to deal with the pressure brought about by cuts that flow down from Washington. Fiscal uncertainty already has prompted several states and medium-to-large cities to freeze hiring. For example, Massachusetts Gov. Maura Healey imposed a hiring freeze in May, which covers the executive branch. Alaska Gov.
Mike Dunleavy announced a hiring freeze about the same time. While the loss of federal funding is wrinkling into multiple corners of state and local governments, four areas that are of most concern to government leaders and the private sector are disaster relief, cybersecurity, health care and social services, and education. This report delves into cybersecurity and disaster relief and preparedness.
Reduced Federal Support for Cyber
M any cities, counties and states rely on assistance from the federal Cybersecurity and Infrastruc- ture Security Agency (CISA) to help them defend against relentless cyberattacks. This partnership has gained importance, given the growing sophistication of attacks, amplified risks created by AI, chronic under- funding of local cybersecurity budgets and vulnerabilities created by outdated public sector technology systems. The Trump Administration originally proposed cutting CISA’s budget by $495 million; that amount was reduced by the House, with $134 million in cuts remaining when the final reconciliation bill passed. CISA is expected to have about 900 employees in 2026, according to Department of Homeland Security planning documents, a 65% reduction in its workforce. CISA has also formally ended federal support for the Multi-State Information Sharing and Analysis Center (MS-ISAC), which until this year had provided free cybersecurity resources to roughly 19,000 public sector members, the vast majority of which are state, local, tribal and territorial governments. MS-ISAC, which received $27 million in federal funding last year, has been fundamentally important in helping states and localities detect threats before they become disasters. It was founded as a grassroots effort about 20 years ago, when states began to collaborate on cyberthreats.
With the loss of federal funding, MS-ISAC has begun charging state and local governments for membership, with fees based on the size of the jurisdiction. “I’m afraid that we’re going to lose those under-resourced organizations that may not have the capabilities to pay for membership, or they may just not even be aware that’s available to them,” said MS- ISAC executive committee member Robert Beach in August. Beach is chief technology officer for the city of Cocoa, Florida. In a statement released in September, CISA said the changes were part of the agency’s transition to a new model to directly support state, local, tribal and territorial (SLTT) governments. The agency said it will continue to provide grants, free tools and cybersecurity expertise to states and localities. It added that the new approach “reflects CISA’s mission to strengthen accountability, maximize impact and empower SLTT partners to defend today and secure tomorrow.” Federal funding was also eliminated earlier this year for the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC), which provides critical cybersecurity tools and technical assistance to elec- tion offices across the country. This operation is now effectively halted.
4
Made with FlippingBook - Online magazine maker