Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo
Deep Dive

White House’s state infrastructure cybersecurity initiative stalled

The Trump administration says it wants to help states implement innovative defenses. Most states are still waiting for the call to participate.

Published June 24, 2026
Eric Geller's headshot
Senior Reporter
View of the White House with flowers and fountain in front.
The White House is seen on March 27, 2012, in Washington D.C. Getty Images

Three months after the Trump administration announced a plan to help states fund cybersecurity defenses for their critical infrastructure, half of the states say they haven’t heard anything from the White House about participating in the program.

National Cyber Director Sean Cairncross said in early March that the federal government would launch a pilot program for states to accelerate the deployment of security technology at critical infrastructure facilities. He described the goal as “finding solutions at cost and an ability to scale that meet the moment and the threat,” adding that the administration was already working with Texas on its water sector, and with South Dakota on its beef industry.

With a significant enough infusion of federal dollars, the pilot program could transform how cash-strapped state and local governments work with the operators of power grids, hospitals, railways and other vital infrastructure to fend off malicious hackers intent on sowing chaos.

But despite the program’s promise, the Trump administration appears to have made little progress with it so far. At least 26 states and the District of Columbia are not involved in the program, and some of them were unaware that it even existed, according to a Cybersecurity Dive survey of state IT, cybersecurity and homeland-security agencies. In addition, the White House has said almost nothing about how the program will work, including what the federal government’s role will be. The Office of the National Cyber Director (ONCD) did not respond to numerous requests for comment for this story.

The lack of widespread engagement and detailed information raises questions about the Trump administration’s commitment to an initiative that has received widespread praise for its recognition of the crippling cybersecurity challenge facing state and local governments.

“Unlocking funds to states for critical infrastructure protection is one of the most high-impact levers the federal government has to address urgent national security threats like [Chinese government] pre-positioning on critical infrastructure and the growth in the use of advanced AI for cyber operations,” said Michael Klein, the senior director for preparedness and response at the Institute for Security and Technology and a former senior cybersecurity adviser at the U.S. Department of Education.

A man holds a microphone while sitting in a chair and looking off-camera
National Cyber Director Sean Cairncross’s office is overseeing the pilot programs.
McCrary Institute/YouTube
 

White House could address problem it worsened

The Trump administration’s new initiative could be a welcome relief for state and local governments, which have become top hacking targets because of their sensitive data, critical services and susceptibility to intense public pressure. In addition, governments’ reliance on third-party vendors creates serious supply-chain security risks that threat actors have repeatedly exploited. AI has only made things worse.

At the same time, many local governments face severe financial strains that prevent them from investing in high-quality defenses. Roughly one-fifth of localities have no dedicated cybersecurity funding, according to the Multi-State Information Sharing and Analysis Center (MS-ISAC), the security collaboration group for state and local governments, and 16% of states recently cut their cyber budgets, according to the National Association of State Chief Information Officers.

Experts say the federal government has exacerbated those problems. The Trump administration ended decades-long federal funding for the MS-ISAC, leading to an exodus of members and forcing the ISAC’s parent company to cut staff. In addition, Congress has failed to appropriate new money for a state and local cybersecurity grant program. And even if lawmakers reconstitute that program, new rules created by the Trump administration prohibit grant recipients from spending the money on MS-ISAC memberships.

“State and local governments were struggling before the recent cuts, and I’m hearing from many that it's gotten worse,” said Jeff Greene, a former senior White House and Cybersecurity and Infrastructure Security Agency (CISA) cybersecurity official.

With states scrounging for all the help they can get, the new White House program could significantly boost their fortunes, helping them protect vital and frequently targeted services such as schools, hospitals, 911 systems and courts.

“The government wants to ensure these essential, local utility operators have access to the exact same world-class cyber defenses as Fortune 500 companies,” said Brian Harrell, a former assistant director for infrastructure security at CISA. “Security should never be a luxury for the few.”

Sarah Powazek, the program director of public interest cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity, urged program managers to focus on the most vulnerable communities and to measure the benefits of funded tools and services. She said a well-designed program could break an impasse that has prevented underfunded jurisdictions from taking advantage of the best technologies.

“The tools that exist right now are at a cost that many small organizations can’t afford, and a complexity that they can’t use,” Powazek said. “That leaves a massive swath of small and medium-sized organizations … at the mercy of a confusing product marketplace that ultimately won’t help them with the basics.”

"The lack of follow-up publicly and with the states suggests a lack of urgency or seriousness, or both."

Jeff Greene

Former Executive Assistant Director for Cybersecurity at CISA and former Chief of Cyber Response and Policy at the National Security Council

“We have not heard of this program”

Even as cyber threats to state and local governments proliferate, the White House’s pilot program appears to be getting off to a slow start. None of the 26 states and Washington, D.C., that answered Cybersecurity Dive’s questions said they were involved in the program, and many of them said they hadn’t even heard of it.

“My office was not aware of this pilot program,” said Amy Hess, the executive director of the Kentucky Office of Homeland Security. “Thank you for bringing it to our attention.”

Eleven states — Arizona, Colorado, Delaware, Hawaii, Idaho, Minnesota, Nevada, New Mexico, North Dakota, Oklahoma and Oregon — said they wanted to learn more about the program and might want to join it. “We are always interested in exploring new partnerships,” said Jerred Edgar, Idaho’s chief information security and operations officer.

But only two of those states — Nevada and North Dakota — said the White House had engaged with them about the program. Nevada CIO Timothy Galluzi told Cybersecurity Dive he was eager to participate and had attended “exploratory stakeholder meetings” where ONCD officials “listened to the needs, concerns, and input [of] state representatives.” And North Dakota’s chief information security officer is scheduling a meeting with ONCD officials to learn more about the initiative, spokesman Dain Sullivan said, including its “scope, requirements and available resources.”

The White House’s limited engagement with states about the program appears to have caused some tensions as well. Arizona’s homeland-security agency contacted ONCD in mid-April after learning that Cairncross had held a call with a small number of states, said Ryan Murray, the agency’s deputy director and the state’s CISO. “We asked how to ensure the full participation of the state cyber community in future ONCD events, as it appeared many states were not invited to the Director’s call,” Murray said. “Despite the outreach, [Arizona] has not received a reply from ONCD.”

Four other states were noncommittal. Maine said it would consider participating if the White House reached out, Massachusetts said it has been discussing the program internally and New York and New Jersey said they wanted more information.

Five states — Alaska, Connecticut, Michigan, Vermont and Virginia — said they weren’t interested in joining the program. Six states — Arkansas, Kentucky, Ohio, Missouri, Utah and Washington — and the District of Columbia confirmed that they were not participating but declined to say whether or not they were interested in doing so. One state, California, declined to say whether it was participating in the program. The other 23 states — including Texas and South Dakota, the two that Cairncross named as participants — did not respond to requests for comment.

Greene, now a principal at the consulting firm Civira Partners, said the results of Cybersecurity Dive’s survey were disappointing.

“I'm sympathetic to the difficulties of standing up a nationwide program,” he said, “but the lack of follow-up publicly and with the states suggests a lack of urgency or seriousness, or both.”

Testing federal commitment and state innovation

The stakes for the pilot program are high, given both the cyber threat environment and the political environment.

The initiative will be a major test of the Trump administration’s commitment to helping state and local governments grapple with cybersecurity threats. Most experts see that commitment as minimal, given the way the administration has slashed cybersecurity funding and personnel. “The trust is frayed,” Greene said. “The state and local officials I’ve talked to are wary about government motives in a way I’ve never seen before.”

But state success stories stemming from the program could begin to change that story. “Federal funds make a massive difference in a region’s ability to defend itself from cyberattacks,” Powazek said. “I’m hopeful that this pilot program signals a re-investment by ONCD in community cybersecurity and building close SLTT relationships.”

"Security should never be a luxury for the few."

Brian Harrell

Former Assistant Director for Infrastructure Security at CISA

Galluzi, the lone state official to report participating in ONCD’s meetings, said the White House genuinely seemed to care about states’ input. “I am incredibly encouraged on the progress we are making,” he said. “It looks like they are really trying to get this right and provide the support the states need.”

In the best-case scenario, states’ solutions to cybersecurity challenges could bubble up to the national level, either becoming models for other states or transforming into federal programs that protect the entire country. “A feature of our federalist system is that states can serve as laboratories for testing policies,” said Suzanne Spaulding, a former top Department of Homeland Security cybersecurity official.

But for that to happen, the White House will need to expand its outreach to the dozens of states that still haven’t heard from it. Experts say the critical infrastructure that those governments maintain, and the residents who rely on it, can’t afford to wait any longer.

“Given the urgency of the threat and the potential for wide-scale disruption to lifeline critical infrastructure like water, power and hospitals,” Klein said, “federal investment to states focused on resilience — the ability to take a hit and continue operations — would have a powerful impact on communities across the country.”

Editors' picks

Company Announcements

View all | Post a press release
Optery Releases 2026 Enterprise Social Engineering Survey Report
From Optery
June 23, 2026
Optery logo
Strategic hires strengthen financial operations and go-to-market execution as Courser helps SM…
From Courser
June 23, 2026
Courser logo
Blackpoint Cyber Appoints Former CIA Operations Officer to Lead Adversary Pursuit Group
From Blackpoint Cyber
June 16, 2026
Blackpoint Cyber logo
AppViewX Launches Agent Identity Security to Govern Agents for the AI and Quantum Era
From AppViewX
June 16, 2026
AppViewX logo
Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell