惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Apple Machine Learning Research
Apple Machine Learning Research
AWS News Blog
AWS News Blog
Google DeepMind News
Google DeepMind News
U
Unit 42
博客园 - 叶小钗
博客园 - 聂微东
GbyAI
GbyAI
Stack Overflow Blog
Stack Overflow Blog
有赞技术团队
有赞技术团队
aimingoo的专栏
aimingoo的专栏
D
DataBreaches.Net
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Jina AI
Jina AI
美团技术团队
The Cloudflare Blog
M
MIT News - Artificial intelligence
Microsoft Azure Blog
Microsoft Azure Blog
I
InfoQ
S
Schneier on Security
C
Check Point Blog
Project Zero
Project Zero
The Hacker News
The Hacker News
Scott Helme
Scott Helme
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cisco Talos Blog
Cisco Talos Blog
P
Privacy International News Feed
SecWiki News
SecWiki News
Latest news
Latest news
MongoDB | Blog
MongoDB | Blog
S
Secure Thoughts
Google Online Security Blog
Google Online Security Blog
F
Fortinet All Blogs
博客园 - 三生石上(FineUI控件)
H
Help Net Security
TaoSecurity Blog
TaoSecurity Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Last Week in AI
Last Week in AI
P
Privacy & Cybersecurity Law Blog
Forbes - Security
Forbes - Security
G
GRAHAM CLULEY
N
Netflix TechBlog - Medium
L
Lohrmann on Cybersecurity
A
About on SuperTechFans
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
PCI Perspectives
PCI Perspectives
大猫的无限游戏
大猫的无限游戏
T
Troy Hunt's Blog
H
Hacker News: Front Page
Vercel News
Vercel News

Lohrmann on Cybersecurity

On AI Ethics: Why Prompt Engineering Needs a Moral Compass Navigating NIST’s New Cybersecurity AI Frontier AI at Work: Employees Aren’t Waiting for Permission AI, Mind Reading and Microchip Brain Implants The Global State of Technology Risk in 2026 The Mythos Race: Trump’s New EO and Glasswing’s Expansion No Longer Invisible: When Cyber Attacks Go Physical How New College Grads Can Succeed in an AI Economy Protecting People and Infrastructure: A 2026 World Cup Security Preview ‘CI Fortify’ Is the New Road Map for State and Local Resilience A Tale of Two States: The 2026 Cybersecurity Paradox The Great Stay: Why Tech Talent Is Choosing Stability Over Salary A History of Global Hacking — and Where It’s Going Next Why Anthropic’s Mythos Is a Systemic Shift for Global Cybersecurity Post-Quantum Cryptography: Moving From Awareness to Execution RSAC 2026 Highlights: From Agentic AI to Active Defense What Is Physical AI, and What Does It Mean for Government? Securing Critical Infrastructure in a Time of War From Michigan to Silicon Valley: A Conversation With Mohamad Yassine Defending Your Castle: Best Practices for Smart Home Security Your Smart Home Is Watching You: Privacy in the Age of AI Robots How Global Power Struggles Are Rewriting Cyber Defense After TikTok: Navigating the Complex Web of Foreign Tech Bans
New Federal Strategies, Rising Risk From Iran Top Cyber Themes
2026-03-15 · via Lohrmann on Cybersecurity

The third annual Billington State and Local CyberSecurity Summit was held in Washington, D.C., from March 9-11, and this year’s event was the largest so far, with more federal, state and local government leaders, private-sector companies and cybersecurity professionals from across the nation attending.

I attended and was a moderator for four sessions, and I was once again very impressed with this cyber summit for the level of available interactions and deep cyber discussions that took place between federal and state, local and education organizational leaders. I think these interactions are especially important at this time because of the ongoing war in Iran as well as the reality that the federal government will not be attending the RSA Conference this year in San Francisco that begins on March 23.

This blog is dedicated to exploring some of the top themes and messaging that came out of the event for 2026.


TOP THEMES AT BILLINGTON CYBER EVENT

Back in mid-February, the top themes coming into the summit were initially projected to be AI and critical infrastructure protection. These sessions covered these topics:

  • Mar 10: Understanding Today's Cybersecurity Adversaries —This panel of public- and private-sector experts explores how cyber adversaries are taking advantage of a climate that is more digitally connected and dependent upon smarter, automated and geo-dispersed functions.
  • Mar 10: Getting Data Ready for AI — This panel will discuss the key steps in AI data preparation and why they are essential to effectively preparing data for use by AI systems.
  • Mar 10: Protecting Software Supply Chains — Panelists examine the growing challenges of securing the software supply chain, discussing recent threats, emerging regulations, and best practices for ensuring transparency, trust, and resilience across the technology ecosystem.
  • Mar 11: State of Cyber in Secondary Education — This session explores the current state of cybersecurity in secondary schools, where limited resources and growing digital dependence create unique challenges. Leaders will discuss recent incidents, evolving threats, and effective strategies for safeguarding student data, learning platforms, and administrative systems.
  • Mar 11: Addressing Cloud Security Threats — Bad actors continue to find new vulnerabilities in the way that organizations are leveraging cloud technology. This panel of experts will explore learnings in terms of persistent cloud attack methodologies and how to mitigate them.

NEW FEDERAL CYBER STRATEGY STEALS THE SHOW

Nevertheless, the release of President Donald Trump’s Cyber Strategy for America, announced on March 6, 2026, as well as the cyber implications regarding events surrounding the conflicts in the Middle East, became the top takeaways from the summit, in my opinion.

Here is some of the press coverage of National Cyber Director Sean Cairncross’ words on the new strategy:

GovCIO Media: National Cyber Strategy Moves Beyond Reactive Cyber Defense — “National Cyber Director Sean Cairncross said the strategy prioritizes deterrence, infrastructure security and faster information sharing.”

Cybersecurity Dive: Trump administration will test infrastructure cybersecurity approaches in pilot program “The Trump administration plans to pilot-test security technologies with specific critical infrastructure communities across the country as it implements its new cybersecurity strategy.

“The goal of the pilot programs is to ‘make sure that we can deploy new technology much more quickly than we’ve done in the past,’ National Cyber Director Sean Cairncross said on Monday during an event hosted by USTelecom.

“The White House is still inviting states and businesses to apply to participate in the program, but Cairncross said confirmed participants include the water sector in Texas, the beef industry in South Dakota and rural hospitals in unspecified states.”

TheNational: US to take on nations that carry out cyber attacks, White House adviser says — “Several weeks before the strikes on Iran, cyber security company Acronis warned that its experts had discovered a new malware campaign aimed at supporters of protests throughout the country.

“Months before, FBI assistant director Brett Leatherman said that he was seeing increased attack attempts against US digital infrastructure from Iran, adding that any successful cyber attack affecting critical technology systems would probably be considered an act of war.

“In its 2025 digital defense report, Microsoft also warned about cyber crime originating from Iran."

One more. I moderated a panel on Salt Typhoon and Volt Typhoon attacks and lessons learned, but we also covered the current Iranian cyber threats from the perspective of multiple states and the FBI. This Government Technology article was released on Thursday, March 12, after the Billington event was over: Stryker Cyber Attack Raises Concerns for State and Local Govt.:

“State, local, tribal and territory (SLTT) governments continue to raise questions about what effects the war in Iran could have on U.S. cybersecurity, and on Thursday discussed takeaways from the March 11 cyber attack on Stryker.

“The attack, confirmed as a global disruption to Stryker’s Microsoft environment and claimed by Iran-linked Handala, was a touchpoint for those on a Thursday call with the Multi-State Information Sharing and Analysis Center (MS-ISAC). Cybersecurity advisers have been taking the lead on membership calls to address concerns stemming from the Iran war.

“MS-ISAC analysts said afterward that the Stryker attack was of concern for various reasons. Iranian and Iran-linked hackers often attack the health-care sector, in which SLTTs have ownership. Those hackers also target public schools and municipally owned critical infrastructure.”

Cybersecurity and Infrastructure Security Agency Acting Director and Executive Assistant Director for Cybersecurity Nick Anderson seated on stage with another person and having a discussion at the 2026 Billington State and Local Cybersecurity Summit
Cybersecurity and Infrastructure Security Agency Acting Director and Executive Assistant Director for Cybersecurity Nick Anderson (left) in a fireside chat at the 2026 Billington State and Local CyberSecurity Summit.

Dan Lohrmann

NEW CISA ACTING DIRECTOR ANDERSON FIRESIDE CHAT

CISA’s new Acting Director Nick Anderson also spoke at the event, and as the former CISO for Vermont, Nick did a great job of articulating the importance of the new cyber strategy to state and local governments and others.

I wrote this post on that session on LinkedIn. Here is an excerpt: “I was impressed with the comments by Nicholas Andersen, who is the Acting CISA Director, at the Billington State and Local CyberSecurity Summit yesterday morning. Really nice job.

“Nick Andersen was the CISO in Vermont, and he understands the state and local cyber challenges better than most. He is smart, articulate, precise and even funny. It was great to catch up with him after his remarks.

“His main points were to highlight the president's new cybersecurity strategy, which I will write about more this weekend.”

FINAL THOUGHTS

C-SPAN also covered the Billington event, and the session on federal, state and local cybersecurity partnerships can be seen on C-SPAN here.

I also want to highlight other coverage of the Iran cyber threat. Here is an article from the Associated Press: Iran-linked hackers take aim at US and other targets, raising risk of cyberattacks during war.