惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cyberwarzone
Cyberwarzone
V
Vulnerabilities – Threatpost
T
Tenable Blog
Forbes - Security
Forbes - Security
Simon Willison's Weblog
Simon Willison's Weblog
AWS News Blog
AWS News Blog
G
GRAHAM CLULEY
Know Your Adversary
Know Your Adversary
S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
Project Zero
Project Zero
C
CXSECURITY Database RSS Feed - CXSecurity.com
V
Visual Studio Blog
WordPress大学
WordPress大学
Latest news
Latest news
K
Kaspersky official blog
T
Tailwind CSS Blog
T
Threat Research - Cisco Blogs
B
Blog RSS Feed
C
Cisco Blogs
博客园 - 聂微东
Martin Fowler
Martin Fowler
T
The Blog of Author Tim Ferriss
小众软件
小众软件
L
LangChain Blog
阮一峰的网络日志
阮一峰的网络日志
L
LINUX DO - 热门话题
Stack Overflow Blog
Stack Overflow Blog
罗磊的独立博客
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
P
Privacy International News Feed
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
S
SegmentFault 最新的问题
Security Latest
Security Latest
Y
Y Combinator Blog
爱范儿
爱范儿
aimingoo的专栏
aimingoo的专栏
P
Privacy & Cybersecurity Law Blog
L
LINUX DO - 最新话题
月光博客
月光博客
The GitHub Blog
The GitHub Blog
博客园 - 三生石上(FineUI控件)
S
Security Affairs
P
Proofpoint News Feed
D
DataBreaches.Net
有赞技术团队
有赞技术团队
云风的 BLOG
云风的 BLOG

Cybersecurity Dive - Latest News

Dozens of Red Hat npm packages targeted in supply chain attack Turning tension into collaboration: How CIOs and CISOs can lead together Anthropic shares Mythos with 150 more organizations, including critical infrastructure operators Without strong governance, companies put credit ratings at risk in AI era CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation How Canva scaled to 260+M users while elevating security and productivity Top 4 data security best practices for the AI-enabled enterprise CISA urges security teams to check for software development compromises How CISOs can manage sovereign-cloud security risks IBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities Enterprise data is creeping its way into shadow AI tools Coordinated operation takes down Glassworm botnet Leading AI models are more vulnerable to malicious prompts than vendors claim Iranian government, not hacktivist group, breached LA Metro system, security firm says FBI warns about PhaaS platform used to access Microsoft 365 environments Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages New York regulator calls for additional cyber mitigation amid heightened threat environment CISA asks cybersecurity community to alert it to vulnerability exploitation Grafana Labs links GitHub environment breach to TanStack npm supply chain attack 7-Eleven hit by data breach Microsoft disrupts cybercrime operation that hid behind legitimate software Compromised coding tool helped hackers breach thousands of GitHub repositories Telecom sector launches its own private ISAC Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN Grafana Labs says hacker gained access to codebase through leaked token How a government contest launched a revolution in AI-based bug hunting Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller MSPs need AI to fight AI-fueled cyberthreats: Guardz More money is going to physical security, but it’s often CISOs that oversee it: EY Frontier AI models reap rapid discovery of security vulnerabilities West Pharmaceutical starts restoring operations after ransomware attack Foxconn confirms cyberattack affecting some North American facilities OpenAI launches Daybreak to combat cyber threats Canvas owner reaches ‘agreement’ with threat actors after data breach Guardrail Technologies launches Traffic Light for Code & AI™; first security technology to verify & secure AI code and the people creating it Identity takes center stage as a leading factor in enterprise cyberattacks AI and an absent government: Takeaways from RSAC 2026 Second Canvas data breach causes major disruptions for schools, colleges AI used to develop working zero-day exploit, researchers warn New cybersecurity industry alliance aims to lead US critical infrastructure protection Identity is the new perimeter as rapid NHI proliferation threatens visibility and control Instructure confirms cybersecurity incident Anthropic’s Claude used in attempted compromise of Mexican water utility Businesses hide vast majority of ransomware attacks, report finds Palo Alto Networks warns state-linked cluster behind zero-day exploitation Businesses eager but unprepared for AI to transform their security strategies Iran-sponsored threat group behind false flag social engineering campaign NIST will test three major tech firms’ frontier AI models for cybersecurity risks Trellix investigating breach of source code repository CISA urges critical infrastructure firms to ‘fortify’ before it’s too late Critical vulnerability in cPanel leads to widespread exploitation New MOVEit vulnerabilities prompt urgent patch warning How OpenClaw’s agent skills become an attack surface White House questions tech industry on defensive AI use, cybersecurity resilience As email phishing evolves, malicious attachments decline and QR codes surge US and allies urge ‘careful adoption’ of AI agents PwC partners with Google Cloud to take on the managed security market US agencies promote zero-trust practices for operational technology networks CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog State CISOs losing confidence in ability to manage cyber risks ‘Fundamental tension’ undermines manufacturers’ cybersecurity North Korea-linked actor targets Web3 execs in social-engineering campaign US, UK authorities warn that Firestarter backdoor malware survives patching Major critical infrastructure supplier reports cyberattack When security becomes the attack surface: Why endpoint protection must evolve Hasbro expects March cyberattack to impact second-quarter revenue AI-written software creates hassles for wary security teams Iran-nexus threat groups refine attacks against critical infrastructure China disguises cyberattacks with ‘covert network’ botnets, US and allies warn Trump’s CISA director pick withdraws after tumultuous nomination Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says Microsoft SharePoint vulnerability widely exposed across multiple countries CISA urges security teams to view environments following axios compromise Big banks seek to ease security worries as AI push accelerates CISA confirms exploitation of 3 more Cisco networking device vulnerabilities Stellantis teams with Microsoft to strengthen digital capabilities Vulnerability exploitation surges often precede disclosure, offering possible early warnings Vercel systems targeted after third-party tool compromised Beyond IT: Cybersecurity is a strategic business risk TP-Link routers face exploitation attempt linked to high-severity flaw US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms CIOs fret over rising security concerns amid AI adoption CISA cancels prestigious summer internships, citing government shutdown NIST limits vulnerability analysis as CVE backlog swells Medium-severity flaw in Microsoft SharePoint exploited FCC exempts Netgear from foreign router ban FCC signals continued commitment to Cyber Trust Mark program Brute-force cyberattacks originating in Middle East surge in Q1 CISOs see gaps in their incident response playbooks US, Indonesia shut down ‘sophisticated’ phishing kit Nearly 4K industrial control devices vulnerable to Iran-linked hacking campaign Stryker warns of earnings fallout from March cyberattack NERC is ‘actively monitoring the grid’ following Iran-linked cyber threat CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog US operation evicts Russia from hacked SOHO routers used to breach critical infrastructure Iran-linked hackers target water, energy in US, FBI and CISA warn React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data Olympic Games, FIFA World Cup offer huge platforms, rich cyberattack surface Threat cluster launches extortion campaign using social engineering CISA’s vulnerability scans, field support on chopping block in Trump budget
White House’s state infrastructure cybersecurity initiative stalled
Eric Geller · 2026-06-24 · via Cybersecurity Dive - Latest News

Three months after the Trump administration announced a plan to help states fund cybersecurity defenses for their critical infrastructure, half of the states say they haven’t heard anything from the White House about participating in the program.

National Cyber Director Sean Cairncross said in early March that the federal government would launch a pilot program for states to accelerate the deployment of security technology at critical infrastructure facilities. He described the goal as “finding solutions at cost and an ability to scale that meet the moment and the threat,” adding that the administration was already working with Texas on its water sector, and with South Dakota on its beef industry.

With a significant enough infusion of federal dollars, the pilot program could transform how cash-strapped state and local governments work with the operators of power grids, hospitals, railways and other vital infrastructure to fend off malicious hackers intent on sowing chaos.

But despite the program’s promise, the Trump administration appears to have made little progress with it so far. At least 26 states and the District of Columbia are not involved in the program, and some of them were unaware that it even existed, according to a Cybersecurity Dive survey of state IT, cybersecurity and homeland-security agencies. In addition, the White House has said almost nothing about how the program will work, including what the federal government’s role will be. The Office of the National Cyber Director (ONCD) did not respond to numerous requests for comment for this story.

The lack of widespread engagement and detailed information raises questions about the Trump administration’s commitment to an initiative that has received widespread praise for its recognition of the crippling cybersecurity challenge facing state and local governments.

“Unlocking funds to states for critical infrastructure protection is one of the most high-impact levers the federal government has to address urgent national security threats like [Chinese government] pre-positioning on critical infrastructure and the growth in the use of advanced AI for cyber operations,” said Michael Klein, the senior director for preparedness and response at the Institute for Security and Technology and a former senior cybersecurity adviser at the U.S. Department of Education.

A man holds a microphone while sitting in a chair and looking off-camera

National Cyber Director Sean Cairncross’s office is overseeing the pilot programs.

White House could address problem it worsened

The Trump administration’s new initiative could be a welcome relief for state and local governments, which have become top hacking targets because of their sensitive data, critical services and susceptibility to intense public pressure. In addition, governments’ reliance on third-party vendors creates serious supply-chain security risks that threat actors have repeatedly exploited. AI has only made things worse.

At the same time, many local governments face severe financial strains that prevent them from investing in high-quality defenses. Roughly one-fifth of localities have no dedicated cybersecurity funding, according to the Multi-State Information Sharing and Analysis Center (MS-ISAC), the security collaboration group for state and local governments, and 16% of states recently cut their cyber budgets, according to the National Association of State Chief Information Officers.

Experts say the federal government has exacerbated those problems. The Trump administration ended decades-long federal funding for the MS-ISAC, leading to an exodus of members and forcing the ISAC’s parent company to cut staff. In addition, Congress has failed to appropriate new money for a state and local cybersecurity grant program. And even if lawmakers reconstitute that program, new rules created by the Trump administration prohibit grant recipients from spending the money on MS-ISAC memberships.

“State and local governments were struggling before the recent cuts, and I’m hearing from many that it's gotten worse,” said Jeff Greene, a former senior White House and Cybersecurity and Infrastructure Security Agency (CISA) cybersecurity official.

With states scrounging for all the help they can get, the new White House program could significantly boost their fortunes, helping them protect vital and frequently targeted services such as schools, hospitals, 911 systems and courts.

“The government wants to ensure these essential, local utility operators have access to the exact same world-class cyber defenses as Fortune 500 companies,” said Brian Harrell, a former assistant director for infrastructure security at CISA. “Security should never be a luxury for the few.”

Sarah Powazek, the program director of public interest cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity, urged program managers to focus on the most vulnerable communities and to measure the benefits of funded tools and services. She said a well-designed program could break an impasse that has prevented underfunded jurisdictions from taking advantage of the best technologies.

“The tools that exist right now are at a cost that many small organizations can’t afford, and a complexity that they can’t use,” Powazek said. “That leaves a massive swath of small and medium-sized organizations … at the mercy of a confusing product marketplace that ultimately won’t help them with the basics.”


"The lack of follow-up publicly and with the states suggests a lack of urgency or seriousness, or both."

Jeff Greene

Former Executive Assistant Director for Cybersecurity at CISA and former Chief of Cyber Response and Policy at the National Security Council


“We have not heard of this program”

Even as cyber threats to state and local governments proliferate, the White House’s pilot program appears to be getting off to a slow start. None of the 26 states and Washington, D.C., that answered Cybersecurity Dive’s questions said they were involved in the program, and many of them said they hadn’t even heard of it.

“My office was not aware of this pilot program,” said Amy Hess, the executive director of the Kentucky Office of Homeland Security. “Thank you for bringing it to our attention.”

Eleven states — Arizona, Colorado, Delaware, Hawaii, Idaho, Minnesota, Nevada, New Mexico, North Dakota, Oklahoma and Oregon — said they wanted to learn more about the program and might want to join it. “We are always interested in exploring new partnerships,” said Jerred Edgar, Idaho’s chief information security and operations officer.

But only two of those states — Nevada and North Dakota — said the White House had engaged with them about the program. Nevada CIO Timothy Galluzi told Cybersecurity Dive he was eager to participate and had attended “exploratory stakeholder meetings” where ONCD officials “listened to the needs, concerns, and input [of] state representatives.” And North Dakota’s chief information security officer is scheduling a meeting with ONCD officials to learn more about the initiative, spokesman Dain Sullivan said, including its “scope, requirements and available resources.”

The White House’s limited engagement with states about the program appears to have caused some tensions as well. Arizona’s homeland-security agency contacted ONCD in mid-April after learning that Cairncross had held a call with a small number of states, said Ryan Murray, the agency’s deputy director and the state’s CISO. “We asked how to ensure the full participation of the state cyber community in future ONCD events, as it appeared many states were not invited to the Director’s call,” Murray said. “Despite the outreach, [Arizona] has not received a reply from ONCD.”

Four other states were noncommittal. Maine said it would consider participating if the White House reached out, Massachusetts said it has been discussing the program internally and New York and New Jersey said they wanted more information.

Five states — Alaska, Connecticut, Michigan, Vermont and Virginia — said they weren’t interested in joining the program. Six states — Arkansas, Kentucky, Ohio, Missouri, Utah and Washington — and the District of Columbia confirmed that they were not participating but declined to say whether or not they were interested in doing so. One state, California, declined to say whether it was participating in the program. The other 23 states — including Texas and South Dakota, the two that Cairncross named as participants — did not respond to requests for comment.

Greene, now a principal at the consulting firm Civira Partners, said the results of Cybersecurity Dive’s survey were disappointing.

“I'm sympathetic to the difficulties of standing up a nationwide program,” he said, “but the lack of follow-up publicly and with the states suggests a lack of urgency or seriousness, or both.”

Testing federal commitment and state innovation

The stakes for the pilot program are high, given both the cyber threat environment and the political environment.

The initiative will be a major test of the Trump administration’s commitment to helping state and local governments grapple with cybersecurity threats. Most experts see that commitment as minimal, given the way the administration has slashed cybersecurity funding and personnel. “The trust is frayed,” Greene said. “The state and local officials I’ve talked to are wary about government motives in a way I’ve never seen before.”

But state success stories stemming from the program could begin to change that story. “Federal funds make a massive difference in a region’s ability to defend itself from cyberattacks,” Powazek said. “I’m hopeful that this pilot program signals a re-investment by ONCD in community cybersecurity and building close SLTT relationships.”


"Security should never be a luxury for the few."

Brian Harrell

Former Assistant Director for Infrastructure Security at CISA


Galluzi, the lone state official to report participating in ONCD’s meetings, said the White House genuinely seemed to care about states’ input. “I am incredibly encouraged on the progress we are making,” he said. “It looks like they are really trying to get this right and provide the support the states need.”

In the best-case scenario, states’ solutions to cybersecurity challenges could bubble up to the national level, either becoming models for other states or transforming into federal programs that protect the entire country. “A feature of our federalist system is that states can serve as laboratories for testing policies,” said Suzanne Spaulding, a former top Department of Homeland Security cybersecurity official.

But for that to happen, the White House will need to expand its outreach to the dozens of states that still haven’t heard from it. Experts say the critical infrastructure that those governments maintain, and the residents who rely on it, can’t afford to wait any longer.

“Given the urgency of the threat and the potential for wide-scale disruption to lifeline critical infrastructure like water, power and hospitals,” Klein said, “federal investment to states focused on resilience — the ability to take a hit and continue operations — would have a powerful impact on communities across the country.”