State and local government leaders said on Tuesday that shrinking federal grant support and tighter local budgets are forcing them to rethink how they fund and scale zero trust efforts, even as cyber threats continue to grow.
Speaking during a panel at the Illumio Public Sector Summit in Reston, Va., officials said the biggest obstacle to zero trust progress is often not technology, but funding.
For years, the federal government “gave a lot of money to SLED entities, and that spigot has been turned off as of late,” said Mark Gardner, senior director of national state, local, and education (SLED) sales at cybersecurity firm Illumio.
That reality is hitting state and local governments that are already stretched thin. Elizabeth Di Bene, chief information security officer (CISO) for Loudoun County, Va., said her team operates with limited personnel, forcing difficult prioritization decisions.
When making those decisions, Di Bene stressed that “mission-critical” always outweighs “nice to have.”
“I only have five people in my department, and so that means I need to look at managed solutions that come with the package,” she said. “So, that is really how I’m scaling my proposals to go forward.”
John Bayliss, director of the Office of Technology at the Metropolitan Washington Council of Governments (COG), added that many regional security programs were built on federal grants, which are no longer a reliable funding source.
“COG is very heavily dependent on these federal grants,” Bayliss said, pointing to transportation, environmental, and public safety initiatives.
“On the public safety side, we had a bunch of UASI [Urban Area Security Initiative] grants that funded a lot of our regional programs … but that funding dried up for the most part,” he said, referring to a grant program from the Federal Emergency Management Agency.
Bayliss said the loss of grant funding has forced a shift toward local investment, explaining that “those counties that you all live in, your taxes … helps fund COG.”
“That was always the plan. We don’t want to be always dependent on grants, and there was a plan to transition it. [But] it happened about a year earlier than we were planning,” he said.
That funding transition creates ripple effects across jurisdictions, where leaders must balance cybersecurity with other urgent public needs.
“I’ve had a school system tell me, ‘Well, you know, I got my security budget cut in half because we had to hire more teachers,’” Bayliss said. “Those are the kind of decisions that everybody’s making at the local level.”