Cybersecurity

Cyberattacks are rising across state and local governments, and the blog recommends that all states adopt coordinated strategies, clear standards, and stronger cyber capabilities to close security gaps and improve resilience.

State and local governments face rising cybersecurity risks that strain budgets, disrupt services, and erode public trust. Governments need targeted investments in modern infrastructure, continuous monitoring, and stronger third-party risk management to protect critical services.

Canada’s cloud debate is asking the wrong question—control, not domestic ownership or server location, is what determines security and resilience in practice.

While the U.S. has focused on securing AI systems themselves, it must urgently shift toward using AI defensively—through coordinated government, industry, and infrastructure efforts—to counter the growing threat of AI-powered cyberattacks on existing systems.

Cyberattacks on critical infrastructure—particularly health care—are escalating, and Congress should pass the Health Care Cybersecurity and Resiliency Act and expand similar sector-specific cybersecurity programs across all critical infrastructure sectors to provide tailored funding, guidance, and support.

The Trump administration’s withdrawal from international cybersecurity forums like the GFCE and Hybrid CoE risks creating gaps in global coordination, early warning, and norm-setting. Strategic disengagement must be paired with replacement mechanisms to preserve multilateral cyber capacity, maintain allied cohesion, and safeguard U.S. interests.

The UK’s proposed Cyber Security and Resilience Bill presents a much-needed opportunity to kickstart the growth of the UK’s lagging cyber insurance market, which will make businesses more resilient to the increasing frequency and significance of cyberattacks.

Transnational scam networks, often based in Southeast Asia and exploiting weak governance, have stolen billions from U.S. consumers, and effectively combating them requires bipartisan legislation, stronger public-private coordination, and sustained international cooperation.

National Cyber Director Sean Cairncross has outlined a shift toward proactive cyber deterrence, and to make it effective, he should modernize CISA 2015, secure long-term federal leadership of the CVE program, and strengthen cybersecurity coordination with U.S. allies.

Real sovereignty in digital systems isn’t about where servers sit. Canada should build sovereignty into contracts and cryptography, embedding control and security through procurement rules, Canadian-cleared personnel, and encryption safeguards.