David Kertai

State and local governments face rising cybersecurity risks that strain budgets, disrupt services, and erode public trust. Governments need targeted investments in modern infrastructure, continuous monitoring, and stronger third-party risk management to protect critical services.

While the U.S. has focused on securing AI systems themselves, it must urgently shift toward using AI defensively—through coordinated government, industry, and infrastructure efforts—to counter the growing threat of AI-powered cyberattacks on existing systems.

Cyberattacks on critical infrastructure—particularly health care—are escalating, and Congress should pass the Health Care Cybersecurity and Resiliency Act and expand similar sector-specific cybersecurity programs across all critical infrastructure sectors to provide tailored funding, guidance, and support.

AI-enabled “ghost student” scams are siphoning millions in federal financial aid by exploiting weak, document-based identity verification systems at U.S. colleges. While the Department of Education has tightened ID checks, Congress should establish interoperable, high-assurance digital IDs to prevent fraud at scale and ensure aid reaches real students.

The India AI Impact Summit will test whether the United States can position itself as a credible AI partner to emerging economies by advancing collaboration with India on adoption, compute equity, and governance to deliver secure, scalable, and impactful AI deployment.

The Trump administration’s withdrawal from international cybersecurity forums like the GFCE and Hybrid CoE risks creating gaps in global coordination, early warning, and norm-setting. Strategic disengagement must be paired with replacement mechanisms to preserve multilateral cyber capacity, maintain allied cohesion, and safeguard U.S. interests.

Transnational scam networks, often based in Southeast Asia and exploiting weak governance, have stolen billions from U.S. consumers, and effectively combating them requires bipartisan legislation, stronger public-private coordination, and sustained international cooperation.

The proposed AI-Related Job Impacts Clarity Act would create misleading, unhelpful data and unfairly stigmatize AI adoption, diverting attention from more effective ways to measure technology’s real impacts and support workers.

National Cyber Director Sean Cairncross has outlined a shift toward proactive cyber deterrence, and to make it effective, he should modernize CISA 2015, secure long-term federal leadership of the CVE program, and strengthen cybersecurity coordination with U.S. allies.

The EU’s Cyber Crisis Management Blueprint establishes a coordinated framework for member states to prevent, respond to, and recover from large-scale cyber incidents, strengthening resilience, interoperability, and operational readiness while providing a model for other regional institutions.

The Strengthening Cyber Resilience Against State-Sponsored Threats Act is a timely and necessary response to the growing threat posed by state-sponsored cyber actors, particularly from China, but Congress should further refine it to truly future-proof the nation’s cybersecurity posture.

China has spent the last five years escalating a coordinated cyber campaign against Europe—targeting lawmakers, infrastructure, and institutions—even as the EU considers deepening economic ties, exposing a dangerous contradiction in its approach to Beijing.