As cybersecurity threats continue to evolve, the intersection of federal policy and state-level readiness has never been more critical. Today, we’re speaking with Dominic Jainy, an IT professional with deep expertise in artificial intelligence, machine learning, and blockchain, who brings a unique perspective to the challenges facing public sector cyber defense. With budget cuts looming and responsibilities shifting to states, Dominic offers invaluable insights into how these changes impact national security, the disparities in state preparedness, and the innovative strategies needed to protect critical infrastructure. Our conversation explores the ripple effects of federal funding decisions, the hurdles underfunded states face, and the path forward for building a resilient cyber defense system across the nation.
How do you see proposed federal budget cuts, potentially slashing the Cybersecurity and Infrastructure Security Agency’s workforce and funding, affecting our national cybersecurity posture?
These cuts are a serious concern. Reducing the agency’s workforce by nearly a third and cutting up to $495 million from its budget means fewer resources for critical programs that protect our infrastructure. It’s not just about numbers; it’s about losing expertise and the ability to respond quickly to threats. Nationally, this could create gaps in coordination and support for states, leaving us more vulnerable to sophisticated attacks. The agency plays a pivotal role in setting standards and providing guidance, so scaling back its capacity could have a cascading effect, especially on election security and regional operations.
Which specific programs or areas do you think will take the hardest hit if these budget reductions go through?
Election security programs are at the top of the list. With the administration proposing to scale back these initiatives, state and local systems could be left exposed at a time when foreign interference and domestic threats are growing. Beyond that, regional operations—those boots-on-the-ground teams that help states respond to incidents—will likely suffer. These are the programs that don’t always get headlines but are essential for day-to-day defense. Losing funding here means slower response times and less proactive threat hunting, which is a big risk.
With more cybersecurity responsibilities shifting to states and local governments, do you believe most are prepared to handle this increased burden?
Honestly, most states aren’t ready. While some have made strides, many lack the budget, staff, and technical expertise to take on these expanded roles. Wealthier states might manage by drawing on larger talent pools and better funding, but others are already stretched thin. This shift assumes a level of readiness that just doesn’t exist uniformly. Without federal support—beyond just money, but also training and coordination—many states will struggle to fill the gap.
What are some of the biggest challenges for states with limited budgets when they’re asked to step up their cybersecurity efforts?
The biggest hurdle is attracting and retaining talent. Cybersecurity professionals are in high demand, and underfunded states can’t compete with private sector salaries or even wealthier states’ benefits. Then there’s the issue of infrastructure—many states have outdated systems that need significant investment to modernize. Add to that the sheer scope of what they’re protecting, from power grids to election systems, and it’s overwhelming. Limited budgets mean they often have to prioritize, leaving some critical areas exposed.
How can the federal government better support states during this transition, aside from just providing more funding?
Federal support should focus on strategic partnerships. This means offering centralized training programs to upskill state employees, sharing threat intelligence in real-time, and helping to standardize defenses across states. Creating a framework for states to collaborate—think shared services or regional hubs—could also stretch resources further. Additionally, streamlining grant processes to be faster and more flexible would let states address urgent needs without getting bogged down in red tape.
Why do you think less wealthy states struggle so much to build strong cyber defenses compared to their wealthier counterparts?
It comes down to resources and appeal. Wealthier states can offer competitive pay, better career paths, and access to cutting-edge tools, which attract top talent. Less wealthy states often can’t match that. They also tend to have fewer educational or training programs locally, so there’s a smaller pool of skilled workers to begin with. It’s a vicious cycle—without talent, they can’t build strong defenses, and without strong defenses, they’re less attractive to professionals who want to work on impactful projects.
How significant is the problem of critical infrastructure, like power plants, being located in rural areas with fewer cybersecurity resources?
It’s a huge issue. Critical infrastructure in rural areas faces the same level of threat as anywhere else—hackers don’t care about location. But these areas often lack the budget, staff, and technical know-how to defend against sophisticated attacks. A breach at a rural power plant could disrupt service for millions or even serve as an entry point for a broader attack. The disparity in resources creates a weak link that adversaries can exploit, making it a national security concern, not just a local one.
Some states are getting creative with incentives like federal service credit to attract cybersecurity talent. Do you think these strategies can be sustainable, or are deeper changes needed?
These creative approaches are a good start, but they’re more of a Band-Aid than a long-term fix. Offering federal service credit or other perks can draw some talent temporarily, but without competitive pay, ongoing training, and clear career progression, retention will be a problem. Deeper changes—like federal-state partnerships to subsidize salaries or build regional talent pipelines—are needed to create lasting impact. It’s about building an ecosystem, not just offering one-off incentives.
Why does uneven cyber readiness across states pose such a significant risk to national security?
Uneven readiness creates vulnerabilities that adversaries can exploit. Cyber threats don’t respect state borders—if one state has weak defenses, it can become a gateway for attacks that impact the entire country. Think about interconnected systems like the power grid or financial networks; a breach in one underprepared state can ripple outward, disrupting critical services nationwide. It’s not just a local problem; it’s a collective risk that undermines our overall resilience.
Can you walk us through how an underfunded state system might become the ‘weakest link’ for a larger cyberattack?
Absolutely. Imagine a state with limited resources protecting a piece of critical infrastructure, say a water treatment facility. If their systems are outdated and understaffed, a hacker could gain access through something as simple as a phishing email. Once inside, they might not just disrupt that facility—they could use it as a stepping stone to move laterally into connected systems, like regional power grids or federal networks. Adversaries target the path of least resistance, and an underfunded state often lacks the detection and containment tools to stop an attack from spreading.
What’s your forecast for the future of state-level cybersecurity readiness if these federal budget trends and responsibility shifts continue?
If these trends persist without significant intervention, I foresee a growing divide between well-prepared and underprepared states, which will amplify national security risks. Without federal coordination and investment, many states will lag behind in adopting modern defenses like zero-trust architectures or containment strategies. This could lead to more frequent and severe breaches, especially targeting critical infrastructure and election systems. On the flip side, there’s an opportunity for innovation—if states and the federal government can collaborate on efficiency gains and shared resources, we might see a more resilient system emerge. But it’s going to take bold leadership and a sense of urgency to get there.