When the government steps back, who steps up to ensure adequate cyber defenses?

These are uncertain times for cyber defenders working for both the federal government and private industry. The Trump administration's aggressive tariff policies and cutting of the federal workforce has made it nearly impossible for organizations to plan budgets, staffing and investments for the rest of 2025 and beyond.

The uncertainty has left many in the cybersecurity profession worried about America's ability to fend off increasingly aggressive attacks from China, Russia, North Korea and Iran.

Cory Simpson, CEO of the Institute for Critical Infrastructure Technology (ICIT), noted that China views its cyber weaponry as tools of economic warfare as opposed to traditional warfare. "China is more motivated than ever to attack critical US infrastructure as a response to the trade war," he said.

Related content:

China has already taken responsibility for Volt Typhoon intrusions against U.S. critical infrastructure, which involved the infiltration of several industries' systems through the exploitation of zero-day bugs and other advanced tactics; and cyber espionage operations by Chinese state-backed threat group Salt Typhoon against various U.S. telecommunications firms, which led to the compromise of U.S. officials' text messages and phone calls.

Even deep cuts at the U.S. Department of Education threaten U.S. cybersecurity by disrupting education programs key to shaping the development of current and future cyber defenders, Simpson said.

This, as the US Cybersecurity and Infrastructure Security Agency faces deep personnel and funding cuts. Up to 1,300 employees, or nearly 40% of the agency's workforce, may be laid off, threatening CISA’s ability to respond to rising cyber threats from nation-states and criminal networks. The downsizing affects key functions, including red team operations, penetration testing, and public-private threat intelligence sharing.

In March, CISA halved MS-ISACs funding, curbing essential threat detection services for state and local agencies. Critics also point to the broader dismantling of advisory boards and suspension of the Critical Infrastructure Partnership Advisory Council, further eroding collaboration between sectors.

Experts warn that the cuts will undermine CISAs coordination with private industry and local governments, which rely on partnerships like the Joint Cyber Defense Collaborative and the Multi-State Information Sharing and Analysis Center. The moves follow the removal of leadership at U.S. Cyber Command and the National Security Agency.

The evolving cybersecurity landscape

As federal leadership falters, private defenders have been thrust into unprecedented leadership roles. The Institute for Critical Infrastructure Technology (ICIT) has been working to help decode what this transition means and provide guidance organizations can apply toward more autonomous, resilient cyber operations.

The overriding message: As the public sector retreats, the private sector must regroup and reimagine its own collective defense capabilities. ICIT has offered guidance to that end. The non-partisan think tank is focused on modernizing and securing the systems that underpin national security, economic stability, and public well-being. Through publications, briefings, and partnerships, ICIT is working to reframe cybersecurity as a mission that must now be owned — and led — by private institutions themselves.

In a recent report, ICIT emphasized the need for public and private organizations to focus on the “Four Rs” of cyber resilience: Resourcing, Recovery, Rehearsals, and Response. This blueprint empowers organizations to build resilience from the inside out:

This framework is designed to scale across industries and sectors, forming the foundation of a distributed but coordinated cyber defense posture. As outlined in SC World and other resources like the Iowa Counties IT, it provides a path forward even in the absence of top-down direction.

Private sector’s emerging leadership

Across industries, private entities can no longer waiting for Washington to act, Simpson reiterated. From financial services and healthcare to manufacturing and energy, companies are proactively investing in advanced security measures, sharing threat intelligence, and shaping policy discussions.

ICIT’s recent efforts include the establishment of the Center for Federal Civilian Executive Branch (FCEB) Resilience, aimed at strengthening the backbone of federal services by improving their cybersecurity maturity and resilience.

Conclusion: A call to action

Cybersecurity is no longer a shared responsibility in theory — it is now a practical reality. With public sector support waning, the private sector must organize, invest, and innovate like never before.

The time has come for private defenders to step forward. Because when the government steps back, someone must lead.

That someone is us.