Aligning state and local AI security investments with the Cyber Strategy for America

Eugene Mymrin via Getty Images

Featured eBooks
Artificial Intelligence and Efficiency
Changing Workforce
Future of Tech Infrastructure
Insights & Reports
Future-Proofing Your Finance Cycle Management
Presented By ClearGov
Download Now
Beyond black box AI: A better approach to legal data intelligence
Presented By Relativity
Download Now
By Dave Stroth

By Dave Stroth

|

COMMENTARY | State and local leaders do not need to start from scratch to strengthen their cyber posture. The federal strategy offers a practical path forward.

The White House’s Cyber Strategy for America outlines six pillars that will shape future cybersecurity priorities and funding for the public sector. While the strategy is focused on federal agencies, it can also be a guide map for state and local government, helping entities drive toward a "whole of state” cybersecurity model.

This is essential since state and local agencies are facing a more dangerous cyber threat landscape than even a few years ago, according to a 2025 report from the Center for Internet Security. Foreign adversaries are targeting local infrastructure daily, from water systems to public schools, according to CIS.

Within the strategy, pillars four and five — securing critical infrastructure and utilizing emerging technologies — are ripe with guidance for state and local leaders, providing clear pathways for modernizing cyber defenses and security operations center activity.

State and local agencies often don't have the resources or institutional insights to directly map out holistic cyber strategies — in fact, the CIS report underscores this need, saying 68% of state, local, tribal and territorial governments lack the budget to address major cybersecurity priorities.

That makes the strategy a vital outline for how state and local agencies should prioritize their security needs, now and into the future. It also shows the importance of deploying a unified, AI-ready data foundation that reduces total cost of ownership and empowers state and local leaders to master their data for AI-driven action.

Securing Critical Infrastructure

Pillar four focuses on securing America’s critical infrastructure, including the energy grid, water utilities and operational technology. FBI data shows ransomware complaints from U.S. critical-infrastructure organizations rose from 870 in 2022 to 1,193 in 2023, then increased another 9% in 2024. That’s roughly a 50% rise in two years.

Hardening critical infrastructure to combat this increase in attacks requires unparalleled visibility across IT and operational technology environments. Unlike tools that force teams to stitch together insights across disconnected systems, a modern, integrated data platform provides a holistic view of IT and OT infrastructure.

This is important when building a “whole of state” cybersecurity strategy — achieving this posture requires a platform capable of securely handling multi-tenant data across municipal, county and state agencies, without runaway licensing costs.

This unified approach serves as an AI-ready data foundation, helping state and local agencies defend critical infrastructure, through:

  • AI-driven data management and threat detection. State and local security teams are often overwhelmed by the volume and complexity of unstructured data. AI capabilities can help automate log parsing, respond to natural-language queries and provide critical context. Agencies benefit from reduced investigation time and streamlined analyst workflows, helping resource-constrained teams focus on higher-value threat detection and response.
  • Cost-effective log retention and compliance. Data storage approaches that align retention with access needs can help agencies preserve long-term data access without creating unsustainable expenses. This is increasingly important as logging requirements expand, and state and local agencies seek practical ways to support records retention, cybersecurity mandates and audit readiness.
  • Support for open standards and interoperability. State and local organizations benefit from technologies that work across existing environments rather than forcing wholesale replacement. Platforms built around open standards make it easier for agencies to standardize data structures and workflows across cloud, on-premises and hybrid environments, which is critical for long-term modernization and agency collaboration.

Integrating AI-Driven Security

The fifth pillar in the strategy outlines the need for emerging technologies in the fight against cyber adversaries moving at machine speed. This is just as true for state and local agencies that are guarding sensitive citizen information, like health and financial data.  

Many states are already taking steps to integrate generative and agentic AI into their operations, according to a NASCIO survey from March. In July of 2025, Virginia’s then-Gov. Glenn Youngkin issued an executive order to use agentic AI to improve government efficiency. Tennessee is looking for a next generation ERP solution with agentic AI capabilities to detect compliance risks and identify potential fraud.

For agencies still “dipping their toes in” or struggling to bridge this adoption gap, mapping to federal guidance is best achieved through an AI-ready data foundation that centralizes access and breaks down data silos — a prerequisite for modern SOC operations.

With this in place, teams can then properly lean on AI-powered security solutions, like a security information event management platform. An AI-driven SIEM accelerates threat detection and provides explainable context that helps resource-constrained SOC teams understand the "why" behind a threat. This governed environment also mitigates "Shadow AI" risks by providing a secure, internal alternative to unmanaged consumer tools.

Federal and state agencies that have already deployed an AI-driven SIEM noted that features like alert triage, automation and chat-based guidance have been differentiators in successfully protecting government systems from cyberattacks and enabling cyber teams to work more efficiently.

Cyber alert triage uses large language models to prioritize, analyze and correlate security alerts, reducing analyst alert fatigue and enabling SOC teams to prioritize the highest profile threats instead of chasing false positives.

Success at CA EDD With AI-Driven Security

When California's Employment Development Department wanted to modernize its networks, the agency turned to some of the same kind of AI-enabled cyber tools outlined in the new strategy.

The organization, which manages the state’s benefits programs, is on a multi-year modernization journey to transform CX, making sure users are supported and well protected within EDD systems and applications. Since EDD handles billions of points of data, a big challenge was balancing between making that data easily accessible to beneficiaries and making sure it was safe from cyber attacks.

EDD found that balance by deploying a unified, AI-powered SIEM platform that consolidates data across their entire IT environment, providing its cyber team with holistic visibility across thousands of servers. By collecting and normalizing system and transactional data into one location, the security team can more easily find patterns and spot vulnerabilities.

The EDD security team handles more than 80,000 alerts per month and the AI-driven features of the organization’s modern SIEM platform has assisted the security team in prioritizing alerts by detecting unknown threats and highlighting the most important ones. This significantly lowers the average time to detection, making operations more direct and clear for analysts.

EDD and the citizens it serves have already begun to reap the benefits of this modern solution that utilizes agentic AI, including:

  • 99% reduction in mean time to respond to cyber events. 
  • 850 billion records secured across 14,000 endpoints, to-date.
  • 3,000 servers connected across EDD.

State and local leaders do not need to start from scratch to strengthen their cyber posture. The Cyber Strategy for America offers a practical, credible framework for protecting the essential services communities rely on every day.

With an AI-ready data foundation set, state and local agencies aren’t just prepared for improved security, but will address budget deficits by consolidating redundant tools and reducing the massive costs associated with legacy ingest models.

From there, implementing AI-driven security solutions will help leaders execute a "whole of state" cybersecurity strategy and achieve modernized SOC performance. At a time when threats are growing more aggressive and resources remain constrained, following this roadmap is not just prudent policy, it’s a necessity.

Dave Stroth is Area VP of U.S. SLED at Elastic.

NEXT STORY: ‘No time to waste’ in prepping governments for AI cyber threats, top Dem lawmaker says

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.