Federal Cyber Grants for States Are Authorized but Unfunded, Officials Say

New York became the first state to set prescriptive baseline cyber rules for water systems on March 11.

Akul Saxena

Mar 25, 2026 — 3 min read

Photo of (from left) Mark Montgomery, executive director of the Foundation for Defense of Democracies; Ann Cleaveland, executive director of the UC Berkeley Center for Long-Term Cybersecurity; Colin Ahern, director of security and intelligence for the State of New York; and Nicole Tisdale, interim senior director at Aspen Digital, the Aspen Institute.

SAN FRANCISCO, March 25, 2026 — Federal cybersecurity funding for states and cities is stalling in Congress just as Chinese and Russian operators escalate attacks on the infrastructure that keeps American communities running, officials from New York state, UC Berkeley, and Washington said Tuesday at the RSA Conference here.

Threat landscape

China has pre-positioned malware across American rail, aviation, and port networks as operational preparation for potential conflict, said Mark Montgomery, executive director of the Foundation for Defense of Democracies. The foundation is a Washington-based national security policy organization. Chinese operators have concentrated on the 20,000 miles of strategic rail, 69 strategic airfields, and 18 strategic seaports the United States publicly identifies as essential to military force movement, bypassing hundreds of lower-priority facilities entirely.

The federal government issued three major strategy documents last year, covering national defense, national security, and cybersecurity, and none mentioned Volt Typhoon, the Chinese government hacking operation that spent years tunneling into American infrastructure. States and cities will not receive the resources they need to defend against it if Washington will not acknowledge it exists, Montgomery said.