Presented by GDIT
At the 2026 Billington State and Local Government Cybersecurity Summit, Dr. Mischa Beckett, Deputy CISO and Director of Cyber Threat Intelligence at GDIT, delivered a timely warning to government officials: the cyber threat landscape is no longer a federal concern alone. State and local governments are increasingly in the crosshairs of sophisticated nation-state actors, and the time to prepare is now.
Dr. Beckett's remarks centered on the Salt and Volt Typhoon attacks, highlighting the growing threat posed by China and other nation-state adversaries. Her core message was one of community and collaboration. "The more we communicate and share information early and often, the more we can help act as a community to protect each other," she said, urging state, local, tribal, and territorial governments to strengthen their lines of communication with federal partners and the private sector.
Global Conflicts Have Local Consequences
One of the summit's recurring themes was the cascading effect of global geopolitical events on local government infrastructure. Dr. Beckett echoed this, noting that conflicts involving Russia, Ukraine, and Iran can send ripple effects down to the water systems, power grids, and transit networks that citizens rely on every day. She urged local officials to monitor international developments closely and adjust their cyber threat posture accordingly.
Why State and Local Governments Are Attractive Targets
Dr. Beckett pushed back against any assumption that state and local governments fly under the radar of foreign adversaries. Quite the opposite, she argued. These entities manage the infrastructure that touches everyday life, making them powerful psychological targets. A cyberattack that disrupts a city's water supply or takes down a citizen services portal sends a profound message to the public.
Beyond psychological impact, she noted that adversaries may perceive state and local governments as softer targets due to constrained budgets, limited 24/7 monitoring capabilities, and reliance on legacy technology. "Easier targets are always attractive for adversaries," she said plainly.
Potential impacts range from website defacement and denial-of-service attacks that take down citizen-facing portals, to more severe disruptions of critical infrastructure. While Dr. Beckett assessed large-scale attacks like power outages as significant escalations at this stage, she was clear that they should not be ruled out.
Hardening and Resilience: A Practical Path Forward
Dr. Beckett welcomed the inclusion of critical infrastructure security as a core pillar in America's recently released national cyber strategy, calling it a validation of the priorities she advocates for daily. She outlined practical steps for state and local leaders looking to strengthen their defenses.
First, she stressed the importance of consistent cyber hygiene, particularly patching internet-facing devices, which remain easy entry points for adversaries. Second, she called for robust, regularly exercised incident response plans that are integrated into broader business risk management rather than siloed within IT departments. "Let's stop talking about those like they're separate things," she said.
Her closing message was pointed and pragmatic: hardening systems and building resilience are not aspirational goals — they are operational necessities in a threat environment that is only growing more complex.