Strengthening Critical Infrastructure: State, Local, Tribal and Territorial Progress and Priorities, Vol. 2, lays out several case studies, outlining how states are taking holistic approaches to cybersecurity in ways that scale while supporting small or rural communities. MS-ISAC points to best practices that include collaboration, statewide coordination and state leadership.
In Minnesota, cyber navigators connect state-level resources to local governments. In Ohio, a dedicated cybersecurity strategic adviser, named in 2022, coordinates state efforts. And in Oregon, peer-to-peer networks are fostered through the state’s Cybersecurity Center of Excellence.
Minnesota IT Services (MNIT) launched its Whole-of-State Cybersecurity Program in 2022, with goals including building mature cyber capabilities, collaborating and sharing information, and increasing participation in proven programs and services, according to the MNIT website. The state used State and Local Cybersecurity Grant Program funds to implement the program, which includes cyber navigators — liaisons from the Minnesota Fusion Center who work with local governments. The team focuses on helping participants with cyber hygiene, assessments and advice. The program had more than 560 participants in 2024, according to a Minnesota Digital States Survey*.
CyberOhio, stood up in 2017, is part of the Ohio governor’s office and coordinates cybersecurity strategy across state agencies and local governments. It, too, focuses on a whole-of-state approach. Led by a cybersecurity strategic adviser, it supports local governments through shared threat intelligence, a centralized integration center and grant funds. In June, the state passed a law requiring local governments to implement cybersecurity programming that includes training, response planning, assessment, remediation and cyber incident reporting. CyberOhio provides guidance and webinars as part of local outreach.
Oregon established its Cybersecurity Center of Excellence in 2023 to strengthen its whole-of-state approach to cybersecurity. Operated jointly by three state universities, it not only serves as a state-level advisory body but also provides training, services and workforce development tailored to local governments, schools, libraries and tribal entities. A core part of its mission is fostering peer-to-peer networks, where small and large jurisdictions can connect and share expertise, threat intelligence and best practices. The center is housed within Portland State University and provides information sharing, cybersecurity services, incident response and distributes funding to local partners.
These examples show how states are extending cybersecurity to local and rural communities. While the MS-ISAC report cautions that many local jurisdictions remain underfunded where cybersecurity is concerned, it also points to collaboration, coordination and leadership strategies to help stretch resources and improve resilience statewide.
*Note: The Digital States Survey is conducted by the Center for Digital Government, which is part of e.Republic, Government Technology's parent company.
