Nationwide, state-level cyber commands are playing a growing role in strengthening our nation’s overall cyber resilience. These commands – where threat intelligence is centralized and responses are triaged – are a reflection of the way states are stepping up and leaning in when it comes to securing critical data and infrastructure. They’re taking a larger role and working more with mission partners alongside federal government who can help them simultaneously drive security and resilience.
In support of this collaboration, GDIT is engaged in ongoing conversations to better understand how states are approaching these challenges. Through observing these efforts in places like Texas and Alabama, and running security operations in Virginia, we are operationalizing a number of best practices that other states would be wise to examine and adopt. Among them:
Cyber Defense Is Executed at the State Level
Cyber incidents most often impact systems owned, operated or regulated by states, including energy, water, transportation, healthcare, elections and emergency services. State cyber commands represent the operational front line where cyber defense is executed in real time, making them indispensable to national security.
State Cyber Commands Turn Strategy into Action
Federal cyber strategies and intelligence set direction, but states operationalize these priorities. State cyber commands translate policy into 24/7 monitoring, incident response, and coordinated recovery, ensuring national intent is realized at the operational edge.
A Federated Cyber Model Strengthens National Resilience
The U.S. cyber defense posture is inherently federated. Strong state cyber commands provide distributed resilience, limiting cascading failures and enabling mutual support across jurisdictions at the local level. This mirrors proven emergency management and homeland security models.
States Enable Trusted Public–Private Collaboration
Because most critical infrastructure is privately owned, states are uniquely positioned to convene trusted relationships among infrastructure operators, industry partners, academia and federal agencies. State cyber commands act as operational hubs for information sharing, joint exercises and coordinated response.
States Drive Operational Cyber Innovation
States often move faster than federal systems in piloting new cyber approaches, including cyber ranges, cross-sector exercises, AI-enabled detection and workforce experimentation. Successful state-led initiatives can scale across regions and inform national best practices.
Hybrid Workforce Models Are a Strategic Advantage
State cyber commands increasingly integrate National Guard, Reserve, civilian, academic and private-sector talent. This hybrid workforce model reflects the realities of the cyber talent market where persistent threats demand flexible staffing models and creates sustainable pipelines that benefit states, industry and national security.
Investment in States Reduces National Risk
Investments in state cyber capability directly reduce systemic national risk. Faster detection, coordinated response and improved resilience at the state level lower the overall cost and impact of cyber incidents across the nation.
Industry’s Role Is to Enable State Missions
From a GDIT perspective, industry success is measured by its ability to enable state cyber commands through scalable platforms, interoperable services and mission-focused tooling—while respecting state governance, authorities and operational ownership.
States taking a more active role in their cybersecurity posture and resilience is a good thing. Looking across those activities and sharing best practices outward (to other states and teams) and upward (to national agencies when appropriate) contributes to enhanced national security.
Systems integrators should, at minimum, be facilitators and enablers of this kind of information sharing. Accelerating it through technological expertise and capacity is what will have a transformative effect and safeguard critical information and infrastructure.
