March 15, 2026 • 

I attended and was a moderator for four sessions, and I was once again very impressed with this cyber summit for the level of available interactions and deep cyber discussions that took place between federal and state, local and education organizational leaders. I think these interactions are especially important at this time because of the ongoing war in Iran as well as the reality that the federal government will not be attending the RSA Conference this year in San Francisco that begins on March 23.

This blog is dedicated to exploring some of the top themes and messaging that came out of the event for 2026.

TOP THEMES AT BILLINGTON CYBER EVENT

Back in mid-February, the top themes coming into the summit were initially projected to be AI and critical infrastructure protection. These sessions covered these topics:

• Mar 10: Understanding Today’s Cybersecurity Adversaries —This panel of public- and private-sector experts explores how cyber adversaries are taking advantage of a climate that is more digitally connected and dependent upon smarter, automated and geo-dispersed functions.

• Mar 10: Getting Data Ready for AI — This panel will discuss the key steps in AI data preparation and why they are essential to effectively preparing data for use by AI systems.

• Mar 10: Protecting Software Supply Chains — Panelists examine the growing challenges of securing the software supply chain, discussing recent threats, emerging regulations, and best practices for ensuring transparency, trust, and resilience across the technology ecosystem.

• Mar 11: State of Cyber in Secondary Education — This session explores the current state of cybersecurity in secondary schools, where limited resources and growing digital dependence create unique challenges. Leaders will discuss recent incidents, evolving threats, and effective strategies for safeguarding student data, learning platforms, and administrative systems.

• Mar 11: Addressing Cloud Security Threats — Bad actors continue to find new vulnerabilities in the way that organizations are leveraging cloud technology. This panel of experts will explore learnings in terms of persistent cloud attack methodologies and how to mitigate them.

NEW FEDERAL CYBER STRATEGY STEALS THE SHOW

Nevertheless, the release of President Donald Trump’s Cyber Strategy for America, announced on March 6, 2026, as well as the cyber implications regarding events surrounding the conflicts in the Middle East, became the top takeaways from the summit, in my opinion.

Here is some of the press coverage of National Cyber Director Sean Cairncross’ words on the new strategy:

GovCIO Media: National Cyber Strategy Moves Beyond Reactive Cyber Defense — “National Cyber Director Sean Cairncross said the strategy prioritizes deterrence, infrastructure security and faster information sharing.”

Cybersecurity Dive: Trump administration will test infrastructure cybersecurity approaches in pilot program

“The goal of the pilot programs is to ‘make sure that we can deploy new technology much more quickly than we’ve done in the past,’ National Cyber Director Sean Cairncross said on Monday during an event hosted by USTelecom.

“The White House is still inviting states and businesses to apply to participate in the program, but Cairncross said confirmed participants include the water sector in Texas, the beef industry in South Dakota and rural hospitals in unspecified states.”

TheNational: US to take on nations that carry out cyber attacks, White House adviser says — “Several weeks before the strikes on Iran, cyber security company Acronis warned that its experts had discovered a new malware campaign aimed at supporters of protests throughout the country.

“Months before, FBI assistant director Brett Leatherman said that he was seeing increased attack attempts against US digital infrastructure from Iran, adding that any successful cyber attack affecting critical technology systems would probably be considered an act of war.

“In its 2025 digital defense report, Microsoft also warned about cyber crime originating from Iran.”

One more. I moderated a panel on Salt Typhoon and Volt Typhoon attacks and lessons learned, but we also covered the current Iranian cyber threats from the perspective of multiple states and the FBI. This Government Technology article was released on Thursday, March 12, after the Billington event was over: Stryker Cyber Attack Raises Concerns for State and Local Govt.:

“State, local, tribal and territory (SLTT) governments continue to raise questions about what effects the war in Iran could have on U.S. cybersecurity, and on Thursday discussed takeaways from the March 11 cyber attack on Stryker.

“The attack, confirmed as a global disruption to Stryker’s Microsoft environment and claimed by Iran-linked Handala, was a touchpoint for those on a Thursday call with the Multi-State Information Sharing and Analysis Center (MS-ISAC). Cybersecurity advisers have been taking the lead on membership calls to address concerns stemming from the Iran war.

“MS-ISAC analysts said afterward that the Stryker attack was of concern for various reasons. Iranian and Iran-linked hackers often attack the health-care sector, in which SLTTs have ownership. Those hackers also target public schools and municipally owned critical infrastructure.”

Dan Lohrmann

NEW CISA ACTING DIRECTOR ANDERSON FIRESIDE CHAT

CISA’s new Acting Director Nick Anderson also spoke at the event, and as the former CISO for Vermont, Nick did a great job of articulating the importance of the new cyber strategy to state and local governments and others.

I wrote this post on that session on LinkedIn. Here is an excerpt: “I was impressed with the comments by Nicholas Andersen, who is the Acting CISA Director, at the Billington State and Local CyberSecurity Summit yesterday morning. Really nice job.

“Nick Andersen was the CISO in Vermont, and he understands the state and local cyber challenges better than most. He is smart, articulate, precise and even funny. It was great to catch up with him after his remarks.

“His main points were to highlight the president’s new cybersecurity strategy, which I will write about more this weekend.”

FINAL THOUGHTS

C-SPAN also covered the Billington event, and the session on federal, state and local cybersecurity partnerships can be seen on C-SPAN here.

I also want to highlight other coverage of the Iran cyber threat. Here is an article from the Associated Press: Iran-linked hackers take aim at US and other targets, raising risk of cyberattacks during war.

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.