Whole of State/SLCGP Forum: Lessons from the Field

Since 2022, the Multi-State Information Sharing and Analysis Center^® (MS-ISAC^®) has convened state and local cybersecurity leaders monthly to exchange lessons learned from implementing shared services, whole-of-state strategies, as well as State and Local Cybersecurity Grant Program (SLCGP)-funded initiatives. Participation has spanned across all 50 U.S. states, the District of Columbia, and all five territories, with engagement from state (policy leaders, information technology (IT)/security, homeland security, emergency management), local governments and school districts, national associations, and federal partners.

Over time, these sessions evolved beyond program updates into a peer-driven community of practice. Participants now openly compare approaches, share implementation challenges, and discuss both successes and failures in operationalizing cybersecurity at scale.

Our white paper explores key insights that emerged from these candid discussions in 2025, including the following:

1. Execution is harder than design. Jurisdictions broadly agree on cybersecurity goals but struggle with implementation across diverse local environments.
2. Structural barriers outweigh technical obstacles. Cost share, procurement, staffing, and governance challenges are slowing progress more than technology limitations.
3. Peer learning is filling critical gaps. In the absence of consistent federal guidance, practitioners are relying on one another for actionable insight.