4.23.25 – KATV – LITTLE ROCK
Arkansas’ state government is bolstering its cybersecurity capabilities as cuts to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and an executive order by President Trump have raised questions about potentially diminished federal support for state-level cybersecurity.
The Cybersecurity Act of 2025, signed into law April 8, expands the mission of Arkansas’ state cybersecurity office to standardize security measures across state agencies and respond to threats.
“We need to have a coordinated effort to ensure that we don’t have any gaps,” said State Rep. Scott Richardson, (R) District 13, who sponsored the Cybersecurity Act.
Until now, the cybersecurity of state agencies has not been coordinated, but increasing cyber threats and attacks on Arkansas agencies, businesses, and citizens now demand the state take the initiative.
“It’s always on the increase. The goal here is we’re trying to establish cybersecurity governance and cybersecurity framework and consolidation with a common set of cybersecurity standards,” said Arkansas’ Chief Information Security Officer, Gary Vance.
The new legislation was in the works over a year ago, but it couldn’t have come at a better time.
For years, Arkansas could count on CISA, but the federal agency is undergoing big job and budget cuts.
The Arkansas State Board of Election Commissioners was recently notified that the Department of Homeland Security is defunding CISA’s Elections Infrastructure Information Sharing and Analysis Center, potentially leading to serious ramifications and less coordination with the federal government on election security.
“The federal government is going through some changes, and CISA is affected by that as well. CISA has always been a good partner to Forge and the state when it comes to cybersecurity and physical risk,” said Lee Watson, CEO of the Forge Institute, an Arkansas-based nonprofit that provides technology and training for clients in defense, aerospace, and cybersecurity sectors. The Forge Institute runs the Arkansas Cyber Defense Center.
Accompanying the reduction in federal resources, President Trump in March signed an executive order indicating that his administration would scale back federal responsibility for state infrastructure, including cybersecurity, leaving it to the states to step up.
“While we are concerned about level of resourcing and that, I do think it’s time that more states really step up,” Watson told KATV.
And Arkansas is stepping up.
“We’re going to create a statewide cyber taskforce, positioned and ready to respond to a variety of cyber incidents,” Vance said.
Vance and Richardson say that the incident response team will also serve as a resource for counties and municipalities needing to beef up their cybersecurity.
“Just the first step that’s needed to bring our state into compliance across the board, presenting that great defense that the people of Arkansas desperately need,” Richardson said.
Vance told KATV that the plan is to start forming the incident response team in the summer and have a cybersecurity governance structure in place by the end of the year.