Key Takeaways
- Foundational cyber hygiene—such as asset inventory, patch management, and strong identity controls—remains the most effective defense against both conventional and AI‑enhanced attacks.
- The CIS Critical Security Controls, beginning with hardware and software asset inventories, provide a layered‑defense baseline that mitigates a large proportion of threats.
- Phishing‑resistant multifactor authentication and continuous verification of user behavior are essential to counter identity‑based exploits, including deepfake‑driven scams.
- Organizations should institutionalize verification processes (e.g., “slow‑down” checks, out‑of‑band confirmation) for high‑risk requests like fund transfers or data moves.
- AI lowers the technical barrier for attackers, enabling unsophisticated actors to launch high‑volume, low‑skill campaigns; defending against them hinges on mastering the basics rather than chasing exotic tools.
- Simple, low‑cost actions—such as routine Active Directory health checks using free tools—can yield outsized risk reduction and should be funded as part of national‑security‑level cyber programs.
- Collaboration through ISACs, MS‑ISAC, and public‑private partnerships offers SLTT governments the shared intelligence, resources, and scalability needed to keep pace with evolving threats while also leveraging AI to improve service delivery.
Overview of the ISAC Annual Summit and Core Concerns
The 2026 ISAC Annual Summit, co‑hosted by the Multi‑State Information Sharing and Analysis Center (MS‑ISAC) and e.Republic’s Government Technology, convened state, local, tribal, and territorial (SLTT) cyber practitioners to discuss how defenders can stay ahead of criminals who are increasingly weaponizing publicly available AI platforms. Throughout panels and Q&A sessions, a recurring question emerged: “What can we do to keep our systems safe?” Attendees expressed worry that adversaries now operate at higher volumes, faster speeds, and broader reconnaissance, seeking the weakest links in government networks. The summit framed the conversation around balancing traditional security fundamentals with the new realities introduced by AI‑driven tactics.
Emphasis on Foundational Cyber Hygiene and CIS Controls
Randy Rose, vice president of security operations and intelligence at the Center for Internet Security (CIS), reminded participants that mastering the basics is non‑negotiable, even though those basics are far from simple. He pointed to the CIS Critical Security Controls as a proven layered‑defense model, noting that getting them right mitigates an astonishing number of attacks—including many sophisticated ones. At the top of the list sits inventory control: first tracking hardware assets, then software assets. Panelists agreed that while this work may lack glamour, it underpins supply‑chain security, endpoint management, and the ability to safely integrate new systems. Knowing exactly what resides in an environment creates a trustworthy baseline from which additional defenses can be layered.
Identity Management and Phishing‑Resistant MFA
Minnesota Chief Information Security Officer John Israel highlighted that many contemporary threats are identity‑centric, making identity and access management a priority for his state. He advocated for phishing‑resistant multifactor authentication (MFA) as a cornerstone control, supplemented by behavioral validation and human oversight to discern malicious activity. Israel stressed that even when attackers employ deepfakes or social‑engineering lures, a strong identity foundation—combined with step‑up verification—can thwart attempts to hijack credentials or impersonate trusted users. His guidance linked directly to concerns about deepfake emails, voice calls, and video calls that seek to trick employees into divulging secrets or authorizing fraudulent actions.
Addressing Deepfakes and Social Engineering Threats
Deepfakes were identified as a growing vector for impersonating executives, vendors, or other trusted parties to manipulate employee to move large sums of money quickly. Israel advised a simple but effective tactic: when faced with an urgent‑sounding request—especially one involving money or data—pause, verify the request offline, and consult the appropriate chain of command or the original sender via a known channel. He noted that robust institutional processes around releasing funds, data, and bank payments already exist in many states; leveraging those processes and empowering employees to question anomalies creates a human firewall that complements technical controls. The core message was to treat “urgent” as a red flag rather than a green light.
The Evolving Threat Landscape with AI‑Enabled Actors
Former black‑hat hacker Hector “Sabu” Monsegur delivered a keynote that reframed the adversary profile: AI tools have lowered the skill ceiling, enabling teenagers and technically unsophisticated actors to launch automated scans for low‑hanging fruit. Monsegur warned that while these attackers may lack deep technical expertise, their volume and speed can overwhelm unprepared defenses. He cautioned that adversaries seeking intellectual property or political impact will still invest heavily, but the bulk of the threat landscape now consists of opportunistic, AI‑augmented actors looking for easy wins. Consequently, covering the fundamentals—patch levels, configuration hardening, and access controls—remains the most reliable way to deter such actors, as they will likely move on to softer targets.
Practical, Low‑Cost Defensive Measures
Monsegur offered a concrete, inexpensive recommendation: routinely assess Active Directory (AD) environments using freely available tools. He estimated that an hour of work—valued at $50 per hour for many IT staff—could prevent millions of dollars in potential breach costs by uncovering misconfigurations, excessive privileges, or dormant accounts, if left unchecked. From a national‑security perspective, he argued that every SLTT entity—from small town largest metropolis—plays a role, and sustained funding for ISACs and similar sharing hubs is vital. These organizations extend resources to jurisdictions that lack the budget for advanced tooling, ensuring a more uniform baseline of protection across the country.
Opportunities and Collaborative Outlook for SLTT Governments
John Israel closed his remarks by reframing AI not solely as a risk but also as an opportunity to enhance how governments serve residents. He urged attendees to view AI through the same lens used for past technological shifts—recognizing both the hazards and the potential to build smarter, more responsive programs that operate in real time. By strengthening partnerships with MS‑ISAC, leveraging shared threat intelligence, and investing in foundational controls, SLTT governments can simultaneously harden their defenses and harness AI to improve service delivery, incident response, and resilience. The summit’s overarching message was clear: while the threat environment evolves, the path forward remains rooted in disciplined cyber hygiene, coordinated information sharing, and a willingness to adapt proven practices to new challenges.