CISA Steps In as Federal MS-ISAC Funding Ends
▼ Summary
– CISA has ended its cooperative agreement with the Center for Internet Security, shifting to directly provide grants, tools, and expertise to SLTT governments.
– Federal funding for MS-ISAC has been cut, eliminating support for services like cyber threat analysis, incident response, and member onboarding.
– MS-ISAC will transition to a fee-based membership model to sustain core services, which may cause limited disruptions due to funding constraints.
– CISA will continue collaborating with MS-ISAC on information sharing but now offers SLTT governments direct access to cybersecurity grants and free services.
– The expiration of the Cybersecurity Information Sharing Act of 2025 and potential government shutdowns add uncertainty to the cybersecurity landscape for critical systems.
A significant shift in how state, local, tribal, and territorial governments receive cybersecurity support is now underway. The longstanding cooperative agreement between the Cybersecurity and Infrastructure Security Agency and the Center for Internet Security has officially concluded. This change means CISA will now directly provide grants, tools, and expert assistance to these government bodies, stepping into a role previously supported through the nonprofit.
The Center for Internet Security operates the Multi-State Information Sharing and Analysis Center, an organization dedicated to strengthening the cybersecurity defenses of SLTT governments. Its work involves coordination and enhanced communication to protect vital public infrastructure. The MS-ISAC has been a critical resource, delivering around-the-clock cyber threat intelligence and immediate incident response help. It also supplied various cybersecurity tools, published detailed reports and security advisories, and provided access to an annual self-assessment tool that helped organizations evaluate their security maturity.
For many years, a portion of the MS-ISAC’s operations received financial backing from the federal government via a cooperative agreement managed by CISA. However, on March 6, that federal funding was significantly reduced. According to an MS-ISAC statement, the government ended its financial support for ten distinct categories of work. These cuts impacted essential functions like cyber threat analysis and distribution, incident response services, comprehensive member onboarding and account management, and outreach activities such as webinars, training sessions, and both virtual and in-person meetings.
Certain services, including the Malicious Domain Blocking and Reporting service, the annual cybersecurity self-assessment program, and network security monitoring through Albert intrusion detection sensors, had their government funding partially maintained for a time. As of today, however, CISA is no longer providing any financial support for these or any other MS-ISAC operations.
CISA has stated it will maintain a collaborative relationship with the MS-ISAC, focusing on information sharing and joint projects, similar to its interactions with other information sharing groups. The agency clarified that SLTT partners using Albert sensors should continue to work directly with CIS/MS-ISAC for that specific service. Moving forward, state and local governments are directed to seek cybersecurity grants from the Department of Homeland Security through CISA. The agency will also offer free services for vulnerability management and phishing assessments, alongside regional expert advice, incident response coordination, and regular cyber defense updates.
John Gilligan, President and CEO of the Center for Internet Security, expressed his disappointment, noting that DHS and CISA decided not to renew the federal funding that for two decades had supported the MS-ISAC’s effective work in building security resilience for SLTT organizations. He described the MS-ISAC as the nation’s most successful public-private partnership and reaffirmed CIS’s commitment to the SLTT community as a nonprofit, nonpartisan entity.
To address the financial shortfall, CIS has been temporarily covering the cost of continued cybersecurity services from its own reserves. This situation is not sustainable long-term. The organization plans to secure the more than one million dollars per month required for these operations by transitioning to a new fee-based membership structure. CIS announced its intention to implement a membership model for core services and a fee-for-service model for non-core offerings. It warned that during this transitional phase, some MS-ISAC services might experience limited disruptions due to shifting priorities or funding constraints.
This transition occurs against a backdrop of broader challenges for federal cybersecurity efforts. CISA itself has faced recent budget and workforce reductions. Furthermore, the potential for a federal government shutdown this week introduces the risk of a funding lapse, casting uncertainty over the security of the critical systems that underpin the nation’s operations. Compounding these concerns, the Cybersecurity Information Sharing Act of 2025 is set to expire this month, and there is currently no indication that Congress will move to reauthorize it, posing another significant threat to the nation’s cyber defense framework.
(Source: HelpNet Security)
