The cooperative agreement between the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the not-for-profit Center for Internet Security is ending today, the agency has announced on Monday, and CISA will take it upon itself to offer support to US state, local, tribal, and territorial (SLTT) governments by way of grants, tools, and cybersecurity expertise.
MS-ISAC funding cut leaves core services intact but trims key support
The Center for Internet Security (CIS) runs the Multi-State Information Sharing and Analysis Center (MS-ISAC), whose mission is to “improve the overall cybersecurity posture of SLTT government organizations through coordination, collaboration, cooperation, and increased communication.”
It provides 24x7x365 cyber threat intelligence and incident response assistance; cybersecurity tools and services; reports and advisories; access to an annual cybersecurity self-assessment to review organizations’ cybersecurity maturity; and more.
MS-ISAC was, until recently, partially funded by the U.S. federal government through the above mentioned cooperative agreement administered by CISA. Unfortunately, on March 6, that funding has been partially cut.
“The federal government cancelled funding to ten categories of work affecting MS-ISAC operations, including cyber threat analysis and threat distribution, incident response services, a wide range of member onboarding and account management support, and outreach activities including webinars, training, and virtual and in-person meetings,” MS-ISAC explained.
MS-ISAC’s security operation center will continue to be partially funded by the U.S. government, and so will:
- The operation of the Malicious Domain Blocking and Reporting (MDBR) service
- The annual cybersecurity self-assessment (NCSR) program, and
- The network security monitoring capabilities and services provided through Albert intrusion detection sensors.
Cyber support for local governments enters uncertain phase
“CISA will continue to collaborate with the Multi-State Information Sharing and Analysis Center (MS-ISAC) on information sharing and joint products, consistent with its engagement across the broader ISAC community. SLTT partners that use Albert sensors should continue to coordinate directly with CIS/MS-ISAC for that service,” the Agency has noted.
But SLTT governments should now turn to CISA for cybersecurity grants from the Department of Homeland Security (DHS), free services and tools for vulnerability management, phishing assessments, and more, as well as (regional) expert advice, incident response coordination help, and cyber defense updates via bi-monthly SLTT SOC calls.
“The Center for Internet Security has been informed that the DHS and CISA have chosen not to renew federal funding that for the past 20 years has supported the MS-ISAC’s highly effective work to increase the security resilience for SLTT organizations,” John Gilligan, President and CEO of CIS, told Help Net Security.
“The MS-ISAC, operated by CIS, has been this nation’s most successful public-private partnership. While we are disappointed by this decision, as a nonprofit and nonpartisan organization, CIS remains committed to the SLTT community.”
While CIS has been temporarily funding the continuation of cybersecurity services from their own pocket, the situation is untenable, and it will try to get the $1+ million per month needed for those operations through a new fee-based membership model.
“We are expecting to implement a membership model for core services and a fee-for-service model for non-core services. During this interim period there may be limited disruptions to various MS-ISAC offerings due to shifting priorities or funding constraints,” CIS noted on its website.
With CISA having already suffered budget and workforce cuts, and a potential lapse in funding if the federal government shuts down this week, the cybersecurity of the systems “that keep America running” is by no means assured.
The fact that the Cybersecurity Information Sharing Act of 2025 is expiring this month and there’s currently no indication that it will be reauthorized by the US Congress is just another potential nail in the coffin.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
