Federal funding for state and local governments’ main cybersecurity resource expired on Wednesday following the Trump administration’s decision to eliminate it, signaling major security risks ahead for tens of thousands of jurisdictions across the United States that will lose the group’s suite of vital cybersecurity services.
The Multi-State Information Sharing and Analysis Center (MS-ISAC), part of the Center for Internet Security (CIS), operated for 21 years under a cooperative agreement with the Department of Homeland Security that effectively subsidized its services for state and local governments, making it an essential resource for localities that couldn’t afford pricey contracts with top-tier cybersecurity vendors.
President Donald Trump’s administration severed that longstanding and widely praised relationship, first by revoking some of its funds earlier this year and then by letting the rest expire with the end of the fiscal year at midnight. The administration called the MS-ISAC’s services redundant, a characterization that the group, its members and independent experts universally reject, with some noting that it accounts for the vast majority of the government’s visibility into threats at the local level.
The MS-ISAC expects to retain enough paying members to continue providing its services, but overall is set to lose two-thirds of states and thousands of local governments — organizations in dire need of help as they confront increasingly aggressive nation-state and criminal hackers.
The security of U.S. critical infrastructure could suffer as the local governments that operate schools, hospitals, electric utilities and water supplies lose access to vital cybersecurity support. State and local governments increasingly have faced cyberattacks from foreign governments and cybercriminals in recent years, with some intrusions disrupting essential services.
“By defunding the MS-ISAC, Trump and Congress have done more to aid our enemies than they could have achieved themselves,” said Paul Rosenzweig, a former DHS official who joined other cyber experts in trying to save the group’s funding. “State and local governments are the front line of cyber defense. Eliminating funding that assists them in fighting against cyber intrusions is a self-inflicted wound.”
Unexpected animus
The midnight expiration of federal support was the culmination of a monthslong saga of woes for the MS-ISAC, which entered the year with no reason to believe that its $48.5 million annual funding agreement with DHS was at risk. In February, the Trump administration withdrew roughly $1 million of that funding to effectively shut down an MS-ISAC subgroup dedicated to election security. In March, the administration revoked an additional $10 million for MS-ISAC work that it said was redundant and “no longer effectuate[d] [DHS] priorities.” And in August, the government barred recipients of funds from the State and Local Cybersecurity Grant Program (SLCGP) from spending the money on MS-ISAC memberships.
The $10 million cut had “a very dramatic impact on what MS-ISAC was able to do,” said Robert Beach, the chief technology officer for the city of Cocoa, Florida, and a member of the MS-ISAC’s executive committee. The cut affected member outreach efforts, the group’s annual meeting and some of its threat intelligence services, he said. The government’s action prompted CIS to step in with $1 million in monthly emergency funding.
DHS’s argument that the MS-ISAC’s services were redundant was “clearly a mistake,” said CIS president and CEO John Gilligan. “There’s no rationale based on facts that supports their conclusion.” The fact that local governments are now trying to spend their own limited dollars on MS-ISAC memberships is “prima-facie evidence that this [organization] is not duplicative,” he added.
More than 90% of the state and local threat intelligence that the Cybersecurity and Infrastructure Security Agency (CISA) distributes comes from the MS-ISAC, said Beach, who called the group a vital “clearinghouse for cybersecurity capabilities and threat intel” for local governments. “I’m not sure that that is something CISA will be able to pick up, especially with the cuts that they’ve experienced within their own organization.”
The government’s dismissal of the MS-ISAC’s value stemmed from a rushed spending analysis by Elon Musk’s Department of Government Efficiency that relied on artificial intelligence, according to Gilligan. He said he responded by sending CISA leaders a detailed rebuttal but never heard back. “I think they were afraid to get in front of the train.”
The MS-ISAC continues to have conversations with Trump administration officials and with congressional staffers who want to understand the impact of the cuts, Gilligan said. Outside advocates for the group are also talking to policymakers. The National Association of Counties has been on Capitol Hill “meeting with different member offices and really emphasizing the importance of this funding,” said Seamus Dowdall, the group’s legislative director for telecommunications and technology.
As for CISA, Dowdall said, “They’ve let us know that they’re working on new resources that may be available to localities.”
CISA declined to comment on those new resources. But on Monday, the agency touted its existing offerings — including vulnerability scans, phishing assessments, coordination calls and access to regional advisers — and said its decision to end MS-ISAC funding was part of a transition meant to “strengthen accountability” and “shared responsibility nationwide.”
In practice, a CISA employee said, the agency is offering “nothing new” in the near future “to offset the loss of the free stuff from the MS-ISAC.”
“We are nudging [state and local government] organizations toward the SLCGP to offset the new costs until CISA puts some products out,” said the employee, who requested anonymity to speak freely.
Gilligan said CIS was “disappointed” in the government’s decision to abandon the MS-ISAC, which he called “this nation’s most successful public-private partnership.”
Tidal wave of lost MS-ISAC members
To fill the void left by expired federal funding, the MS-ISAC will begin raising its membership fees. The lowest price tier, for members with budgets under $25 million, will rise to $1,495 a year, a $500 increase. The four other price tiers will increase by between $1,500 and $12,495.
State governments can sign up for statewide memberships that cover all of their local jurisdictions, or cheaper memberships that cover only state-level agencies. Many local governments have told the MS-ISAC that they’re waiting to see what their state governments choose, but Beach said he’s encouraging fellow local leaders “not to wait for their state to join,” because the MS-ISAC will refund them if their states end up doing so.
CIS is also offering discounted and free memberships to local governments that demonstrate severe funding constraints.
Membership fees will cover the MS-ISAC’s core services, including threat analysis and information sharing; a security operations center (SOC) that assists with incident response; best-practices documents; online collaboration forums; security maturity assessments; and technical offerings such as intrusion-detection sensors and protective DNS. The group will continue to charge extra fees for its non-core offerings, including CrowdStrike endpoint detection and response software and a vulnerability-analysis service.
The new fees have already shaken up the MS-ISAC’s member base. Roughly one-third of states are “on the path to sign up,” Gilligan said, but “two-thirds, right now, are saying it’s too expensive.”
Meanwhile, approximately 2,000 local governments have signed up, but many others have balked at an increase in a fee that was already too high for them. “We had close to 19,000 members” before the federal cuts, Beach said. “We won’t be back to that level.” Still, he said there has been “a significant uptake” at the local level.
‘Moving in the wrong direction’
The Trump administration’s elimination of MS-ISAC funding will disproportionately hurt small, impoverished jurisdictions that were struggling with both finances and cybersecurity even before the administration began slashing grants.
“The ones that need [our] resources the most — the under-resourced local governments — are the ones that are going to be the most hard-pressed to pay,” Beach said. Many small localities can’t afford in-house cyber defenders, he said, and now most of them will probably also have to forfeit the MS-ISAC’s outside help.
Local governments have relied on the MS-ISAC for everything from threat intelligence and webinars to annual cybersecurity assessments and outsourced SOC functions, Dowdall said. During the 2024 CrowdStrike outage, the group provided counties with “up-to-the-minute information” about the effects of the incident. County leaders who “saw the [MS-ISAC’s] impact on the ground” are now filled with “a lot of uncertainty,” according to Dowdall.
In recent years, the MS-ISAC used federal funding to prioritize support for cash-strapped communities. With that resource gone, Gilligan said, “my biggest concern” is that those jurisdictions won’t get the support they need.
“We used to get a couple thousand organizations per year who would sign up new,” Gilligan said. Now, “we’re actually moving in the wrong direction.”
The membership decline could hurt the remaining members, too, if the MS-ISAC can’t continue to provide the same level of service.
The group believes it may fall short of its funding goals in early 2026 but will recover later in the year as states find the money to join.
But the value of the group’s most important service, its information-sharing platform, depends on the amount of information being reported, and fewer members means fewer reports. Gilligan acknowledged there might be a small drop in “the quality of what we’re able to produce.”
CISA said on Monday that it will still collaborate with the MS-ISAC on information sharing and guidance documents, although the nature of that modified partnership remains unclear.
Uncertain transition period
To avoid causing major disruptions, the MS-ISAC won’t immediately drop state and local members that can’t pay.
“We’re not going to turn everything off” on Wednesday, Gilligan said. “We’ll continue to provide support for the essential services for probably a month or two.”
It remains unclear if CISA or other agencies plan to increase their state and local support. But in the meantime, Beach said, critical infrastructure could soon be “far more exposed than it already is.”
The MS-ISAC can’t easily be replaced, its leaders said. “It’s a trusted partner and always has been,” said Beach, “whereas the federal government may not [always] be as well received.”
The MS-ISAC has become “a highly effective facilitator in terms of collaboration, communication [and] sharing threats,” Gilligan said, “which helps accelerate the defense of the nation.”
But with that collaboration now unavailable to many local leaders, they are anxiously debating how to proceed.
“There’s been a lot of discussion,” Dowdall said, “about what the future looks like.”
