As cyber threats against critical infrastructure accelerate and AI (artificial intelligence) lowers the barrier for sophisticated attacks, concerns are growing over the erosion of federal support mechanisms that help state and local governments defend essential services. U.S. Senator Mark Warner is seeking to reverse that trend through new legislation that would restore and permanently fund the Multi-State Information Sharing and Analysis Center (MS-ISAC), a key cyber threat intelligence and incident response resource used by approximately 19,000 state, local, tribal, and territorial (SLTT) organizations.
Titled ‘Guaranteeing Universal Access to Cybersecurity Act,’ the proposal comes amid warnings that the loss of federal funding weakened information sharing, increased cybersecurity disparities among smaller jurisdictions, and left critical sectors such as energy, water, healthcare, and public services more exposed to emerging cyber risks.
“Critical infrastructure owners, operators, law enforcement, and SLTT leaders are worried; they need CISA back to full strength, and soon. I am working to restore CISA and the federal government’s leadership to protect our critical infrastructure, and I hope you will join me,” Warner wrote in a media statement.
He added, “I am introducing legislation to restore CISA and the federal government’s full capability to protect our critical infrastructure by reinstating and expanding federal funding for the MS-ISAC. This will ensure states, localities, Tribes, and territories can access the tools and information necessary to protect their critical infrastructure.”
Additionally, Warner wrote, “I would like you to join me in convening Governors and leading AI companies to understand AI’s risks to critical infrastructure and how to use the same technology to defend against them.”
The Guaranteeing Universal Access to Cybersecurity Act would direct the Cybersecurity and Infrastructure Security Agency (CISA) director to agree with the group that runs MS-ISAC, the Center for Internet Security, to provide no-cost cybersecurity services, cyber threat intelligence collection and dissemination, and technical assistance to SLTT organizations.
It also directs the director to conduct additional outreach to restore MS-ISAC membership to those lost during the defunding and expand access to SLTT entities not previously members of MS-ISAC, serve critical infrastructure sectors, and maintain data sharing with the FBI to enhance the national cyber threat intelligence ecosystem. Furthermore, it directs CISA to report to Congress on the number of re-enrolled and new members of MS-ISAC, and any barriers to participation. It also mandates $50 million for FY27 and each fiscal year thereafter to support MS-ISAC.
Under the proposed legislation, the CISA, in coordination with the MS-ISAC, would be required to develop and implement a plan within 60 days of enactment. The plan would identify SLTT entities and critical infrastructure operators that were previously MS-ISAC members but did not re-enroll after the organization shifted to a fee-based membership model. CISA and MS-ISAC would then conduct targeted outreach to restore their participation.
The plan would also identify former members who remain enrolled under the fee-based model and undertake outreach efforts aimed at retaining their participation. In addition, CISA and MS-ISAC would identify SLTT entities and critical infrastructure operators that have never joined the center but face elevated cyber risks due to limited cybersecurity resources. Those organizations would be targeted for outreach designed to encourage membership and greater participation in cyber information-sharing activities.
The legislation further directs CISA to provide technical assistance and cybersecurity capacity-building support to eligible SLTT entities, including through partnerships with governments and organizations that possess more advanced cybersecurity capabilities.
The proposal would also require the CISA director to submit a report to the appropriate congressional committees within one year of the bill’s enactment. The report would detail the implementation of the program, including the number of SLTT entities that re-enrolled in the MS-ISAC, as well as the number of new members that joined the organization after the law took effect. It would also identify any remaining barriers that continue to limit participation in the information-sharing program.
To support these efforts, the bill would appropriate $50 million annually beginning in fiscal year 2027. The funding would remain available until expended and would be used to carry out the program’s cybersecurity information-sharing, outreach, and capacity-building activities.
In a letter to Markwayne Mullin, Department of Homeland Security Secretary, Warner urged the reversal of what he described as a retreat from federal cyber defense responsibilities, warning that critical infrastructure faces growing threats from adversaries and criminals using AI-enabled tools to identify and exploit vulnerabilities.
He called on DHS to strengthen CISA by restoring its budget, rebuilding its workforce with experienced cybersecurity and critical infrastructure experts, and immediately reinstating the agency’s funding agreement with the MS-ISAC, which he described as a key step toward improving national cyber resilience.
Warner argued that the cancellation of MS-ISAC funding has weakened national security while imposing unexpected financial burdens on state, local, tribal, and territorial governments. He said many communities, particularly smaller and rural jurisdictions, lack the resources to participate in MS-ISAC without federal support, reducing access to shared threat intelligence and coordinated defense efforts.
According to Warner, the loss of funding has increased information silos and undermined collaboration needed to protect the critical infrastructure systems that support the nation’s security, economy, public health, and safety.
In a letter to governors, Warner warned that critical infrastructure across the country faces growing threats from adversaries increasingly using artificial intelligence to conduct cyberattacks capable of disrupting national security, economic activity, and public health.
He argued that shortcomings in federal leadership have increased the importance of state-level action and urged governors to work closely with regional partners, local officials, and critical infrastructure operators to assess vulnerabilities, review their tolerance for operational risks associated with remediation efforts, and strengthen defenses against cyber intrusions and attacks.
Warner also highlighted potentially cascading consequences of successful attacks on critical infrastructure. He noted that a disruption to the power grid could disable water treatment facilities, shut down hospitals and schools, create widespread disruption, and potentially result in loss of life. He further warned that AI has lowered the barrier to entry for sophisticated cyberattacks, contributing to a rise in both the frequency and scale of ransomware incidents.
He outlined several actions that governors can take immediately to strengthen the security of critical infrastructure. He recommended convening regional working groups that bring together state officials and critical infrastructure owners and operators to establish the tools, expertise, and communication channels needed to deploy advanced technologies capable of identifying, remediating, and anticipating cyber risks. He also urged states to conduct comprehensive critical infrastructure audits to identify the most vulnerable operators and allocate funding to address security gaps.
In addition, Warner called on governors to increase engagement with regional information-sharing organizations, including fusion centers, to improve threat intelligence sharing and incident coordination. He encouraged states to identify critical infrastructure operators that lack basic cybersecurity capabilities and facilitate partnerships or funding mechanisms to help them achieve a defensible security posture.
Warner also urged governors to advocate for adequate funding and staffing for federal agencies that work with state and local governments and critical infrastructure operators to protect U.S. critical infrastructure from cyber threats.
