For more than two decades, the MS-ISAC provided no-cost cybersecurity support to American government organizations — totaling more than 19,000 members at its peak — through federal funding that was authorized by Congress via the Department of Homeland Security. That support ended in September as part of a larger shift in which states are expected to now fund and control cybersecurity.
States can now purchase MS-ISAC memberships that extend support from the network to all of their internal state agencies, as well as to local governments, school districts and other public-sector organizations within their borders. States and municipalities can also pay for individual support, with 13 states in addition to the 11 having purchased memberships that cover their state agencies. The exact cost varies by size of jurisdiction.
Among the 11 states to sign up for statewide support so far are Texas, Kansas and Mississippi.
Jay White, Mississippi’s chief information security officer, said paying for the MS-ISAC membership gives continuity of support to the members in Mississippi that have already been using its services. He said Mississippi has participated in MS-ISAC since the early 2000s, and he views the program as part of a broader approach to shared cybersecurity coordination.
“One of the strongest aspects of MS-ISAC is being able to focus on the government aspect of cyber and provide information that was tailored toward state government,” White said.
Essentially, statewide membership allows smaller and less-resourced government entities to access services they might not be able to pay for on their own.
It is possible that membership will continue to grow. Carlos Kizzee, the vice president of MS-ISAC strategy and plans, said many public-sector organizations are currently navigating funding and budget cycles. But eligibility does not automatically translate to adoption, and officials said states are watching to see how widely services are used.
Meanwhile, Kizzee said that “we currently have not off-boarded any members” and that MS-ISAC continues to evaluate services and member needs during an ongoing transitional period. Previously, all programming was funded through the Department of Homeland Security with Center for Internet Security oversight.
Mississippi’s Department of Information Technology Services completed its sole-source certification in September, covering at least one year, and will continue to evaluate how membership is being used across the state.
“Because the updated MS-ISAC membership models were introduced after our state’s budgeting cycle, we haven’t yet finalized a long-term budget strategy,” White said. “In addition, MS-ISAC continues to refine its membership options, service offerings and pricing. As those details become clearer, we expect to be in a much better position to determine the option that delivers the greatest value and benefit to the state.”
