Federal Government Acknowledges End of MS-ISAC Support

The Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that its cooperative agreement with the Center for Internet Security is at its conclusion, putting an end to any remaining hope for a renewal of federal funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC).

Until this year, the MS-ISAC provided free cybersecurity resources to roughly 19,000 members spread throughout the U.S. public sector, the vast majority of which were at the state, local, tribal and territorial government levels. It did this in large part through the funding it received through the U.S. Department of Homeland Security. Last year, that funding amounted to $27 million, which came out of Homeland Security's $100 billion budget.

The funding, however, was not present in Public Law 119-21 — known as the One Big Beautiful Bill Act — when it was passed and signed into law this year by President Donald Trump. Advocates for the MS-ISAC had hoped federal lawmakers would reconsider and decide to continue funding the MS-ISAC, saying its two-decade track record and long-standing relationships with other agencies made it a foundational piece of the nation's local cybersecurity.

Monday's acknowledgement, however, officially puts an end to those hopes.

The ending of this relationship is part of a larger, anticipated shift in how the federal government supports state, local, tribal and territorial partners. CISA, which is part of the U.S. Department of Homeland Security, specifically said it “has transitioned to a new model” to align federal resources with state and local cybersecurity needs.

According to CISA's update, the agency will continue to support cybersecurity at other levels of government through access to grant funding, no-cost services including vulnerability management and phishing assessments, cybersecurity performance goals, and guidance from regional advisers. The agency will also host bimonthly calls and coordinate incident response services. It lists its top three resources for state and local governments as connecting with a regional cybersecurity adviser, signing up for cyber hygiene services and performing a cyber performance goals assessment.

The Center of Internet Security's MS-ISAC has traditionally been a cybersecurity conduit between the federal government and government agencies of other levels across the country, offering services funded through CISA. But the federal government has now stopped funding the MS-ISAC, and as such, its managers have moved it to a paid-membership model.

The Center for Internet Security plans to further outline the change during an Oct. 7 webinar.