For more than two decades, the Multi-State Information Sharing and Analysis Center (MS-ISAC) has provided no-cost cybersecurity support through its federal funding, authorized by Congress via a contract with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. Its membership as of May included more than 18,000 state, local, tribal and territorial governments, according to a recent report. Among its offerings are threat intelligence, cybersecurity tools, a security operations center, a 24/7 assistance line, professional development and collaborative information sharing. It is part of the Center for Internet Security.
The MS-ISAC’s website attributes the shift to a fee-based model “to significant decreases in federal funding.” The Center for Internet Security has temporarily covered the cost of services since March, but this support will also end without a paid membership. The website explains that the move is intended to create a “sustainable, member-driven approach” that ensures these services remain available to governments nationwide. Membership dues are tiered, based on entity size.
“You know, when we were under the federal funding model any local government could join at no cost,” Robert Beach told Government Technology in August. He is an MS-ISAC executive committee member and chief technology officer for the city of Cocoa, Fla.
“However, I’m afraid that we’re going to lose those under-resourced organizations that may not have the capabilities to pay for membership, or they may just not even be aware that’s available to them. So, it’s a challenge. ... Larger organizations are constrained as well, but often better resourced when it comes to personnel and funding.”
In 2024 alone, MS-ISAC detected more than 43,000 potential cyber attacks, blocked more than 59,000 malware and ransomware incidents, prevented 25 billion connections to malicious sites and stopped 5.4 million harmful emails, according to its May report. These numbers represent SLTTs that operate resident services but also hospitals, airports, water plants and other services that can touch multiple municipalities and operations. While many states and universities are working on whole-of-state and cybersecurity networks such as regional security operations centers or centralized cyber agencies, MS-ISAC helps uniformly bridge federal and local efforts.
“I really do think that the most important thing on getting the word out is word of mouth and advocating for additional funding,” Beach said, “letting others know that MS-ISAC is still here and you can join, that you can still participate and still benefit from it.”
