The US Cybersecurity and Infrastructure Security Agency (CISA) said on Monday that its cooperative agreement with the Center for Internet Security (CIS) will reach its planned end on September 30, 2025, a move CISA described in its announcement as reflecting a push to “strengthen accountability, maximize impact, and empower SLTT [state, local, tribal, and territorial] partners to defend today and secure tomorrow.”
John Gilligan, president and CEO of CIS, told The Register that the Department of Homeland Security and CISA had chosen not to renew federal funding that for the past 20 years supported the MS-ISAC, a program CIS estimated received about $27 million a year. Gilligan said CIS will move the MS-ISAC to a fee-based membership model to continue providing threat intelligence, best practices, monitoring and response services.
CISA said the decision is part of a “new model” to support state and local governments that will emphasize access to grant funding, no-cost tools and cybersecurity expertise. The Register reported it was unclear how cutting direct funding to programs intended to boost local cyber defenses would improve overall resiliency, and said CISA did not answer questions about whether the federal dollars would instead support existing state and local efforts including the State and Local Cybersecurity Grant Program or other free services such as Cyber Hygiene scanning.
The article noted that earlier this year the Department of Homeland Security cut funding for the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), which had been run by CIS and advised election officials. CIS’s website has since been changed to say the EI-ISAC Executive Committee is exploring options to continue support to election offices following federal funding cuts.
MS-ISAC, also operated by CIS, has provided a nationwide threat-intelligence network for state and local officials since 2003 and received the bulk of its funding from DHS. The Register said federal cuts in March removed about $10 million, roughly half the MS-ISAC budget, and that CIS has announced a fee-based model to support the program going forward.
Observers and officials cited in the article expressed concern that the ISAC funding cuts and broader budget and staff reductions at CISA could hinder rapid threat-sharing among states and raise risks to election security. It is also noted the federal government was expected to shut down on October 1 and that the 2015 Cybersecurity Information Sharing Act could lapse without new legislation.