MS-ISAC loses federal support

The Multi-State Information Sharing and Analysis Center, which has supported the cybersecurity operations of state and local governments since its creation in 2004, has lost its federal funding and cooperative agreement, a Cybersecurity and Infrastructure Security Agency spokesperson confirmed with StateScoop on Tuesday.

The news, first reported by freelance reporter Eric Geller, follows the Department of Homeland Security last month severing support for the Elections Infrastructure ISAC. A representative from the Center for Internet Security, the Upstate New York nonprofit that operated both information-sharing bodies, was not immediately available to comment.

“This action will save taxpayers approximately $10 million a year, focus CISA’s work on mission critical areas, and eliminate redundancies,” the CISA spokesperson wrote in an emailed statement. “CISA has terminated federal funding for several activities under a cooperative agreement with the Center for Internet Security (CIS). The agency is committed to good stewardship of taxpayer dollars.”

The spokesperson went on to say that the work of the EI-ISAC and the MS-ISAC “no longer effectuates department priorities.”

State and local government officials have for years praised the resources provided by both organizations, which included intelligence briefings on emerging cybersecurity threats, notices on the latest security patches, incident response support, penetration testing and hundreds of Albert sensors, devices that help election administrators detect anomalous network activity.

New Mexico Secretary of State Maggie Toulouse Oliver told StateScoop last month that the loss of the EI-ISAC was “a bit hit” to her office’s efforts to safeguard elections. At that time, DHS spokesperson affirmed that the MS-ISAC’s support would not be disrupted. The CISA spokesperson on Tuesday explained that the services provided by both of the nonprofit’s groups are redundant with other services offered directly by CISA.

State chief information officers have told StateScoop they have relied on the MS-ISAC to provide wider visibility of the threat landscape and to share information about cyberattacks with other states. In 2020, the MS-ISAC announced registering its 10,000th member, a milestone that coincided with its 20th anniversary.

Mike Aliperti, who was the ISAC’s senior director, told StateScoop at the time that the organization helped build trust among disparate government organizations that shared common goals and faced common threats.

“The pitch is we’re all in this together,” he said. “What affects me will affect you. If we can share information about how we’re protecting ourselves or these vulnerabilities.”

New Hampshire Chief Information Officer Denis Goulet said that the MS-ISAC provided his office immense value and that he believed “many, if not all” other state CIOs would agree.

A spokesperson from the National Association of State Chief Information Officers told StateScoop the MS-ISAC has been “tremendously beneficial” to state and local governments.

“It provides significant, no cost services to state, local, tribal and territorial governments including cyber incident response teams, threat notifications, information sharing and the Nationwide Cybersecurity Review, of which NASCIO is a partner and strong supporter,” the spokesperson wrote. “The MS-ISAC services provided to local, tribal and territorial governments are especially critical as these entities face high threats from bad actors yet generally have no or low budgets to combat cybersecurity threats.”

Secretaries of state last month drafted an open letter to DHS Secretary Kristi Noem asking that she retain core services provided by CISA, including cybersecurity services for election offices, physical security assessments for voting locations and election offices and support for the EI-ISAC. On Tuesday, the National Association of Secretaries of State said they received a response from Noem, a letter dated March 7, that encourages them to take advantage of CISA’s security advisers and the services of the MS-ISAC.

“This includes cyber and physical security assessments, incident response planning resources, and tabletop excercises you highlight in your letter,” Noem’s letter reads.