Federal cuts to information-sharing groups may damage nation’s security posture, warn officials
Current and former government officials told StateScoop they’re concerned by cuts at two information sharing organizations widely used by state and local governments to protect IT and election systems from cyberattacks.
The Cybersecurity and Infrastructure Security Agency last month eliminated funding for the Elections Infrastructure Information Sharing and Analysis Center, and this week announced it cut $10 million in support from the Multi-State ISAC. It’s still unclear exactly which services will be provided by CISA and the Center for Internet Security, the nonprofit that operates the ISACs, and how the cuts may affect state and local governments.
A CISA spokesperson on Thursday told StateScoop that the Center for Internet Security still has a cooperative agreement with the federal government that will allow it to continue its work through the MS-ISAC.
A Center for Internet Security spokesperson pointed out that the organization has long played an integral role in the defense of the nation’s homeland security infrastructure, by providing services not provided by the federal government.
“While we respect DHS’ budgetary authority, we are concerned that recent cuts in funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC) will make state and local governments vulnerable to persistent cybersecurity attacks from foreign adversaries,” the spokesperson wrote in an emailed statement. “These jurisdictions are on the front lines of supporting much of the nation’s critical infrastructure, and they rely on the MS-ISAC for vital resources to monitor and avert cyber threats that arise daily.”
The spokesperson went on to say that the group will continue working with its 18,000 members to find ways to fill gaps left by the recently canceled services.
The Center for Internet Security on Wednesday sent an email to its members that provided some clarity on which services it’s allowed to continue providing. These include support for its Albert sensors, which detect web traffic from known malicious websites, its Malicious Domain Blocking and Reporting service, and some other core cybersecurity offerings.
According to the CISA spokesperson, discontinued MS-ISAC work includes stakeholder engagement, cyber threat intelligence and cyber incident response.
‘Losing a voice’
Mark Raymond, who’s served as the chief information officer of Connecticut since 2011, said his office has relied heavily on the MS-ISAC’s services, including threat advisories, malware analysis, the malicious domain blocking service, a dark-web scanning service, the Albert sensors and large discounts on cybersecurity awareness training that had been negotiated by CIS.
Raymond said he’s concerned that CISA may be removing helpful assets widely used by state and local governments, the latter of which are often underresourced and especially need help purchasing cybersecurity services.
“The Center for Internet Security provided 24/7 security operation center services,” he said. “If you used their endpoint protection, which you got at a discount, you also had someone looking at it 24/7, which most municipalities just don’t have. I don’t know how people are going to be able to do that [now].”
Raymond said that CISA, which was founded in 2018 during Donald Trump’s first presidential term, has also been helpful during his tenure, but that he thought of its services as “additive,” not redundant, as the Department of Homeland Security has claimed in its justification of the recent funding cuts.
“I haven’t heard of a surge in the resources that will be available from CISA to help local government,” Raymond said. “Maybe it’s being planned and announced, but what it does appear is that we’ve diminished a resource that helps those with the most basic needs, and haven’t seen a replacement yet. CIS and MS-ISAC has allowed state and local governments to be better, and it’s not clear how they’re going to continue to maintain that. Some of them just may not be able to afford it any longer.”
Raymond said he was concerned also that the recent cuts could lead to poorer representation of state and local officials as the federal government makes decisions about cybersecurity. The MS-ISAC has been run by a governing board, but Raymond said the cuts could mean he and his counterparts are “losing a voice” in explaining their needs and setting the cybersecurity agenda.
‘A serious impact’
If officials are concerned about cuts at the MS-ISAC, officials and industry groups have, in interviews and email exchanges, been almost universally critical in their responses to cuts at the EI-ISAC.
Derek L. Bowens, elections director for Durham County, North Carolina, told StateScoop in an email that the EI-ISAC’s services had been “invaluable,” and that he hopes to see them restored. Carolina D. Lopez, executive director of the Partnership for Large Election Jurisdictions said the last four elections were made more secure by the EI-ISAC’s “crucial” efforts to coordinate federal, state, local and tribal governments with security services.
A spokesperson from the Pennsylvania Department of State warned that any interruption to the cybersecurity resources provided by federal agencies could have “a serious impact, especially on our local election officials.”
The Department of Homeland Security’s messaging about the cuts at CISA has been consistent with the moves seen across the federal government since President Donald Trump tasked Elon Musk with maneuvering his Department of Government Efficiency unit through dozens of federal agencies in search of “waste, fraud and abuse.” A CISA spokesperson told StateScoop that the cuts at CIS were to eliminate redundant services, and pointed out that election infrastructure owners and operators will have access to the same support as other critical infrastructure operators, including incident response and physical security services.
Pamela Smith, the president and chief executive of the election technology nonprofit Verified Voting, argued that given the current threat environment, support for cybersecurity services should be expanding, not shrinking.
“First it was cuts at CISA because they didn’t want to have them to have anything to do with mis- and disinformation,” she said. “But if you’ve cut funding for something like EI-ISAC, it goes to the question of whether elections are still considered critical infrastructure. If the improvement of security and resilience of critical infrastructure on which Americans rely is no longer a goal of the department literally named Homeland Security, then they should explain that. I think the American public deserves to know.”
‘A huge step back’
CISA was founded in 2018 after the discovery of Russian meddling in the 2016 presidential election, but the idea of treating elections as part of the United States’s critical infrastructure dates back as far as 2005, when the federal government was developing early cybersecurity frameworks.
Since its establishment, CISA has enjoyed status as a respected and nonpartisan source of funding, guidance and direct support for localities’ cybersecurity efforts. But in recent weeks, CISA has been thrown into turmoil by staff reassignments and firings, and leadership changes, Wired reported on Thursday. Many of the officials StateScoop interviewed for this story lamented the loss of the sophisticated and cross-disciplinary talent at CISA that was built up over the past seven-plus years.
Kim Wyman, Washington’s former secretary of state, said she’s concerned that recent actions may mean the country takes “a huge step back on its security posture,” and that it could erase the convening power and broad visibility that was offered by the EI-ISAC.
“I think the biggest value and all the insights they provided was having someone that had that birds-eye view, where they’re looking at data from across the entire country, and they can see trends emerging, they can see and put together information from all their sources and give you data that helps you make a better threat assessment,” said Wyman, a Republican.
Visibility of threats, such as the bomb threats at polling places during the 2024 election, and communication with law enforcement, helped minimize disruptions, Wyman said, because in some cases police were able to sweep for bombs and determine whether threats were credible without needing to turn away voters.
“If you shut a polling place down for an hour, that’s hundreds of voters who weren’t able to cast a ballot,” she said. “And now you’re having that ripple effect potentially on the election. All of that information the EI-ISAC was able to compile I think gave election officials on the ground valuable intelligence to be able to make better decisions and respond in a way that’s good for voters and keeps elections safe and secure.”
Kathy Boockvar, former secretary of the Commonwealth of Pennsylvania, said removing funding for the EI-ISAC, and CISA’s decision to keep private the memo detailing the findings of a recent audit and the agency’s future, are “very concerning.”
“Election security is genuinely a race without a finish line and our adversaries are not sitting around eating bon-bons,” said Boockvar, a Democrat who worked at CIS as vice president of election operations after leaving Pennsylvania state government in 2021. “Our adversaries — both foreign adversaries like Russia, China and Iran, and also domestic terrorists — are continually inventing and executing new and different ways to try to infiltrate our systems.”
Boockvar said she’s also concerned by the upcoming expiration of CIS’s cooperative agreement this spring. Federal officials have not said whether they are planning further cuts.
Boockvar said that as a secretary of state, she was always grateful for the federal funding she received, such as through the Help America Vote Act, but that over the last couple years the funding officials have received is “nowhere near enough” to protect the nation’s election systems.
“This is a more extreme removal of the ability for election officials to be able to budget and plan ahead of time,” she said. “Not only do [local election officials] not know if any additional dollars will be coming through the door, they don’t know if everything they already have is just going to be snatched from under them any given week. And Americans deserve better.”
