Cybersecurity

MS-ISAC loses federal support for threat intelligence, incident response

The Multi-State Information Sharing and Analysis Center has lost funding for several services, including stakeholder engagement, cyber threat intelligence and cyber incident response.

By Colin Wood

March 11, 2025

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

U.S. Department of Homeland Security Secretary Kristi Noem speaks during a TV interview with Fox News outside of the White House on March 10, 2025 in Washington, D.C. (Anna Moneymaker / Getty Images)

The Multi-State Information Sharing and Analysis Center, which has supported the cybersecurity operations of state and local governments since its creation in 2004, has lost some of its federal funding, a Cybersecurity and Infrastructure Security Agency spokesperson confirmed with StateScoop on Tuesday.

The news, first reported by freelance reporter Eric Geller, follows the Department of Homeland Security last month severing support for the Elections Infrastructure ISAC. A representative from the Center for Internet Security, the Upstate New York nonprofit that operated both information-sharing bodies, was not immediately available to comment.

“This action will save taxpayers approximately $10 million a year, focus CISA’s work on mission critical areas, and eliminate redundancies,” the CISA spokesperson wrote in an emailed statement. “CISA has terminated federal funding for several activities under a cooperative agreement with the Center for Internet Security (CIS). The agency is committed to good stewardship of taxpayer dollars.”

The spokesperson went on to say that the discontinued work of the EI-ISAC and MS-ISAC “no longer effectuates department priorities.” Discontinued MS-ISAC work includes stakeholder engagement, cyber threat intelligence and cyber incident response.

On Wednesday, the spokesperson clarified that some of the MS-ISAC’s work will continue, and that the $10 million in defunded activities is “less than half” of the funding it provides CIS.

State and local government officials have for years praised the resources provided by both organizations, which included intelligence briefings on emerging cybersecurity threats, notices on the latest security patches, incident response support, penetration testing and hundreds of Albert sensors, devices that help election administrators detect anomalous network activity.

New Mexico Secretary of State Maggie Toulouse Oliver told StateScoop last month that the loss of the EI-ISAC was “a big hit” to her office’s efforts to safeguard elections. At that time, DHS spokesperson affirmed that the MS-ISAC’s support would not be disrupted. The CISA spokesperson on Tuesday explained that the services provided by both of the nonprofit’s groups are redundant with other services offered directly by CISA.

State chief information officers have told StateScoop they have relied on the MS-ISAC to provide wider visibility of the threat landscape and to share information about cyberattacks with other states. In 2020, the MS-ISAC announced registering its 10,000th member, a milestone that coincided with its 20th anniversary.

Mike Aliperti, who was the ISAC’s senior director, told StateScoop at the time that the organization helped build trust among disparate government organizations that shared common goals and faced common threats.

“The pitch is we’re all in this together,” he said. “What affects me will affect you. If we can share information about how we’re protecting ourselves or these vulnerabilities.”

New Hampshire CIO Denis Goulet said that the MS-ISAC provided his office immense value and that he believed “many, if not all” other state CIOs would agree.

Minnesota CIO Tarek Tomes was among those who agreed.

“While we don’t know the full impact of this announcement, we do know that any reduced ability to share information and support the defense against cyber-attacks puts every local entity at greater risk from very real cyber threats,” Tomes said in an emailed statement. “Collaboration and information sharing are key values in Minnesota’s approach to cybersecurity. Organizations like MS-ISAC are important for their ability to focus and amplify resources that improve cyber defenses for smaller entities, especially local and Tribal government.”

A spokesperson from the National Association of State CIOs told StateScoop the MS-ISAC has been “tremendously beneficial” to state and local governments.

“It provides significant, no cost services to state, local, tribal and territorial governments including cyber incident response teams, threat notifications, information sharing and the Nationwide Cybersecurity Review, of which NASCIO is a partner and strong supporter,” the spokesperson wrote. “The MS-ISAC services provided to local, tribal and territorial governments are especially critical as these entities face high threats from bad actors yet generally have no or low budgets to combat cybersecurity threats.”

Secretaries of state last month drafted an open letter to DHS Secretary Kristi Noem asking that she retain core services provided by CISA, including cybersecurity services for election offices, physical security assessments for voting locations and election offices and support for the EI-ISAC. On Tuesday, the National Association of Secretaries of State said they received a response from Noem, a letter dated March 7, that encourages them to take advantage of CISA’s security advisers and the services of the MS-ISAC.

“This includes cyber and physical security assessments, incident response planning resources, and tabletop excercises you highlight in your letter,” Noem’s letter reads.

Corrected March 12, 2025: The story originally indicated that the MS-ISAC had lost all of its federal support. A CISA spokesperson provided additional clarification that the discontinued work represents only a portion of the center’s work.