State, local governments urge Congress to reinstate pulled cyber funding
Five groups representing state and local governments on Thursday evening sent an open letter to congressional appropriations leaders urging them to reinstate cut federal funding to support their cybersecurity efforts.
The groups, which represent state IT officials, mayors, county governments, sheriffs and cities, said the recent cuts to the Multi-State Information Sharing and Analysis Center will lead to “gaps in critical security services, making state and local governments more susceptible to cyberattacks, undermining public trust and safety.”
“In short, without MS-ISAC’s services, many of its members will not be able to maintain the security of their public services,” reads the letter addressed to Reps. Tom Cole and Rosa DeLauro, and Sens. Susan Collins and Patty Murray, who comprise the leadership of the appropriations committees.
They claim in the letter that, over the course of 2024 alone, the MS-ISAC helped state and local network operators detect more than 43,000 potential cyberattacks, along with 59,000 ransomware and other malware attacks, and at nearly double the speed compared to the notices provided by commercial alternatives.
The groups’ plea is the latest by cybersecurity advocates to warn of how the federal government’s reduced support during the second Trump administration could harm not only state and local governments, but the critical infrastructure that runs the nation — schools, water utilities, law enforcement offices and hospitals.
Alex Whitaker, the director of government affairs for the National Association of State Chief Information Officers, one of the groups that signed the letter, said MS-ISAC is valuable in part because state and local governments consider it a “tried and true” resource.
“I think it’s a really critical time right now when we’ve seen such an uptick in intrusions and attempts from bad actors and nation-state actors to penetrate our networks,” Whitaker said. “This is probably the worst possible time to cut that funding.”
The MS-ISAC has for more than 20 years provided its members — which now total approximately 19,000 state and local government officials — with timely threat intelligence and technology services at free and discounted rates. The group lost about $8.5 million of its funding last March, a blow that forced the group’s operator, the nonprofit Center for Internet Security, to begin providing emergency funding to the tune of $1 million each month.
The group’s remaining funding and its cooperative agreement with the Department of Homeland Security are set to expire at the end of September, and no federal official has said publicly whether either will be renewed. To continue operating without reliance on federal support, the MS-ISAC plans to begin charging its members subscription fees according to the size of their IT operating budgets.
The groups that signed Thursday’s letter — which include NASCIO, the United States Conference of Mayors, the National Association of Counties, the Major County Sheriffs of America and the National League of Cities — asked Congress to recognize the MS-ISAC’s “critical importance.”
“Every day, we use MS-ISAC’s services to protect the private data of citizens and the operation of hundreds of thousands of public schools, hospitals, utilities, law enforcement, courts, and other essential critical infrastructure across the country,” the letter continues. “MS-ISAC helps us prevent expensive data breaches and thwart increasingly sophisticated attacks. Exploitation of the cyber domain almost always has a harmful impact on the physical world.”
