State

State and local cyber aid gets a boost in $1.7 trillion omnibus bill

The $1.7 trillion bill gives the Multi-State Information Sharing and Analysis Center $43 million to expand its cyber services to state and local governments.

By Benjamin Freed

December 21, 2022

Senate Majority Leader Chuck Schumer, D-N.Y. talks with Sen. Bob Casey D-Pa. during a procedural vote on the bipartisan federal omnibus spending legislation on Dec. 20. (Chip Somodevilla / Getty Images)

The $1.7 trillion spending bill Congress has to pass this week to fund the federal government in 2023 would increase funding for several programs aimed at improving state and local cybersecurity efforts, including a 13% bump for a Department of Homeland Security-funded body that provides cyber services to state and local governments around the country.

The bill, which is expected to be voted on by early Thursday morning — to avoid a government shutdown — includes $43 million for the Multi-State Information Sharing and Analysis Center, which provides threat intelligence, network protection and risk assessment services to thousands of public-sector entities nationwide.

With the funding, the MS-ISAC, which is run out of the nonprofit Center for Internet Security in East Greenbush, New York, would be able to expand its services, including endpoint detection, malicious domain blocking, incident response capabilities and a mis- and disinformation reporting program. The money also covers those services provided through the Elections Infrastructure ISAC, which counts secretaries of state and thousands of county and local election administrators among its members.

The $43 million in the omnibus package is a $5 million increase over the $38 million Congress appropriated to the MS-ISAC in fiscal 2022. With the boost, the MS-ISAC would be able to offer its services to more members and expand its reach to more segments of the public sector, like state courts, according to a summary of the bill.

Appropriators also included several other line items that would increase the Cybersecurity and Infrastructure Security Agency’s outreach to state, local, tribal and territorial governments. Among those items are $6 million to include non-federal networks — including critical infrastructure operators and state and local agencies — in CISA’s attack-surface visibility and vulnerability incident response portfolios. There’s also an additional $6.8 million for cybersecurity education programs in K-12 schools.

The spending bill would also order CISA to provide members of Congress with updates on several recent programs, including the agency’s plan for completing its hiring of cybersecurity coordinators in every state, along with what resources those officials might need to better serve local governments and infrastructure operators. Lawmakers are also asking CISA to study the feasibility of creating an accreditation program for third-party cybersecurity providers serving federal agencies, critical infrastructure sectors and state and local governments.

CISA stands to see its annual budget grow to $2.9 billion in the omnibus bill, a 12% increase over fiscal 2022.