Sen. Mark Warner to introduce bill to restore MS-ISAC funding, boosting federal cyber support to $50M annually

Sen. Mark Warner, D-Va., will soon introduce a bill that would restore federal funding support to the Multi-State Information Sharing and Analysis Center and, in a letter sent to Department of Homeland Security Secretary Markwayne Mullin, urged the agency to prioritize the Cybersecurity and Infrastructure Security Agency and its support of state, local and critical infrastructure cybersecurity efforts.

The bill, exclusively shared with StateScoop and titled the “Guaranteeing Universal Access to Cybersecurity Act,” aims to help state, local, territorial and tribal governments defend themselves and their critical infrastructure against cyberattacks, according to Warner’s office. It would authorize giving the Center for Internet Security, which runs the MS-ISAC, $50 million for fiscal 2027, and each fiscal year thereafter.

The $50 million annual authorization would go beyond just restoring funding lost last year — it would expand the federal government’s most recent investment in MS-ISAC by five times. In March 2025, then-DHS Secretary Kristi Noem partially defunded several MS-ISAC activities, which impacted about $8.3 million of the program’s remaining 2025 budget, more than half of the $15.7 million that remained available at the time.

Despite the pulled funding, the interoperability of MS-ISAC’s cyber threat intelligence collection and dissemination, as well as technical assistance services, between state and federal partners wasn’t formally discontinued until September when CISA declined to renew its agreement with CIS. At that time, the MS-ISAC provided free cybersecurity resources and monitoring to 18,000 state, local, territorial, tribal organizations and communities, as well as critical infrastructure operators including public hospitals, public utilities, K-12 schools and law enforcement. 

The action was met with disappointment and fear from state and local governments, and the organizations that represent them have pleaded with congressional leaders to the restore funding. To continue operating the MS-ISAC, which had an operating budget of $27 million annually, CIS has been funding the organization with $1 million per month via a fee-based membership structure for the program. The model features pricing that is tied to government operating budgets and program discounts or free access offered for smaller organizations with limited resources.

CISA said in September it would “continue to collaborate” with MS-ISAC on “information sharing and joint products, consistent with its engagement across the broader ISAC community,” after the funding cuts.

In the letter to Mullin, Warner points out that the MS-ISAC’s funding cancellation left many state, local, territorial and tribal governments and organizations in a lurch, creating gaps in protecting their critical infrastructure. Warner urged him to prioritize CISA and to fund MS-ISAC to correct his “predecessor’s abdication of responsibility to defend our nation from cyberattacks.”

“Secretary Noem’s abrupt cancelation of MS-ISAC funding not only endangered national security, but it placed an unanticipated, costly item on SLTT budgets and undeserved pressure on leaders to shoulder the burden of protecting critical infrastructure without access to the full threat picture that the MS-ISAC provided,” Warner’s letter said.

“Many communities, particularly small and rural communities, cannot access MS-ISAC without federal support and every community in America is more vulnerable without the MS-ISAC serving as a national hub for community defense coordination. Defunding critical infrastructure protections has led to information silos and deprived communities across the nation of the ability to collaborate on securing our critical infrastructure – the foundation of America’s national security, our economy, and our public health and safety.”

To formally restart the program’s ties to the federal agency, the bill orders CISA’s director, which is currently being filled by Nick Andersen in an acting capacity, to reenter into an agreement with CIS for the MS-ISAC. It also orders CISA’s director to conduct additional outreach to restore MS-ISAC membership to those lost during the defunding and to expand access to eligible entities not previously members of MS-ISAC, such as critical infrastructure sectors.

CISA would also be required to report to Congress on the number of re-enrolled and new members of MS-ISAC, and inform legislators of any barriers to participation. The group would also have to maintain interoperability support and provide access to the Federal Bureau of Investigation “and other relevant Federal agencies for the purposes of enhancing the national cyber threat intelligence ecosystem.”

The legislation’s introduction comes at a time when states and local governments are struggling to close a number of gaps left by cancelled federal funding and cybersecurity programs decommissioned by the Trump administration. At the end of last month, several state technology officials made their case before a House Homeland Security subcommittee pushing for Congress to reauthorize funding for the expired State and Local Cybersecurity Grant Program, which provided $1 billion for states and local governments through 2021’s federal infrastructure bill.

“I urge you to prioritize the Cybersecurity and Infrastructure Security Agency (CISA) – restore its budget, hire subject matter experts and leaders with experience defending critical infrastructure and cyberspace, and let the talented and capable CISA staff do their jobs to protect the nation. Fixing CISA will take time, but you can make immediate progress by restoring CISA’s cooperative agreement and funding with the Multi-State Information Sharing and Analysis Center (MSISAC),” the letter continued.

Warner also sent a letter Thursday to every governor across the country urging them to take steps to protect not just their state and local government assets, but their critical infrastructures as well, from cyberattacks.

“The dangers facing our critical infrastructure are real and, if realized, will be devastating. The interdependence of our critical infrastructure has inherent risk and creates cascading and cumulative harm. A successful attack on the power grid can disable water treatment operations. Disabled water treatment can shut down hospitals and schools,” the letter said. “In even the most prepared and well-resourced region, this scenario would cause chaos and likely cost lives.”

He also noted the increased risks that artificial intelligence has posed by lowering “the barrier to entry for sophisticated, asymmetric attacks against critical infrastructure while simultaneously supercharging the capabilities of America’s adversaries and criminal actors to disrupt our way of life.” He noted the increase of ransomware attacks across the country, much like the massive attack last fall that caused many Nevada’s state’s web assets to go dark — including the state’s main website, NV.gov, along with many agency sites and online services — for several weeks.

The letter also points to the damages caused by the Trump administration’s “politically-motivated sabotage of CISA,” and lays bare steps that governors can take to bolster cybersecurity and advance protections for national security, the economy and public health. These included regional coordination, statewide infrastructure audits, greater threat-intelligence sharing and support for underresourced operators.

“The threats we face do not respect state borders or party lines and we cannot let those factors distract us from our task. Governors, and the federal government, are responsible for ensuring that critical infrastructure in their states, territories, and Tribal land are ready and resilient,” the letter said. “The cost of inaction will be measured in disrupted services, damaged economies, and potentially lives lost — and that cost falls first on you and the people who trust you to keep them safe.”