The US federal government is cutting support for a major federal cyber threat information-sharing program.
In a public statement published on September 29, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed its cooperative agreement with the Center for Internet Security (CIS) will come to an end on September 30.
This means federal funding for the CIS-run Multi-State Information Sharing and Analysis Center (MS-ISAC) will cease, casting doubt on the program’s future.
According to a page on CISA’s website, still accessible at the time of writing, MS-ISAC is “designed to serve as the central cybersecurity resource for the US state, local, territorial and tribal (SLTT) governments.”
SLTT describes the different levels of government below the federal level, encompassing state governments, city and county governments and the governments of Native American tribes and US territories.
The MS-ISAC is a membership-based initiative open to SLTT entities of all types, including government agencies, law enforcement, educational institutions, public utilities and transportation authorities.
The CIS website claims that the MS-ISAC has over 18,000 members.
“Members receive direct access to a suite of services and informational products including cybersecurity advisories and alerts, secure information sharing, tabletop exercises, a weekly malicious domains/IP report and more,” the CISA page on the MS-ISAC notes.
An example of a service offered by the MS-ISAC to SLTT is the Albert Network Monitoring and Management intrusion detection systems (IDS) that provides automated alerts on both traditional and advanced network threats.
MS-ISAC Hit by Funding Cuts in March 2025
Until recently, the US federal government had a contract with the New-York based CIS to run the MS-ISAC and the Election Infrastructure Information Sharing & Analysis Center (EI-ISAC).
In February, several media outlets reported that an internal memo from then-CISA Acting Director, Bridget Bean, said the US federal government had terminated its funding for the EI-ISAC.
On March 11, the DHS, CISA’s parent agency, announced a $10m funding cuts to the MS-ISAC.
A CISA spokesperson later confirmed these two cuts to Infosecurity.
Since then, many stakeholders have pushed to restore the program’s funding.
On August 7, the National Association of Counties (NACo) and a coalition of four other intragovernmental organizations sent an open letter to members of the Senate and House committee on appropriations.
The letter urged congressional leaders to include MS-ISAC in the Fiscal Year 2026 federal appropriations process.
In another open letter sent to Congress on September 3, a group of 30 cybersecurity professionals made a similar request to the same committees.
The signatories included several former US government leaders, such as Rob Joyce, the former NSA cybersecurity director, and Camille Stewart Gloster, the former deputy national cyber director at DHS, as well as other cybersecurity leaders like Larry Clinton, the current president of the Internet Security Alliance.
These calls have seemingly gone unheeded, and the federal funding of the MS-ISAC will likely end on September 30.
CIS to Transition MS-ISAC to Paid Membership Model
Nevertheless, the CIS still seems committed to continuing the program beyond that date.
While the non-profit announced in March that it was ending support for the EI-ISAC "due to the termination of funding" by the DHS, its approach to the MS-ISAC appears more gradual.
Following the March cuts, CIS has been temporarily funding the continuation of cybersecurity services at a cost of more than $1m per month. However, that funding will be phased out in the coming months.
With current MS-ISAC benefits set to expire on October 1, CIS has urged members transition to a paid membership by September 30 to retain access to essential services. IT is also offering those who sign up for a new MS-ISAC Single Organization Membership can get 18-month membership term for the price of 12.
CISA to Transition to “New Model” of SLTT Support
The end of federal funding for the MS-ISAC has been comes as CISA begins to transition to “a new model to better equip SLTT governments to strengthen shared responsibility nationwide.”
The agency also outlined some of the ways the agency will support SLTT governments in their cybersecurity strategy, including continued access to Department of Homeland Security (DHS) grant funding through programs like the State and Local Cybersecurity Grant Program.
CISA will also provide no-cost tools such as vulnerability scanning and phishing assessments, along with hands-on guidance from regional cybersecurity advisors.
Additional support includes incident response coordination and regular briefings to help local governments stay ahead of emerging threats.
The cybersecurity agency also noted that it will continue to collaborate with the MS-ISAC on information sharing and joint products.
“SLTT partners that use Albert sensors should continue to coordinate directly with CIS/MS-ISAC for that service,” CISA added.
This funding cutoff comes as the expiring Cybersecurity Information Sharing Act (CISA 2015) will likely also lapse on October 1 – barring some last-minute agreement in Congress – amid a context of looming US federal government shutdown.