Dive Brief:
- Local government organizations wrote to Congress last week asking it to reinstate canceled federal funding for the Multi-State Information Sharing and Analysis Center, a resource provided by the Cybersecurity and Infrastructure Security Agency and the Center for Internet Security that offers state and local governments free and low-cost cyber threat prevention, protection, response and recovery.
- The Aug. 7 letter — signed by executive directors for the U.S. Conference of Mayors, National League of Cities, National Association of Counties, National Association of State Chief Information Officers and Major County Sheriffs of America — said MS-ISAC has proven its effectiveness, detecting more than 43,000 potential cyberattacks to state and local governments last year.
- “The loss of federal funding will create significant vulnerabilities for rural and small communities that often lack the resources to manage cybersecurity threats independently,” the letter stated. “It will lead to gaps in critical security services, making state and local governments more susceptible to cyberattacks, undermining public trust and safety.”
Dive Insight:
MS-ISAC provides cybersecurity resources to more than 18,000 state, local, tribal and territorial government organizations. Its fiscal 2025 operating budget was $27 million, according to the Center for Internet Security.
In March, the federal government announced it would cut $8.3 million associated with MS-ISAC — more than half of its remaining 2025 budget, according to the Center for Internet Security. The canceled funding followed CISA layoffs estimated to be in the hundreds.
The Center for Internet Security said it has been temporarily funding the cybersecurity services at a cost of more than $1 million per month since the federal government withdrew its funding.
The federal downsizing and funding cuts come as the Trump administration works to reshape the federal government and reduce spending.
Local governments, with limited funding and large amounts of sensitive data, are often considered prime targets for cyberattacks. Even so, state and local governments saw a 51% decline in ransomware attacks in 2024, a trend IBM credited in part to support from CISA.
MS-ISAC detected and prevented more than 59,000 malware and ransomware attacks on local governments in 2024, according to the Center for Internet Security, and blocked more than 25 billion malicious domain connections.
“This partnership is a testament to the importance of collaboration in addressing cybersecurity challenges and constitutes one of the most effective and efficient uses of the federal taxpayers’ investment,” the letter from city and county leaders to Congress stated.
On Aug. 1, CISA and the Federal Emergency Management Agency announced that more than $100 million in cybersecurity grant funding had been made available for state, local and tribal governments. Those grants are part of a $1 billion Department of Homeland Security grant program initiated in 2022 and spread out over four years. However, this year’s funding comes with the caveat that the grants cannot be used for MS-ISAC.
“This grant funding ensures communities and our partners across the nation have the crucial resources needed to strengthen their cyber defense capabilities and mitigate risk,” CISA Acting Director Madhu Gottumukkala said in a statement.
