CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts

The Cybersecurity and Infrastructure Security Agency confirmed this week that it is cutting funding for cybersecurity intelligence sharing bodies amid a wider campaign of firings and budget cuts impacting the federal cybersecurity landscape. 

A CISA spokesperson said the agency planned to cut annual funding of $10 million that was given to the Center for Internet Security (CIS) for managing the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) — two organizations that provided technical assistance, guidance and more to states on a variety of cyber threats. 

The spokesperson said the cuts will allow CISA to focus on “mission critical areas, and eliminate redundancies.”

“CISA has terminated federal funding for several activities under a cooperative agreement with the Center for Internet Security (CIS). The agency is committed to good stewardship of taxpayer dollars,” they said. 

“CISA has determined that certain federally funded work organized under the cooperative agreement with CIS, for both the Multi-State Information Sharing and Analysis Center and the Election Infrastructure Information Sharing and Analysis Center, no longer effectuates department priorities.” 

CISA said the activities being deprioritized include stakeholder engagement, cyber threat intelligence and cyber incident response, which they explained were duplicative with services offered by CISA directly to state, local, tribal and territorial entities.

EI-ISAC coordinates threat information affecting state and local elections as well as voting system manufacturers while the MS-ISAC covers a wider array of threats impacting state-level organizations. 

CIS did not respond to requests for comment, but on the organization website, the page for EI-ISAC says: “Due to the termination of funding by the Department of Homeland Security, the Center for Internet Security no longer supports the EI-ISAC.”

The MS-ISAC does not have the same banner and it is unclear how the funding cuts will impact their work. 

A source told Recorded Future News that both MS-ISAC and EI-ISAC have numerous members who get value from the services they offer. The MS-ISAC in particular has existed for over 20-years, they added. 

There are multiple industry specific ISACs that share information on cyber threats and incidents to offer better protection for the sector. 

Almost all of the other ISACs covering the healthcare, IT and financial services industries are funded through member dues and other revenue streams, according to Denise Anderson, chair of the National Council of ISACs and president of the Health-ISAC. 

Anderson told Recorded Future News that most ISACs are global private sector non-profit organizations made up of owners and operators of critical infrastructure within the applicable sector or sub-sector. 

Most ISACs cover all hazards, even those beyond cybersecurity, with some dating back to the 1990s, Anderson explained. 

“Cyber does not stop at a country's border and as a result, ISACs tend to be global with global organizations as our members. For example, in the Health-ISAC, we have members operating in 140 countries,” she said. 

“As private sector entities, we work with numerous government agencies, law enforcement teams, industry partners and country Computer Emergency Response Teams (CERTs) across the world.”

She argued that changes in government administrations “only serve to demonstrate the tremendous importance that ISACs bring to global security, as stable, reliable communities of trust that industry and critical infrastructure sectors can rely on for timely, actionable, relevant information and analysis, coordination and collaboration 24/7, 365 days a year.”

Scott Algeier, who serves as executive director of both the IT-ISAC and Food and Ag-ISAC, told Recorded Future News that both do not receive government funding and “demonstrate the value of voluntary industry collaboration in our collective fight for improved cybersecurity."

But EI-ISAC and MS-ISAC have become prominent operations in recent years as the cyber threats targeting state government bodies have increased and more nation-states have made a point of targeting officials and systems 

Tim Harper, a former election administration official who now works for the Center for Democracy and Technology said the EI-ISAC and the MS-ISAC provide real-time threat-sharing and response coordination that election offices can’t replicate by themselves. 

Losing that coordination leaves towns and counties to fight nation-state hackers on their own, he explained. 

“Many state and local election offices rely on EI-ISAC as their only source of federal cybersecurity support, so cutting it puts entire counties at risk,” he said. “Defunding EI-ISAC doesn’t just weaken election security, it leaves communities wide open to cyberattacks on schools, emergency services, and local governments.”

Harper also noted that many underserved counties around the U.S. receive free network protection from CISA and with that funding cut, taxpayers “will foot the bill for expensive private-sector alternatives or risk leaving elections exposed.” 

“This isn’t cost-cutting — it’s cost-shifting, and local taxpayers will end up paying the price,” he said, adding that CIS provides endpoint security services to detect and block malicious activity.

The funding cuts come as CISA has made several other rumored cuts impacting federal cybersecurity efforts. 

Politico and TechCrunch reported on Tuesday that Elon Musk’s Department of Government Efficiency (DOGE) allegedly fired more than a hundred CISA employees, including many people who worked on “red teams” that simulate what cyberattacks would look like. 

Christopher Chenoweth, a former penetration tester at CISA, wrote on LinkedIn this week that the government contract he supported was terminated by DOGE on February 28, with the entire red team and all support roles removed. 

“The following Wednesday, DOGE cut a second CISA red team also doing mission-critical work. As a result, I and many other experienced red team operators are now seeking new opportunities,” he said. 

Several other former red-teamers hired by CISA or contracted by the agency from other companies posted on LinkedIn about the firings, claiming they were caught off guard because they assumed their projects were “critical and essential national security work.”

Last month, the Trump administration decided to fire at least 130 CISA employees and floated the potential for more staffing cuts in the future.

The widespread firings across the U.S. government led by DOGE are even impacting efforts to stop cyber scam compounds in Southeast Asia, with CNN reporting on Tuesday that the dismantling of United States Agency for International Development (USAID) is hampering every counter-trafficking project working on freeing those forced into conducting the “pig butchering” scams.