Advancing Collective Cyber Defense Across the SLTT Community

By Carlos Kizzee

U.S. State, Local, Tribal, and Territorial (SLTT) organizations are facing a difficult shift. With federal funding for U.S. SLTT cybersecurity efforts no longer in place, the responsibility for sustaining critical cyber defense has moved directly to states, local governments, tribes, and territories. The Multi-State Information Sharing and Analysis Center^® (MS-ISAC^®) continues to support this transition by strengthening collaboration across jurisdictions, expanding U.S. SLTT‑specific threat intelligence, and keeping membership accessible to organizations of all sizes.

A Changing Cybersecurity Landscape for SLTTs

Federal support once played a central role in enabling U.S. SLTT organizations to maintain essential cybersecurity protection. The loss of that support created an immediate need for new, sustainable approaches that allow agencies, school districts, municipalities, and critical infrastructure operators to keep pace with growing threats.

The U.S. SLTT community has responded by aligning around a shared mission. States and local governments are now investing directly in an MS-ISAC membership model that protects entire jurisdictions, supports resource‑constrained organizations, and ensures that cyber defense doesn’t fragment as the threat landscape continues to expand.

This shift has reinforced a guiding principle: community defense works best when everyone has access to the same high‑impact tools and trusted support.

Peer Collaboration that Strengthens the Whole Community

The MS‑ISAC community thrives on collaboration. Members rely on each other through working groups, mentor programs, regional events, and community-led initiatives.

The ISAC Annual Meeting serves as a central gathering point each year. U.S. SLTT cybersecurity professionals come together to share insights and build relationships that carry forward into day‑to‑day operations. The event, which will be hosted June 21–24 in Orlando, FL, promotes conversation among peers who face similar challenges regardless of whether they work in large state agencies or small rural districts. Registration is now open to all U.S. SLTT government organizations. For more information about the event or to view the agenda, please visit meeting website at https://events.govtech.com/ISAC-Annual-Meeting.html.

Throughout the year, MS‑ISAC groups and communities support members who want practical guidance, peer‑tested approaches, and a place to exchange ideas. These spaces help organizations apply peer best practices, improve their own processes, and strengthen their internal programs in ways that reflect real‑world U.S. SLTT environments.

Collaboration is especially meaningful for organizations with limited staff or cybersecurity capacity. By connecting with peers, these jurisdictions gain access to shared experiences and practical advice that would be difficult to obtain on their own.

Threat Intelligence Designed for U.S. SLTT Realities

Thanks to the collaboration of its members, the MS‑ISAC operates the largest threat intelligence capability in the country dedicated specifically to U.S. SLTT organizations. This intelligence environment includes the 24x7x365 U.S.-based Center for Internet Security^® (CIS^®) Security Operations Center and Cyber Incident Response Team (CIRT) that monitor activity, analyze threats, and deliver alerts tailored to the public sector.

Threat information shared through the MS‑ISAC focuses on the types of attacks that regularly affect government services, critical infrastructure, schools, and public institutions. As hybrid incidents continue to grow across cyber, physical, and information‑based threats, MS‑ISAC intelligence provides timely awareness to help organizations prepare and respond more effectively.

Just days after the conflict in Iran began, the MS-ISAC held a snap call on March 3 that gathered nearly 3,700 participants to provide critical information about the evolving Iranian threat. The next day, the MS-ISAC identified potential targets of attack by Iran-linked groups. The CIS Red Team rapidly identified possible targets on U.S. SLTT networks, and in coordination with the CIS Security Operations Center (SOC), delivered proactive notifications to 57 organizations in under an hour.

This threat intelligence becomes even more valuable when entire states participate. Statewide membership models give thousands of agencies and local entities consistent access to early‑warning information, coordinated notifications, and a shared understanding of risks across the jurisdiction.

The result is a stronger, more unified view of the threats that matter most to U.S. SLTT communities.

High‑Value Services that Support Every U.S. SLTT Organization

MS‑ISAC services continue to provide essential capabilities that many organizations could not otherwise maintain on their own. Membership includes threat intelligence, protective DNS service in the form of our Malicious Domain Blocking and Reporting (MDBR) solution, incident response assistance, and guidance based on the CIS Critical Security Controls^® (CIS Controls^®) and CIS Benchmarks^®. It also provides access to cost-effective services such as vulnerability management as well as endpoint and network monitoring.

These services offer significant value at a sustainable cost. A study conducted in 2025 found that the combined services provided through MS‑ISAC membership can exceed $200,000 in market value for a single organization, while membership fees remain affordable for public‑sector budgets. Larger states benefit from broad jurisdictional coverage, and smaller communities gain enterprise‑grade support at a cost that fits their resources.

Membership tiers are designed to meet organizations where they are:

• State or Territory‑Wide Membership
  A single subscription enables every eligible public entity within a state or territory to participate.
• State‑Level Transitional Membership
  Designed for states that are formalizing broader security strategies while ensuring state agencies retain full access to MS‑ISAC support.
• Single‑Organization Membership
  An option for smaller jurisdictions that want reliable protection and access to MS‑ISAC services without a large financial burden.

Each tier supports a model where U.S. SLTT cybersecurity remains accessible to all eligible organizations and sustainable without the concerns of future federal funding changes.

Moving Forward Together

U.S. SLTT organizations are navigating a period of change that requires strong partnerships and reliable support. The MS‑ISAC is committed to helping members maintain that stability by strengthening collaboration, expanding access to threat intelligence, and providing affordable services that meet the needs of both large and small jurisdictions.

As the U.S. SLTT community continues to adapt, one thing remains clear: cybersecurity is a shared commitment, and progress is strongest when every organization has the tools and support needed to participate.

---

Carlos P. Kizzee is the Senior Vice President for MS-ISAC Strategy and Plans. In that position, Kizzee is accountable for the engagement, account management, and training and education activities associated with MS-ISAC membership as well as key programs assessing and enhancing the security maturity of state, local, tribal, and territorial government agencies and activities. Previously, Kizzee served with the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) as Vice President of Intelligence, building and supporting retail and hospitality industry security collaboration; and with Defense Security Information Exchange as Executive Director, promoting threat intelligence sharing and collaboration within the defense industrial base and actively supporting the development and establishment of the National Defense ISAC.