MS-ISAC: Defending America’s Critical Infrastructure

The Multi-State Information Sharing and Analysis Center (MS-ISAC) provides vital cybersecurity services to more than 18,000 state, local, tribal, and territorial (SLTT) government organizations supporting our nation’s critical infrastructure including public hospitals, public utilities, K-12 schools, and law enforcement. Without these services, they will be increasingly vulnerable to cyber attacks by foreign adversaries.

Watch Video to Learn More about the MS-ISAC

The MS-ISAC's Impact Across America

The MS-ISAC is the only initiative offering cyber threat intelligence, incident response support, and real-time information sharing programs not performed by the federal government.

Defense Against Costly Cyber Threats

As threats against state and local governments grow in volume and complexity, the average cost of a cyber attack for state and local governments can range from $2.83 million to $9.5 million, with some reports indicating even higher costs, depending on the type and severity of the breach.

In 2024, the MS-ISAC took the defensive measures below in an effort to protect SLTTs across the U.S.

Detected 40,000+ potential cyber attacks targeting SLTT networks

Impacted MS-ISAC members received alert notifications nearly twice as fast as commercially-available alternatives.

Detected and prevented 59,000+ malware and ransomware attacks

MS-ISAC members were supported with endpoint protection services that identify, detect, respond to, and remediate security incidents and alerts.

Blocked 25,000,000,000+ malicious domain connections for SLTTs

The MS-ISAC's protective DNS service blocked an average of 3.3M requests to known or suspected malicious domains per member organization.

How Members are Impacted

Learn how the MS-ISAC has supported the nations cybersecurity maturity across different sectors.

As a public school district with limited staff and resources dedicated to cybersecurity, the MS-ISAC has been nothing short of essential. With just a small team managing IT for hundreds of staff and thousands of students, we rely on the MS-ISAC to be our eyes and ears in an increasingly complex and dangerous cyber landscape.
Director of Innovation & Technology at K-12 | Member since 2019
We rely on reports, intelligence, and alerts provided by MS-ISAC to secure our $340 billion portfolio and protect the financial future of [state] teachers. Without the MS-ISAC we would not be able to react as quickly as we do to emergent threats across our environment. The MS-ISAC is a priceless service that we utilize every day.
Cybersecurity Specialist in Education Sector | Member since 2015
[Our city] is a small municipality with limited IT staff and a modest cybersecurity budget. For years, we have managed our own defenses. That changed the day we joined the MS-ISAC. The MS-ISAC doesn’t just give us tools—they help provide us time to respond, and a team watching our backs when we aren’t always able to.
Network Administrator at Small Municipality | Member since 2019
We find true value in the services provided by MS-ISAC, including annual intelligence meetings, education videos, webinars, IP and domain lists, threat reports, vulnerability scans, and passive threat notifications. Without these services, our cybersecurity posture will suffer, which is a huge win for the bad actors out there.
Sr. Information Security Analyst, Tribal Entity | Member for <1 year
Because organizations in the public sector range in size, budget, and cyber maturity, it is crucial to have an unbiased resource for all of our equally shared security challenges. Without [the] MS-ISAC, this for-public-sector-by-public-sector community would not exist.
Cybersecurity Operations Manager, County | Member for 13 years
The MS-ISAC has been an invaluable resource to our district and to the K-12 community. It would be difficult to find a replacement that offers the same quality services that districts receive from the MS-ISAC elsewhere.
Network Security Engineer, K-12 | Member for 2+ years
We had [a] security breach a year ago and in our time working to remediate the issue and institute changes in policies, procedures, and hardware, the tools and expertise available from MS-ISAC were available to us, when nothing else was. We would not have been able to recover as quickly and seamlessly in addition to improving our posture without the tools and expertise available to us from MS-ISAC.
IT Manager, Library | Member for 2+ years
I am gravely concerned...The MS-ISAC provides various cybersecurity services and threat analysis to organizations that are often not in a position to obtain these services because of budgetary or resource constraints.[Our] county takes advantage of some of the services that they provide and will definitely have some gaps to fill in the event that their organization is further deprecated.
Chief Information Security Officer, County | Member for 13 years
Being in a rural area, resources can be scarce and response to cyber incidents could be delayed...This service decreases our risk of cyber threats substantially and causes less stress on our employed IT technician that has other job duties outside of IT...MS-ISAC’s free services to local governments is important to agencies like ours that have limited resources and live in rural areas.
Systems Manager, Rural County Emergency Services | Member for <6 months
Our 40,000 students and 8,000 staff, will be severely affected if MS-ISAC services are lost. We would then be forced to fund and build this ourselves, which places an undue burden on an already strained system. This could potentially lead to a decrease in the overall quality of our cybersecurity, leaving our district vulnerable to attacks that could compromise sensitive student and staff data.
Security Analyst, K-12 | Member for 6 years

Impact of Funding Cuts to SLTTs

The federal government recently canceled funding for MS-ISAC operations, including cyber threat analysis and threat distribution. . To keep state and local governments secure, the Center for Internet Security (CIS) has been temporarily funding the continuation of cybersecurity services at a cost of more than $1 million per month. That funding will be phased out in the coming months. Without sustainable funding via either a fully-funded cooperative agreement with DHS/CISA or a paid membership model, the MS-ISAC will no longer be able to provide these essential cybersecurity services. Learn more about the impact of these cuts below.

funding graphic

The termination of these services would leave MS-ISAC members without critical, real-time threat information as well as cyber education and training support. These services are especially critical for thousands of small and rural communities, most with limited financial and technical resources, who would become more vulnerable to cyber threats. They would be unable to adequately respond to attacks that could impact local infrastructure, disrupt critical operations, and expose the private data of their citizens to cybercriminals.

Common Funding Questions

How was the MS-ISAC affected by recent funding cuts?

How was the MS-ISAC affected by recent funding cuts, what was cut, and what was the dollar amount of the cuts?

On March 6, the federal government cancelled funding to ten categories of work affecting MS-ISAC operations, including cyber threat analysis and threat distribution, incident response services, a wide range of member onboarding and account management support, and outreach activities including webinars, training, and virtual and in-person meetings.

These cuts were effective immediately. Without funding to sustain the efforts affected, the lapse in MS-ISAC services and support in these areas will hinder the MS-ISAC’s ability to provide state, local, tribal, and territorial organizations with cyber threat intelligence, incident response support, and real-time information sharing programs.

For the fiscal year 2025, the MS-ISAC has been operating with $27 million appropriated by Congress. As of March 6, $15.7 million remained in the MS-ISAC budget. The funding cuts, after negotiations with DHS/CISA, totaled approximately $8.3 million. Therefore, the cuts amounted to more than 50% of the MS-ISAC's remaining budget for the year.

Will funding cuts disrupt cybersecurity services for MS-ISAC members?

Will the funding cuts disrupt the cybersecurity services MS-ISAC members depend on in the near term?

The Center for Internet Security is committed to keeping state and local governments secure. For the next few months, we are funding critical services as we work with members of the MS-ISAC Executive Committee to implement an approach to fill the gap left by the partial discontinuation of federal support.

We are expecting to implement a membership model for core services and a fee-for-service model for non-core services. During this interim period there may be limited disruptions to various MS-ISAC offerings due to shifting priorities or funding constraints.

It’s important to note that some services MS-ISAC members rely on continue to be federally funded and have not been impacted by recent cuts, including:

Albert Network Monitoring and Management sensors
Malicious Domain Blocking and Reporting (MDBR)
Endpoint Detection and Response (EDR)
the Nationwide Cybersecurity Review (NCSR) and Foundational Assessment
The 24x7x365 CIS Security Operations Center (SOC) support (to include issuance of Cyber Advisories and IP and Domain Monitoring activity)

MS-ISAC in the News

Resources for MS-ISAC Members

CIS Portal

Please log into the Portal to access resources designed to equip you with the information needed to advocate for our community.

CIS Portal

Not a member?

The MS-ISAC is open to employees or representatives from all 50 states, the District of Columbia, U.S. Territories, local and tribal governments, public K-12 education entities, public institutions of higher education, authorities, and any other non-federal public entity in the United States of America.

Join the MS-ISAC