What’s next for cybersecurity, election info sharing?

Vithun Khamsong via Getty Images
Federal funding has been slashed by $10 million for two information sharing centers, which both have tens of thousands of members. A more fragmented and expensive future could follow as states and others go it alone.
Information sharing on cybersecurity and election threats may become a whole lot harder after the Department of Homeland Security ended some federal funding for two partnerships used by thousands of state and local governments.
A spokesperson for the Cybersecurity and Infrastructure Security Agency confirmed it terminated a $10 million partnership with the Center for Internet Security for the Multi-State Information Sharing and Analysis Center, and the Election Infrastructure Information Sharing and Analysis Center. That figure is less than half of the funding CISA provides, the spokesperson noted.
The spokesperson said MS-ISAC and EI-ISAC, which allow state, local, tribal and territorial governments to share threat information and best practices while providing tools and other services for free or at a reduced cost, “no longer effectuates department priorities."
Among the activities that would be cut are stakeholder engagement, cyber threat intelligence and cyber incident response, which the spokesperson said are already offered by CISA to SLTT governments.
"This action will save taxpayers approximately $10 million a year, focus CISA’s work on mission critical areas, and eliminate redundancies,” the spokesperson said. “The agency is committed to good stewardship of taxpayer dollars.”
It is still unclear what the cutbacks, which DHS first announced last week, mean for the future of MS-ISAC, while EI-ISAC’s website notes that the Center for Internet Security “no longer supports” it. A CIS spokesperson declined to comment via email, except to say that “many of the questions we are receiving are the same ones we are asking.”
Carlos Kizzee, senior vice president for strategy and plans at MS-ISAC, told Route Fifty in a brief interview that he remains “proud” of its 18,000 members and their “passion” for helping others. The “strength and power of its members” as they collaborate is key, he said.
“It’s almost impossible to put a price tag on the value that generates,” Kizzee said on the sidelines of the Billington State and Local Cybersecurity Summit in Washington, D.C. this week.
It is also unclear what the groups’ apparent demise could mean for the future of information sharing on cybersecurity and elections. Tim Harper, a senior policy analyst for elections and democracy at the Center for Democracy and Technology, said the decision will “sacrifice national security for pennies on the dollar.” The consequences could be enormous, and not just be financial but also undercut interstate and intergovernmental relationships that have taken years to build.
Being protected against those multiplying threats, then, requires all hands on deck — not just from CISA and other federal agencies, but also through information-sharing consortia like MS-ISAC. Rita Reynolds, chief information officer at the National Association of Counties, said governments do not just rely on one entity for all their cyber assistance. Current services “augment each other,” she said.
“What we always say to the counties and even in our organization, is that you need multiple layers of defense,” Reynolds said. “It's the multiple layers of defense that make us successful. Even in the counties, we may have one or two or three tools where there's overlap, but that's not a bad thing. … If everything were exactly the same, then there would have to be questions about, why are we paying for exactly the same service? But that's not the case.”
The shuttering or reduction in scale of these two information centers will leave a big hole, experts warned.
“Until last week, the Center’s sole purpose has been to protect our elections against cyber threats,” Carolina Lopez, executive director of the Partnership for Large Election Jurisdictions, said in an email. “Elections were more secure in 2018, 2020, 2022 and 2024 because of the resources, training and knowledge provided by the EI-ISAC and its dedicated public servants.”
Governments could feel the biggest impact of the ISAC funding cuts in their own budgets, especially as they offer shared services to members either for free or at a vastly reduced cost. In a letter last month, Washington Secretary of State Steve Hobbs warned that without federal support, securing local networks would cost the state “three times as much” as it does now. He said that funding uncertainty “jeopardizes vital cybersecurity resources that help election officials nationwide combat cyber threats, including ransomware and foreign interference.”
From a cybersecurity perspective, not having access to MS-ISAC’s services could impact whether local governments are able to fulfil their requirements for cyber insurance. Premiums are already high and still rising, and not having an organization as a backstop could hurt.
“Cyber insurance is a hot button, and for now it's needed at the county level,” Reynolds said. “The requirements are ever increasing, and understandably so: there definitely should be a baseline of cyber defenses. The reality is that some of what [governments] were relying on from MS-ISAC, now they have to look elsewhere, and they may not be able to implement so it could affect cyber insurance renewals and premiums.”
Harper said while federal leadership may present the funding cut as a cost-saving measure, in the end, residents will still be on the hook.
“Taxpayers are still going to foot the bill for expensive private sector alternatives or risk leaving elections exposed,” he said. “It's not cost cutting, it's just cost shifting, and local taxpayers will end up paying the price. I don't think the argument that this is a cost savings measure really measures up. I would also emphasize that slashing election security to save a few million dollars right now could cost taxpayers hundreds of millions when the next cybersecurity attack hits.”
Both information-sharing centers have been crucial in building trust between the various levels of government, something that they have traditionally struggled with, even on crucial subjects like cybersecurity and elections. Reynolds said it “took them a long time” to build trust so that state and local governments would share information, and Harper said there would be a “trust deficit” that would somehow need to be rebuilt with the centers’ demise.
“When CISA was established and election infrastructure was declared to be a critical infrastructure sub-sector in 2017, trust between state and local election officials and CISA was nonexistent,” Harper said. “There was a huge bias against the idea of federal intervention in what was considered to be state and local authority to run elections, and it was really through a very concerted effort to build trust.”
Now, the onus might be on states and national-level organizations to bolster existing offerings, like through state fusion centers or security operations centers, which bring together various state, local and federal resources under one roof. Reynolds said NACo is already exploring how it can boost its own cyber offerings, including tabletop exercises, webinars and other training, and is looking at existing partnerships with academia and the private sector to see if they can scale up.
Meanwhile, Arizona Secretary of State Adrian Fontes is reportedly already working on an alternative to EI-ISAC to help state and local elections offices. And other national groups are looking to pick up the slack.
A spokesperson for the National Association of Secretaries of State said its members “have built robust security teams within their offices and work with multiple entities on election security and resilience including private sector companies, other state government officials, universities, and more. States will continue to defend against cyber and physical threats to their election systems.”
Working across state borders will be tricky, Harper said, as the two ISACs were set up to do just that and there is no true equivalent that exists right now.
“Identifying what institutions that can help with an information sharing initiative like this is crucial,” he said. “That doesn't exist right now and would need to be built from scratch.”