Cyber info-sharing looks to ‘weather this storm’ of lost federal funding
Alex Cristi via Getty Images
By
Chris Teale
The Multi-State Information Sharing and Analysis Center faces an uncertain future amid cuts in its federal funding. But for now, those involved pledged to keep the work going.
Uncertainty continues to swirl around two popular cybersecurity and election threat sharing centers after they had their federal funding cut in March, but one senior figure said the work will continue, at least for now.
James Globe, vice president and strategic advisor for cybersecurity capabilities at the Multi-State Information Sharing and Analysis Center, acknowledged that the MS-ISAC and the Election Infrastructure Information Sharing and Analysis Center are going through a “transition,” following that funding loss but remains “very committed” to their mission.
“We will weather this storm, but it is a new world and we have to find our way and find other funding sources, which we are in the process of doing,” Globe said during the Public Technology Institute’s Artificial Intelligence and Cyber Summit in Washington, D.C. this week. “Our goal is to be more than just information sharing. It's still to provide protective services, awareness services, educational services and more.”
The Cybersecurity and Infrastructure Security Agency ended a $10 million partnership with the Center for Internet Security to help fund both the MS-ISAC and EI-ISAC, although a spokesperson noted at the time that it represented less than half of the funding CISA provides. Among the activities on the chopping block were stakeholder engagement, cyber threat intelligence and cyber incident response, which the CISA spokesperson added are already offered to state, local, tribal and territorial governments.
Since then, the EI-ISAC website has gone dark, with a message stating that, as the Department of Homeland Security terminated funding, CIS “no longer supports” it. Meanwhile, the MS-ISAC website is still live, and the group recently issued two advisories about vulnerabilities and patches in specific software, which was the first time it had done so in over a month.
“We're still in the business of securing our election infrastructure, just not with federal funding,” Globe said. He also noted that MS-ISAC will continue to provide training on AI adoption and integration. There has to be a “heavy emphasis” on training, development, guidelines, policies and acceptable uses, Globe added.
“Here is this new technology; let us train you on it,” he said. “Let us show you what we believe is an acceptable use. Let us re-educate you about proper data governance and data protection. That's been a big challenge for us: making sure everyone understands sensitive data, [Personally Identifiable Information, Intellectual Property], we've been really hammering our employees on that as they learn how to do prompt engineering. Training and awareness is where our focus has been.”
Also weighing heavily on state and local tech leaders is the end of the State and Local Cybersecurity Program, a four-year, $1 billion initiative funded by the 2021 infrastructure law that is soon to expire. Lawmakers in Congress had expressed a bipartisan interest in reauthorizing the program before it runs out in September, but that deadline looks likely to be missed.
“We're living in a very interesting time, where there's headwinds against any new expenditures,” said Alan Shark, PTI’s executive director, on stage at the summit. “I always felt in the past that once you had your foot in the door and you had funding, it would be a lot easier to continue. That is not the case. There are people for it, but there are actively people against it.”
It may leave states and localities feeling like they are in the lurch, as they see federal funding and support drying up for cybersecurity while at the same time cyber threats continue to increase. Other groups, including PTI, are looking to step up in the federal government’s stead.
In a previous interview, Rita Reynolds, chief information officer at the National Association of Counties, said that organization is looking to find ways for the private sector, associations, nonprofits and academia to “help fill the gap.”
“Every challenge is an opportunity,” Reynolds said at the time. “We're not going to give up in terms of ensuring that the word is shared on how important these services are. There's always a chance that this defunding could be reversed, but we’re not going to necessarily wait for that. And so, the optimist now is, what other partnerships do we have?”
The future, then, remains uncertain, as states and localities wrestle with what comes next for information-sharing, as well as federal funding for those efforts and broader cybersecurity initiatives. Shark said there are “dark clouds” gathering for budgets, even as there is “absolutely a willingness to keep on” with the existing organizations under threat.