Current and former government officials told StateScoop they\u2019re concerned by cuts at two information sharing organizations widely used by state and local governments to protect IT and election systems from cyberattacks.<\/p>\n\n\n\n
The Cybersecurity and Infrastructure Security Agency last month eliminated funding<\/a> for the Elections Infrastructure Information Sharing and Analysis Center, and this week announced it cut<\/a> $10 million in support from the Multi-State ISAC. It\u2019s still unclear exactly which services will be provided by CISA and the Center for Internet Security, the nonprofit that operates the ISACs, and how the cuts may affect state and local governments.<\/p>\n\n\n\n A CISA spokesperson on Thursday told StateScoop that the Center for Internet Security still has a cooperative agreement with the federal government that will allow it to continue its work through the MS-ISAC.<\/p>\n\n\n\n A Center for Internet Security spokesperson pointed out that the organization has long played an integral role in the defense of the nation\u2019s homeland security infrastructure, by providing services not provided by the federal government.<\/p>\n\n\n\n \u201cWhile we respect DHS\u2019 budgetary authority, we are concerned that recent cuts in funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC) will make state and local governments vulnerable to persistent cybersecurity attacks from foreign adversaries,\u201d the spokesperson wrote in an emailed statement. \u201cThese jurisdictions are on the front lines of supporting much of the nation\u2019s critical infrastructure, and they rely on the MS-ISAC for vital resources to monitor and avert cyber threats that arise daily.\u201d<\/p>\n\n\n\n The spokesperson went on to say that the group will continue working with its 18,000 members to find ways to fill gaps left by the recently canceled services.<\/p>\n\n\n\n The Center for Internet Security on Wednesday sent an email to its members that provided some clarity on which services it\u2019s allowed to continue providing. These include support for its Albert sensors, which detect web traffic from known malicious websites, its Malicious Domain Blocking and Reporting<\/a> service, and some other core cybersecurity offerings.<\/p>\n\n\n\n According to the CISA spokesperson, discontinued MS-ISAC work includes stakeholder engagement, cyber threat intelligence and cyber incident response.<\/p>\n\n\n\n Mark Raymond, who\u2019s served as the chief information officer of Connecticut since 2011, said his office has relied heavily on the MS-ISAC\u2019s services, including threat advisories, malware analysis, the malicious domain blocking service, a dark-web scanning service, the Albert sensors and large discounts on cybersecurity awareness training that had been negotiated by CIS.<\/p>\n\n\n\n Raymond said he\u2019s concerned that CISA may be removing helpful assets widely used by state and local governments, the latter of which are often underresourced and especially need help purchasing cybersecurity services.<\/p>\n\n\n\n \u201cThe Center for Internet Security provided 24\/7 security operation center services,\u201d he said. \u201cIf you used their endpoint protection, which you got at a discount, you also had someone looking at it 24\/7, which most municipalities just don\u2019t have. I don\u2019t know how people are going to be able to do that [now].\u201d<\/p>\n\n\n\n Raymond said that CISA, which was founded in 2018 during Donald Trump\u2019s first presidential term, has also been helpful during his tenure, but that he thought of its services as \u201cadditive,\u201d not redundant, as the Department of Homeland Security has claimed in its justification of the recent funding cuts.<\/p>\n\n\n\n \u201cI haven\u2019t heard of a surge in the resources that will be available from CISA to help local government,\u201d Raymond said. \u201cMaybe it\u2019s being planned and announced, but what it does appear is that we\u2019ve diminished a resource that helps those with the most basic needs, and haven\u2019t seen a replacement yet. CIS and MS-ISAC has allowed state and local governments to be better, and it\u2019s not clear how they\u2019re going to continue to maintain that. Some of them just may not be able to afford it any longer.\u201d<\/p>\n\n\n\n Raymond said he was concerned also that the recent cuts could lead to poorer representation of state and local officials as the federal government makes decisions about cybersecurity. The MS-ISAC has been run by a governing board, but Raymond said the cuts could mean he and his counterparts are \u201closing a voice\u201d in explaining their needs and setting the cybersecurity agenda.<\/p>\n\n\n\n If officials are concerned about cuts at the MS-ISAC, officials and industry groups have, in interviews and email exchanges, been almost universally critical in their responses to cuts at the EI-ISAC.<\/p>\n\n\n\n Derek L. Bowens, elections director for Durham County, North Carolina, told StateScoop in an email that the EI-ISAC\u2019s services had been \u201cinvaluable,\u201d and that he hopes to see them restored. Carolina D. Lopez, executive director of the Partnership for Large Election Jurisdictions said the last four elections were made more secure by the EI-ISAC\u2019s \u201ccrucial\u201d efforts to coordinate federal, state, local and tribal governments with security services.<\/p>\n\n\n\n A spokesperson from the Pennsylvania Department of State warned that any interruption to the cybersecurity resources provided by federal agencies could have \u201ca serious impact, especially on our local election officials.\u201d<\/p>\n\n\n\n The Department of Homeland Security\u2019s messaging about the cuts at CISA has been consistent with the moves seen across the federal government since President Donald Trump tasked Elon Musk with maneuvering his Department of Government Efficiency unit through dozens of federal agencies in search of \u201cwaste, fraud and abuse.\u201d A CISA spokesperson told StateScoop that the cuts at CIS were to eliminate redundant services, and pointed out that election infrastructure owners and operators will have access to the same support as other critical infrastructure operators, including incident response and physical security services.<\/p>\n\n\n\n Pamela Smith, the president and chief executive of the election technology nonprofit Verified Voting, argued that given the current threat environment, support for cybersecurity services should be expanding, not shrinking.<\/p>\n\n\n\n \u201cFirst it was cuts at CISA because they didn\u2019t want to have them to have anything to do with mis- and disinformation<\/a>,\u201d she said. \u201cBut if you\u2019ve cut funding for something like EI-ISAC, it goes to the question of whether elections are still considered critical infrastructure. If the improvement of security and resilience of critical infrastructure on which Americans rely is no longer a goal of the department literally named Homeland Security, then they should explain that. I think the American public deserves to know.\u201d<\/p>\n\n\n\n CISA was founded in 2018 after the discovery of Russian meddling in the 2016 presidential election, but the idea of treating elections as part of the United States\u2019s critical infrastructure dates back as far as 2005<\/a>, when the federal government was developing early cybersecurity frameworks.<\/p>\n\n\n\n Since its establishment, CISA has enjoyed status as a respected and nonpartisan source of funding, guidance and direct support for localities\u2019 cybersecurity efforts. But in recent weeks, CISA has been thrown into turmoil by staff reassignments and firings, and leadership changes, Wired reported on Thursday<\/a>. Many of the officials StateScoop interviewed for this story lamented the loss of the sophisticated and cross-disciplinary talent at CISA that was built up over the past seven-plus years.<\/p>\n\n\n\n Kim Wyman, Washington\u2019s former secretary of state, said she\u2019s concerned that recent actions may mean the country takes “a huge step back on its security posture,\u201d and that it could erase the convening power and broad visibility that was offered by the EI-ISAC.<\/p>\n\n\n\n \u201cI think the biggest value and all the insights they provided was having someone that had that birds-eye view, where they\u2019re looking at data from across the entire country, and they can see trends emerging, they can see and put together information from all their sources and give you data that helps you make a better threat assessment,\u201d said Wyman, a Republican.<\/p>\n\n\n\n Visibility of threats, such as the bomb threats at polling places during the 2024 election, and communication with law enforcement, helped minimize disruptions, Wyman said, because in some cases police were able to sweep for bombs and determine whether threats were credible without needing to turn away voters.<\/p>\n\n\n\n \u201cIf you shut a polling place down for an hour, that\u2019s hundreds of voters who weren\u2019t able to cast a ballot,\u201d she said. \u201cAnd now you\u2019re having that ripple effect potentially on the election. All of that information the EI-ISAC was able to compile I think gave election officials on the ground valuable intelligence to be able to make better decisions and respond in a way that\u2019s good for voters and keeps elections safe and secure.\u201d<\/p>\n\n\n\n‘Losing a voice’<\/h3>\n\n\n\n
‘A serious impact’<\/h3>\n\n\n\n
‘A huge step back’<\/h3>\n\n\n\n