The United States federal government has ended its longstanding support for the Multi-State Information Sharing and Analysis Center (MS-ISAC), a trusted program for sharing cyber threat intelligence that state and local governments have relied on for years.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed that its cooperative agreement with the Center for Internet Security (CIS)—the nonprofit that runs MS-ISAC—expired on September 30, 2025. With federal funding now cut, the future of MS-ISAC is uncertain.
At the same time, CISA is pivoting toward a new model of direct support for state, local, tribal, and territorial (SLTT) governments. "CISA is committed to strengthening the cybersecurity resilience of our state, local, tribal, and territorial partners by ensuring they have access to funding, tools, and expertise to lead at the local level," the agency said in its announcement.
Under its updated approach, CISA will continue to offer SLTT governments grant funding, no-cost cybersecurity services and tools, performance goals and evaluation frameworks, and support from regional cybersecurity coordinators. The agency also plans to maintain regular bi-monthly operations calls to provide timely updates on emerging threats.
Still, the expiration of the State and Local Cybersecurity Grant Program—which provided $1 billion in funding during the pandemic—raises concerns about whether resource-limited governments can sustain these programs and continue to mature their defenses.
Experts say the transition could create both risks and opportunities. Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck, cautioned that removing federal support may weaken local cyber defenses. He noted that "nation-state actors and cybercriminals look for the weakest points in our infrastructure." He emphasized that MS-ISAC has long ensured the critical sharing of information so that localities don't fall victim to threats that others have already encountered. Without dedicated support, he said, sustaining and evolving these programs will be difficult.
Others believe the shift could empower local governments. Kevin E. Greene, Chief Cybersecurity Technologist for Public Sector at BeyondTrust, argued that allowing CISA to "quarterback" cybersecurity for SLTTs is aligned with its mission. He pointed to the grant funding and no-cost services that CISA continues to offer, saying these resources can help SLTT entities build sustainable, in-house cyber capabilities and prioritize investments that match their unique needs.
That optimism comes with a caveat. Chad Cragle, CISO at Deepwatch, warned that any transition away from a trusted model, such as MS-ISAC, carries the risk of disruption. The key, he said, will be execution: "If SLTTs experience continuity in threat intel, incident coordination, and daily support, this shift could be neutral or even positive. But gaps in communication or support could create real challenges."
The financial strain on small agencies may be the most immediate impact. Jason Soroko, Senior Fellow at Sectigo, explained that with the State and Local Cybersecurity Grant Program going dark, many governments will face shortfalls that could stall projects such as zero trust pilots, multifactor authentication rollouts, or backup modernization. "Every delayed patch and unmonitored alert may result in a wider window of opportunity for attackers," Soroko warned, adding that communities with the least resources will be most exposed.
While MS-ISAC is no longer federally funded, experts stressed that collaboration does not have to end. CISA can still coordinate with the organization through memoranda of understanding and other agreements to maintain vital information-sharing relationships.
The real test will be whether CISA's new approach can preserve the trust, continuity, and rapid exchange of information that the MS-ISAC cultivated, while simultaneously giving SLTT governments greater autonomy and direct resources. If successful, the change could help local governments mature their cyber defenses faster. If not, it could leave critical gaps in the nation's digital frontline.
Follow SecureWorld News for more stories related to cybersecurity.