Warner bill would revive $50M MS-ISAC funding

Warner’s bill turns last year’s MS-ISAC defunding into a Senate fight over who pays for basic cyber defense at the bottom of government. According to Nextgov/FCW, the measure would require the Cybersecurity and Infrastructure Security Agency to enter a new agreement with the Center for Internet Security, which operates the Multi-State Information Sharing and Analysis Center, and provide services and threat intelligence at no cost to state, local, tribal and territorial governments.

The numbers matter because this is not a boutique program for a few well-staffed state security offices. MS-ISAC serves roughly 19,000 government entities, including smaller jurisdictions that often cannot fund their own threat intelligence and incident response capacity. Warner’s legislation would authorize $50 million a year beginning in fiscal 2027 and require CISA to report to Congress on restoring and expanding participation.

DHS, under former Secretary Kristi Noem, terminated CISA’s funding agreement with CIS and barred certain federal grant funds from being used for membership fees, Nextgov/FCW reported. Warner also sent a letter to Homeland Security Secretary Markwayne Mullin urging DHS to restore support and reverse broader CISA cuts, and he wrote to governors warning that states may need a larger role in defending critical infrastructure as federal programs face uncertainty.

That is the operational problem behind the politics. A large state can build around a lost federal subsidy. A small county, school district or municipal utility usually cannot. If Congress does not restore the money, the practical result is not a cleaner policy architecture. It is fewer subsidized feeds, fewer incident-response handholds and more local governments trying to price ransomware defense like it is optional procurement.