top of page
Search

The Split: CISA and CIS Part Ways—What It Means for National Cybersecurity

  • Writer: echoudhury77
    echoudhury77
  • Sep 30
  • 3 min read
ree

The landscape of U.S. national cybersecurity is undergoing a significant shakeup.


The recent termination of a long-standing cooperative agreement between the Cybersecurity and Infrastructure Security Agency (CISA) and the Center for Internet Security (CIS) has sent ripples across the public and private sectors.

While both organizations remain pivotal to our national defense, the decoupling marks a shift in strategy, particularly affecting critical information-sharing platforms.


What Exactly Happened?


CISA, the federal agency tasked with defending U.S. critical infrastructure, ended its federal funding for several activities under its cooperative agreement with CIS, the independent, non-profit organization that manages widely respected security benchmarks and operates key Information Sharing and Analysis Centers (ISACs).

The most visible cuts impacted the funding for two of CIS's vital programs:

  1. The Multi-State Information Sharing and Analysis Center (MS-ISAC): A central resource for cybersecurity threat intelligence and incident response for state, local, tribal, and territorial (SLTT) governments.

  2. The Election Infrastructure Information Sharing and Analysis Center (EI-ISAC): The primary hub for election-specific cyber threat intelligence and coordination.


CISA cited a need to focus on "mission critical areas" and "eliminate redundancies," arguing that its own direct services to SLTT entities often duplicated what CIS was providing through the federally funded arrangement.


The Immediate Impact on Cybersecurity


The end of this partnership—and the subsequent cut in federal funding—has immediate and far-reaching implications, particularly for state and local government entities:

  • Financial Strain on ISACs: CIS has had to scramble to find alternative funding, transitioning the MS-ISAC to a subscription-based model. This shift means that state and local governments, many of whom operate on shoestring IT budgets, now face a new cost for services that were previously federally subsidized.

  • Reduced Coordination Capacity: The ISACs managed by CIS were instrumental in providing a unified, centralized channel for cyber defense information across thousands of often disparate and under-resourced state and local entities. The loss of coordinated federal backing here could slow down the distribution of crucial real-time threat intelligence.

  • Expertise Flight: As the contracts and funding have been cut, CISA has also seen a significant reduction in its own contracted personnel, including those supporting vital programs like the Joint Cyber Defense Collaborative (JCDC). This reduction in workforce and expertise could impede the agency's operational capacity to analyze and track emerging cyber threats.


The Bigger Picture for National Cyber Resilience


The move signals a philosophical and strategic change in how the federal government is prioritizing its cybersecurity efforts.


A Push for Efficiency vs. Collaboration Loss


CISA's stated goal is to achieve greater efficiency and eliminate redundant services. However, experts warn that the benefits of the CIS partnership—namely its ability to build consensus, maintain a vendor-agnostic posture, and serve as a trusted, non-federal bridge to the private sector and SLTT governments—are difficult to replicate entirely within a federal agency framework.

  • Erosion of Trust and Information Sharing: Information Sharing and Analysis Centers (ISACs) thrive on trust. The sudden withdrawal of federal funding for CIS's successful model may inadvertently create a chill in information sharing, particularly if smaller entities feel less supported or are unable to afford the new, fee-based services.

  • Impact on Critical Infrastructure: State and local governments oversee vast swathes of critical infrastructure, including water, power, public health, and emergency services. Weakening the coordinated cyber defense of these entities through funding cuts and service shifts raises the overall national risk profile.


Focus on Core Mission: A Narrower CISA?


The decision to cut funding aligns with a broader administrative push to narrow CISA's focus toward what some view as its core statutory mission: defending federal networks and the most critical national infrastructure. This refocus risks leaving a gap in the crucial "last mile" of defense for lower-level government entities that rely heavily on the support and resources CIS previously provided.


Looking Ahead: Navigating the New Cyber Landscape


The relationship between CISA and CIS was a foundational element of the U.S. public-private partnership model in cybersecurity. Its dissolution presents both a challenge and an opportunity.


The Challenge: Ensuring that state and local governments—the frontline of defense against many cyberattacks—do not lose access to timely, high-quality, and affordable threat intelligence and incident response support.


The Opportunity: CISA must now double down on demonstrating that its direct services and its Joint Cyber Defense Collaborative (JCDC) can effectively fill the gap and maintain a unified, collaborative defense posture. Simultaneously, CIS will need to successfully transition its vital ISACs to a sustainable, independent model while continuing its influential work on security standards like the CIS Controls and Benchmarks.


For companies and cybersecurity professionals, this split means paying closer attention than ever to how threat intelligence is being disseminated and where your organization falls in the new pecking order of national cyber defense.


The collective security of the nation depends on strong partnerships; hopefully, new, equally robust mechanisms will emerge to replace the collaboration that was lost.

 
 
 

Comments

bottom of page