Votebeat is a nonprofit news organization reporting on voting access and election administration across the U.S. Sign up for Votebeat’s free national newsletter here.
A nonprofit agency that suddenly lost some of the federal funds it used to provide crucial election security support to states gave more details about the effect of the cuts in an email sent to state government officials on Wednesday.
In a memo obtained by Votebeat, the Center for Internet Security said it is evaluating the impact of the funding cuts and will continue providing many services as it does so, though it didn’t address how long that would continue. Those services include help responding to cybersecurity incidents such as hacking and ransomware attempts, and coordinated sharing of data about threats that can help election officials assess whether something is an isolated event or part of a larger attack.
CIS promised regular updates as it works “to determine how best to support these critical services without federal funding.”
Several states have passed laws in recent years banning private funding or support for election offices, limiting their ability to seek outside help. The CIS memo appears to acknowledge that some state and local officials might need to withdraw from services because of those laws.
“It is recommended that elections organizations contact their local counsel for advice regarding acceptance of services that are not federally funded,” the organization wrote in the memo.
The cuts reflect a broader shift in priorities at the U.S. Cybersecurity and Infrastructure Security Agency under the Trump administration, which says it is refocusing on “mission-critical areas” and cutting services it considers redundant. CISA is part of the Department of Homeland Security.
Election officials are still evaluating what the changes will mean, said Amy Cohen, executive director of the National Association of State Election Directors.
CISA confirmed this week that it had cut $10 million in federal funding for activities under its cooperative agreement with the Center for Internet Security, citing a need to eliminate overlap and redirect resources. A spokesperson said some services — including stakeholder engagement, cyber threat intelligence, and cyber incident response — were deemed “duplicative” and no longer aligned with department priorities. A CISA spokesperson declined to comment further on how these programs were duplicative.
The cuts target two clearinghouses run by CIS: the Multi-State Information Sharing and Analysis Center, or MS-ISAC, and the Election Infrastructure Information Sharing and Analysis Center, EI-ISAC, which provide cybersecurity intelligence, monitoring, and coordination for state and local governments.
The MS-ISAC serves a broad range of government agencies, while EI-ISAC was created specifically to help election officials with targeted threat analysis, real-time alerts, and response support.
CISA had already informed election officials in a March 3 email, obtained exclusively by Votebeat, that it was cutting all funding for EI-ISAC. The agency also confirmed that funding for certain MS-ISAC activities was also being eliminated. According to a CISA spokesperson, the work previously done under MS-ISAC and EI-ISAC “no longer effectuates department priorities.”
The $10 million budget cut represents only a portion of what the Center for Internet Security receives from CISA, so the organization is able to continue some services. It received $27 million in fiscal 2024, according to a federal government website with information on federal spending.
Still, the cuts mark a significant shift in the federal government’s relationship with state election offices, which have depended on CISA and its partners for cybersecurity support. The EI-ISAC, which was established in 2018 following concerns over Russian interference in the 2016 election, has been completely defunded, and the scope of work under MS-ISAC has been reduced.
Many election officials consider these services essential, particularly those without in-house information technology support. Among the services the CIS memo says will continue for now: Albert network monitoring, which helps detect cyber threats targeting state and local government systems. Website protections will also remain in place, preventing users from accidentally accessing dangerous websites that could spread malicious software. Other cyber monitoring services will also continue.
The MS-ISAC executive committee said in its memo that it first learned about the funding cuts on March 6. The next day, Homeland Security Secretary Kristi Noem responded to concerns that state officials raised in a Feb. 21 letter, assuring them that election offices could still access services through CISA security advisers and MS-ISAC.
Noem also said CISA would continue offering cyber and physical security assessments, incident response planning resources, and incident simulations known as tabletop exercises — services election officials had feared losing. But many things remain unclear, as she also acknowledged that CISA is still conducting an internal review of “all election security-related funding, products, services, and positions.”
With the lack of clarity on CISA’s role, Arizona Secretary of State Adrian Fontes’ office is proposing another course — using state funds to pay into CIS or another nonprofit for the services it continues to provide to election officials.
Having states pay into the system may get around laws banning private donations, a spokesperson for Fontes’ office said, and prevent it from becoming overly politicized.
Jessica Huseman is Votebeat’s editorial director and is based in Dallas. Contact Jessica at jhuseman@votebeat.org.
Jen Fifield is a reporter for Votebeat based in Arizona. Contact Jen at jfifield@votebeat.org.
