Proposed DHS budget jeopardizes local cyber defenses

• But the Trump administration is pushing to cut funding for an organization that has been helping these entities detect and defend against cyberattacks for decades.

Driving the news: Federal funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC) is set to expire on Sept. 30, and the Department of Homeland Security has no plans to request additional dollars.

• MS-ISAC, housed within the Center for Internet Security (CIS), has spent the last 20 years helping state, local and territorial governments share threat information and access tools to bolster their defenses.
• DHS has also not said whether it will renew its cooperative agreement with MS-ISAC. Declining to do so could jeopardize the program's access to federal threat intel.

Catch up quick: In March, DHS slashed $10 million from MS-ISAC's budget, representing about half of its funding at the time.

• Now the program is at risk of losing all $27 million in federal support, the group's leaders told Axios.

What they're saying: "This is the risk for me: that real-time, actionable information that we can share on a national platform with state and local law enforcement ceases to come," Orange County Sheriff Don Barnes, an MS-ISAC member, told Axios. "Then, we're in the dark."

The big picture: Investigating cyber threats is like solving a puzzle — and each tech vendor, company and agency has a different piece.

• Only when they share intelligence can potential victims see the full picture and take action to stop attackers.
• But threat sharing is complicated without groups like MS-ISAC. Organizations worry that detection tools could be leaked or that they could face lawsuits for flagging intrusion attempts.

Between the lines: The Trump administration has pushed to shift the burden of securing critical infrastructure to the states — prompting budget cuts at DHS and other agencies.

• But cutting MS-ISAC funding could undercut states' ability to build up their own defenses.
• "State and local organizations are literally on the front lines of defense for this nation," CIS CEO John Gilligan told Axios. "Our national security depends on the ability of our state and local folks to be able to operate critical infrastructure through these attacks."

Threat level: State and local government entities include schools, utilities and emergency services.

• Hackers have hit everything from 911 dispatch centers to jail management systems, said John Cohen, executive director of CIS' hybrid threats program and a former DHS official.
• "When those occur, if the departments aren't able to withstand those attacks or respond and be resilient to those attacks, it forced them to change their operational capabilities," Cohen said.

Zoom in: Among the emerging threats are drug cartels leveraging cyberattacks to support their operations, Gilligan said.

• "The current administration is making a significant push to expand our efforts to deal with violent gangs, drug trafficking and certain types of terrorist activities," Gilligan said.
• Yet, by cutting funding to threat information sharing, "they actually may be directly undermining the ability to achieve their objectives," he added.

The intrigue: If federal funding ends, MS-ISAC plans to move to a paid membership model.

• But DHS officials have also restricted how state and local governments can use existing federal cyber grants, barring them from using the funds to cover the cost of MS-ISAC membership.
• CIS is eyeing ways to make the new membership affordable in lieu of this support, including through discounted and free memberships.

What to watch: Congressional appropriators have already walked back some of the Trump administration's deeper cyber funding cuts.

• CIS will spend the coming weeks making the case on Capitol Hill that the proposed cuts would harm state and local governments.