The Multi-State Information Sharing and Analysis Center (MS-ISAC) lost all federal funding on Oct. 1, 2025. The nonprofit organization, which serves as the central cybersecurity resource for state, local, tribal and territorial governments, was forced to switch to a fee-based membership model.
Membership fees are now based on an organization’s operating budget, with tiered options available for different needs. MS-ISAC is also offering incentives to help government agencies make the transition, including 18 months for the price of 12. The State of Texas has stepped up with a statewide membership, enabling more than 6,000 entities within the state to continue receiving MS-ISAC services.
However, MS-ISAC expects to lose two-thirds of its state agency members and thousands of local governments. These are entities with very limited budgets — those that struggle most to combat rising cyber threats.
Few state and local governments can replicate MS-ISAC services by purchasing a comprehensive suite of security tools and hiring the skilled professionals needed to utilize them. Managed security services are a better option that can fill security gaps cost-effectively.
What State and Local Governments Are Losing
As the name suggests, MS-ISAC’s primary function is information sharing. It facilitates the transfer of cybersecurity intelligence between the federal government and state and local governments, as well as with private-sector partners.
Information sharing plays a vital role in cybersecurity. Pooling information enables organizations to detect attacks faster, respond more quickly and implement proactive measures. It reduces costs and duplicative efforts and allows smaller organizations to leverage the knowledge and capabilities of larger groups. Through collaboration, organizations can identify and defend against sophisticated threats that no single entity can combat alone.
Needless to say, losing this collaborative service is a setback for state and local governments. However, entities are losing access to other capabilities as well. MS-ISAC provides real-time network monitoring, threat analysis and early warning notifications. It offers vulnerability assessments and expert assistance with incident response and remediation.
MS-ISAC also develops and distributes strategic, tactical and operational intelligence, including advisories and alerts regarding the latest threats and vulnerabilities. It conducts training sessions and provides webinars, guides and monthly newsletters to increase cybersecurity awareness.
What They Gain from Managed Security Services
Managed security services offer a budget-friendly alternative. Best-in-class solutions provide around-the-clock monitoring by trained and certified security analysts, enabling the early detection of security threats. When a security incident is identified, the MSSP’s security pros respond rapidly to mitigate the threat and limit damage.
Qualified MSSPs subscribe to threat intelligence services and use intelligent analysis to correlate events and alerts. This allows the MSSP to detect and determine the impact of sophisticated multi-vector threats. The MSSP’s experts also use various tools and their experience and judgment to hunt for anomalies and suspicious activities.
The MSSP can perform regular security audits and assessments to evaluate the organization’s security posture, and scan for and help remediate security weaknesses. Real-time dashboards, comprehensive reporting and periodic business reviews help IT teams and executive leadership prioritize initiatives and make more-informed decisions.
Best-in-class MSSPs also give customers access to the latest security tools. The MSSP may bundle firewalls, intrusion detection systems and other tools with the monthly service. The MSSP’s team manages and tunes these security tools to ensure they provide optimal protection.
Choosing the Right MSSP
Managed security services can help state and local governments manage costs and close staffing gaps while bolstering security. However, it is critical to choose the right solution.
State and local governments should prioritize MSSPs with public-sector experience and expertise in relevant regulatory requirements. They should look for an MSSP that understands their unique governance and service delivery models and offers tailored solutions that fit specific agency needs. Services should align with IT roadmaps and be able to scale as requirements change.
Entities should evaluate the MSSP’s use of modern tools and automated, AI-powered platforms. Of course, 24×7 monitoring, fast incident response and clear communication are table stakes.
Cerium has a long history of delivering managed security services to state and local governments. We have made significant investments in the latest tools, enabling us to offer enterprise-class capabilities. Our team continually monitors our customers’ environments and provides advanced services through our Security Operations Center. Let us show you how our managed security services address your unique needs while reducing risk and increasing operational efficiency.
