U.S. Sen. Mark Warner (D-VA) introduced legislation to fund a cybersecurity renounces and monitoring program, while urging the U.S. Department of Homeland Security to prioritize cyber security for states across the country.
Warner introduced the Guaranteeing Universal Access to Cybersecurity Act that would fund the Multi-State Information Sharing and Analysis Center (MS-ISAC), a program that provides free cybersecurity resources and monitoring to 19,000 state, local, territorial, Tribal organizations and communities (SLTT). Former DHS Secretary Kristi Noem terminated funding for MS-ISAC last year, and banned federal grant funding from being used by SLTT for membership in the MS-ISAC. Many of those municipal organizations have since been forced to wait to fund the memberships, creating a dangerous gap in protecting their critical infrastructure, Warner’s office said.
In a letter to U.S. Department of Homeland Security Secretary Markwayne Mullin, Warner urged DHS to prioritize the Cybersecurity and Infrastructure Security Agency (CISA) and to fund MS-ISAC.
“I urge you to prioritize the Cybersecurity and Infrastructure Security Agency (CISA) – restore its budget, hire subject matter experts and leaders with experience defending critical infrastructure and cyberspace, and let the talented and capable CISA staff do their jobs to protect the nation,” Warner wrote to Mullin. “Fixing CISA will take time, but you can make immediate progress by restoring CISA’s cooperative agreement and funding with the Multi-State Information Sharing and Analysis Center (MSISAC).”
Warner also sent a letter to every governor in the country, explaining the risk facing critical infrastructure, as well as the hazards caused by the “sabotage” of CISA, and outlined steps governors could take to protect the national security, economy and public health.
“I write to you as the senior Senator for the Commonwealth of Virginia and its former Governor. I do so with urgency as the critical infrastructure in your state faces growing and underappreciated threats from adversaries wielding artificial intelligence (AI) tools capable of debilitating our national security, economy, and public health,” he wrote to governors. “This reality is worsened by the abdication of leadership at the Federal agencies charged with protecting America’s critical infrastructure. As a result, your leadership in protecting critical infrastructure has never been more vital; I urge you to take the necessary steps to immediately harden that infrastructure to reduce vulnerabilities and defend your state and our nation.”
Warner’s legislation would mandate $50 million for FY 27 and each fiscal year thereafter for MS-ISAC, and would direct the director of CISA to enter into an agreement with the group that runs MS-IAC, the Center for Internet Security, to provide no-cost cybersecurity services, cyber threat intelligence collection and dissemination, and technical assistance to SLTT. It also directed the director to conduct additional outreach to restore MS-ISAC membership to those lost during defunding and to expand access to SLTT entities not previously members of MS-ISAC. The legislation would require CISA to report to Congress on the number of re-enrolled and new members to MS-ISAC, and any barriers to participation.
In the meantime, Warner said governors could convene regional working groups to establish a baseline for the tools, talent and communication channels necessary to protect against future risks, to directs a statewide critical infrastructure audit to identify vulnerabilities and fund mitigations, to increase engagement with regional information sharing organizations, and to identify under-resourced operators who lack baseline cybersecurity capacity.
Warner also urged governors to demand the appropriate resourcing in funding and personnel for the federal agencies that partner with state and local governments, critical infrastructure owners and operators and other stakeholders with the mission of protecting critical U.S. infrastructure.