Imagine a small county election office in rural America, staffed by just a handful of dedicated workers, suddenly facing a barrage of sophisticated cyberattacks—hacking attempts on voter databases, spoofed websites spreading false information, and even AI-generated misinformation about election results. This isn’t a far-fetched scenario but a stark reality for many under-resourced jurisdictions across the United States as federal funding for critical cybersecurity support has been slashed. State and local election officials, the frontline defenders of democratic integrity, are reeling from the loss of backing for vital Information Sharing and Analysis Centers (ISACs) like the Multi-State ISAC (MS-ISAC) and the Elections Infrastructure ISAC (EI-ISAC). These organizations have been lifelines, offering free or low-cost tools and real-time threat intelligence. Now, with the Cybersecurity and Infrastructure Security Agency (CISA) shifting priorities, officials must navigate a treacherous landscape of escalating cyber threats with fewer resources. The urgency is palpable, and the question looms: how can they adapt to protect the very foundation of democracy?
The Fallout of Federal Funding Cuts
Immediate Challenges for Election Security
The sudden termination of federal funding for ISACs has sent shockwaves through the election security community, stripping away essential support mechanisms that state and local officials have relied upon for years. Previously, these centers provided a robust suite of services, from 24/7 security operations to real-time consultations during election cycles. One of the most significant losses is the nationwide situational awareness room, a critical platform for sharing live threat information on Election Day. Without it, officials are forced to depend on delayed updates, such as bi-hourly reports from EI-ISAC, which pale in comparison to the immediacy of past resources. This downgrade in responsiveness, as seen during a recent statewide referendum in Maine, highlights a dangerous gap in the ability to counter fast-moving cyber threats like website disruptions or misinformation campaigns. The ripple effect is clear: without instant access to shared intelligence, the speed and effectiveness of threat response are severely hampered.
Moreover, the timing of these cuts couldn’t be worse, as cyber threats targeting elections grow more complex and frequent. Nation-state actors, hackers, and even domestic bad actors are increasingly exploiting vulnerabilities in election infrastructure, from voter registration systems to official communication channels. Utah Lt. Gov. Deidre Henderson recently sounded the alarm on the risks of AI-generated fake election results, a tactic that could erode public trust overnight. Without the robust support once provided by ISACs, officials are left playing catch-up, often reacting to breaches rather than preventing them. This shift from proactive defense to reactive scrambling is a direct consequence of federal funding decisions, compounded by internal shake-ups at CISA that have fueled uncertainty about future support. The result is a fractured security landscape where even the most diligent officials struggle to keep pace with evolving dangers.
Vulnerability of Smaller Jurisdictions
For smaller, often rural jurisdictions, the loss of federal funding for ISACs isn’t just a setback—it’s a crisis that threatens the very integrity of their elections. These “cyber underserved” areas, as they’re often called, lack the budget, staff, and technical expertise to independently combat sophisticated threats. Many have historically leaned on ISAC services for everything from threat intelligence to basic cybersecurity training, resources that were once accessible at little to no cost. Now, with federal support gone, these offices face the grim reality of fending off nation-state cyberattacks with outdated systems and minimal resources. The disparity is stark: while larger states or counties might scrape together funds for alternative solutions, smaller players are left exposed, unable to afford even the modest fees introduced by new models. This vulnerability isn’t just a local problem; it’s a national risk, as a breach in one small county could undermine trust in broader election outcomes.
Compounding the issue is the sheer scale of dependence on ISACs among these underserved regions. Leaders like Paul Lux, supervisor of elections in Okaloosa County, Florida, have voiced the frustration of trying to allocate funds for cybersecurity when every dollar is already stretched thin. The fear is palpable—without access to shared intelligence or support, these jurisdictions become easy targets for hackers aiming to disrupt voter rolls or spread disinformation. Moreover, the loss of federal backing sends a discouraging signal, suggesting that election security is no longer a national priority, even as threats escalate. The gap left by ISACs isn’t just technical; it’s psychological, eroding confidence among officials who feel abandoned at a critical juncture. If this divide between well-resourced and under-resourced areas widens, the uneven protection of democracy could have far-reaching consequences.
Adapting to a New Reality
Transition to Fee-Based Membership
In response to the federal funding cuts, the Center for Internet Security (CIS), which oversees the ISACs, has rolled out a fee-based membership model to keep operations afloat—a pragmatic but challenging pivot. Under this new structure, MS-ISAC memberships fund core services, while additional costs for EI-ISAC, such as election-specific intelligence and executive meetings, are covered through tiered fees. So far, about half of the states and over 3,000 local organizations, including 500 election offices, have signed up for paid memberships, a testament to the recognized value of these services. CIS President and CEO John Gilligan views this uptake as a promising sign, suggesting that many see the investment as essential despite tight budgets. However, the transition is far from seamless. For many local governments, the introduction of fees came after budgets were already finalized, leaving little wiggle room to accommodate unexpected expenses.
The financial burden this shift imposes is a bitter pill for cash-strapped entities to swallow. Even fees as low as $1,000 can be prohibitive for small counties or towns already juggling competing priorities like infrastructure or public safety. This model, while necessary to sustain ISAC operations, risks creating a two-tiered system where only those with means can access top-tier cybersecurity support. Maine Secretary of State Shenna Bellows has described the funding cut as akin to having the rug pulled out from under election officials, and the added pressure of fees only deepens the sense of betrayal. While CIS is working to mitigate the impact, the reality is that some jurisdictions may have to forgo critical services altogether if they can’t pay. This raises tough questions about how to balance fiscal sustainability with the urgent need to protect elections, a dilemma that officials are wrestling with in real time as they adapt to this new financial landscape.
Strategies for Equitable Access
To ease the burden of the fee-based model, CIS has taken steps to ensure that no jurisdiction is immediately left behind, at least for now. Temporarily covering costs for non-paying members is one such measure, allowing continued access to core services while funding solutions are ironed out. This stopgap approach has been a lifeline for many, giving breathing room to thousands of local entities that might otherwise be cut off from vital threat intelligence. Additionally, there’s discussion of offering reduced-cost or critical-services-only options in the future, a potential compromise to keep essential support within reach for the most vulnerable areas. These efforts reflect a commitment to equity, acknowledging that the mission of protecting election integrity can’t hinge solely on financial capacity. Yet, the long-term viability of such accommodations remains uncertain, as CIS must eventually balance its own operational needs with widespread access.
Another promising strategy is the push for statewide memberships, which could streamline resources and foster tighter collaboration between state and local governments. The idea is simple but powerful: states that opt for comprehensive memberships can cover their local jurisdictions, ensuring broader access to ISAC services without placing the burden directly on smaller entities. This cooperative model could bridge the gap for cyber underserved areas, creating a more unified front against threats. Gilligan has expressed hope that more states will adopt this approach, seeing it as a way to rebuild the collaborative spirit that ISACs were founded on. However, challenges persist, as not all states have the political will or fiscal flexibility to take on this responsibility. As these strategies unfold, the focus remains on finding a sustainable path that doesn’t leave the most vulnerable behind, a delicate balancing act in an era of constrained resources and escalating cyber risks.
Looking to the Future
Building Resilience Amid Uncertainty
Despite the daunting challenges posed by federal funding cuts, there’s a steely determination among stakeholders to keep ISAC services operational and relevant. Alternative funding models are being explored with urgency, from private partnerships to state-driven initiatives that could supplement the fee-based structure. Additionally, CIS is innovating new methods for information sharing, aiming to maintain the flow of critical intelligence even if traditional platforms face constraints. This adaptability signals a broader shift in mindset—from relying on federal largesse to forging resilient, self-sustaining systems that can weather policy shifts. The resolve is evident in statements from leaders like Gilligan, who insist that MS-ISAC and EI-ISAC will endure with enough participation. This isn’t just about survival; it’s about reimagining how election security can be safeguarded in a landscape of uncertainty, ensuring that no election cycle is left unprotected by design or default.
Equally critical to this resilience is the continued sharing of federal threat intelligence, a lifeline that keeps ISACs tethered to vital insights even as funding dries up. This ongoing collaboration with agencies like CISA, though scaled back, provides a foundation on which officials can build their defenses. It’s a reminder that while federal priorities may shift, the underlying commitment to countering cyber threats hasn’t vanished entirely. Looking ahead, the emphasis must be on expanding these channels of communication, ensuring that every jurisdiction—regardless of size or budget—has access to the latest threat data. The narrative of adaptation is taking shape, with stakeholders recognizing that protecting election integrity requires not just resources but relentless creativity. As these efforts gain traction, the hope is to craft a security framework robust enough to withstand both current challenges and whatever unknowns lie on the horizon.
Charting a Path Forward
Reflecting on the upheaval caused by these funding cuts, it’s evident that the journey to bolster election cybersecurity took a sharp turn when federal support was withdrawn. State and local officials faced immediate setbacks, scrambling to fill gaps left by the loss of ISAC resources while confronting ever-evolving threats. Yet, amid the struggle, a foundation for recovery was laid through CIS’s fee-based model and temporary cost relief for struggling jurisdictions. The collective push for statewide memberships and innovative collaboration stood as a testament to the grit of those committed to safeguarding democracy. These steps, taken in a climate of uncertainty, showed that adaptation was not just possible but necessary.
Now, the path forward demands sustained action and fresh solutions. Stakeholders should prioritize securing long-term funding—whether through renewed federal commitment or novel state-local partnerships—to stabilize ISAC operations. Equally urgent is the need to develop tailored support for cyber underserved areas, ensuring no corner of the nation remains a weak link. By investing in scalable, accessible cybersecurity tools and fostering deeper intergovernmental cooperation, officials can build a fortified defense against future threats. The road ahead won’t be easy, but with focused effort, the integrity of elections can be upheld as a shared national priority.
