Warner Will Introduce Bill to Fund Critical Cyber Information Sharing Program, Urges Mullin to Help Governors Defend Our Country from Cyberattacks

WASHINGTON – Today, U.S. Sen. Mark R. Warner (D-VA) announced a collective effort to help all levels of government defend themselves against cyber-attacks. He is introducing the Guaranteeing Universal Access to Cybersecurity Act , legislation that would fund the Multi-State Information Sharing and Analysis Center (MS-ISAC), a decades-old program that provided free cybersecurity resources and monitoring to 19,000 state, local, territorial, Tribal organizations and communities. Sen. Warner sent a letter to Department of Homeland Security (DHS) Secretary Markwayne Mullin urging DHS to prioritize the Cybersecurity and Infrastructure Security Agency (CISA) and to fund MS-ISAC, and a letter every governor in the country, explaining the risk facing critical infrastructure, the hazards caused by the Trump administration’s politically-motivated sabotage of CISA, and advocates for steps the governors can take to protect our national security, economy, and public health. Last year, then-DHS Secretary Kristi Noem terminated funding for MS-ISAC and banned federal grant funding from being used by states, localities, Tribes, and territories (SLTT) and other organizations for membership in the MS-ISAC. Many SLTT and organizations have been forced to wait to fund these critical memberships, creating a dangerous gap in protecting their critical infrastructure. The Guaranteeing Universal Access to Cybersecurity Act would: Direct the Director of CISA to enter into an agreement with the group that runs MS-ISAC, the Center for Internet Security, to provide no-cost cybersecurity services, cyber threat intelligence collection and dissemination, and technical assistance to SLTT. Direct the Director to conduct additional outreach to restore MS-ISAC membership to those lost during the defunding and expand access to SLTT entities not previously members of MS-ISAC, serve critical infrastructure sectors, maintain data sharing with the FBI to enhance the national cyber threat intelligence ecosystem. Direct CISA to report to Congress on the number of re-enrolled and new members of MS-ISAC, and any barriers to participation. Mandate $50 million for FY27 and each fiscal year thereafter to support MS-ISAC. In a letter to Department of Homeland Security Secretary Markwayne Mullin, Sen. Warner wrote , “I write you urging you to correct your predecessor’s abdication of responsibility to defend our nation from cyberattacks. The entirety of America’s critical infrastructure are in grave danger from our adversaries and criminals using the latest artificial intelligence (AI) enabled tools to find vulnerabilities and exploit them for financial gain, to create chaos, or both. I urge you to prioritize the Cybersecurity and Infrastructure Security Agency (CISA) – restore its budget, hire subject matter experts and leaders with experience defending critical infrastructure and cyberspace, and let the talented and capable CISA staff do their jobs to protect the nation. Fixing CISA will take time, but you can make immediate progress by restoring CISA’s cooperative agreement and funding with the Multi-State Information Sharing and Analysis Center (MSISAC).” CISA’s abrupt cancelation of MS-ISAC funding not only endangered national security, but it placed an unanticipated, costly item on SLTT budgets and undeserved pressure on leaders to shoulder the burden of protecting critical infrastructure without access to the full threat picture that the MS-ISAC provided. Many communities, particularly small and rural communities, cannot access MS-ISAC without federal support and every community in America is more vulnerable without the MS-ISAC serving as a national hub for community defense coordination. Defunding critical infrastructure protections has led to information silos and deprived communities across the nation of the ability to collaborate on securing our critical infrastructure – the foundation of America’s national security, our economy, and our public health and safety. “Critical infrastructure owners, operators, law enforcement, and SLTT leaders are worried; they need CISA back to full strength, and soon.3 I am working to restore CISA and the federal government’s leadership to protect our critical infrastructure, and I hope you will join me,” Sen. Warner continued . “I am introducing legislation to restore CISA and the federal government’s full capability to protect our critical infrastructure by reinstating and expanding federal funding for the MS-ISAC. This will ensure states, localities, Tribes, and territories can access the tools and information necessary to protect their critical infrastructure. I would like you to join me in convening Governors and leading AI companies to understand AI’s risks to critical infrastructure and how to use the same technology to defend against them.” Sen. Warner concluded with inviting Sec. Mullin to reach out to him directly to make sure our critical infrastructure holds, because this is too important to let politics get in the way. In letters to governors, Sen. Warner wrote, “I write to you as the senior Senator for the Commonwealth of Virginia and its former Governor. I do so with urgency as the critical infrastructure in your state faces growing and underappreciated threats from adversaries wielding artificial intelligence (AI) tools capable of debilitating our national security, economy, and public health. This reality is worsened by the abdication of leadership at the Federal agencies charged with protecting America’s critical infrastructure. As a result, your leadership in protecting critical infrastructure has never been more vital; I urge you to take the necessary steps to immediately harden that infrastructure to reduce vulnerabilities and defend your state and our nation. I encourage you to collaborate with your fellow governors, regionally and nationwide, along with the critical infrastructure and local leaders in your communities, to assess vulnerabilities, reevaluate risk tolerance for impacts caused by vulnerability remediation, and harden the critical infrastructure to intrusion and attack.” He noted the devastating effects that attacks on critical infrastructure can have. For example, a successful attack on the power grid can disable water treatment operations, which can shut down hospitals and schools, causing chaos and potentially costing lives. AI has lowered the barrier to entry for powerful cyberattacks and ransomware attacks are increasing in frequency and scale. Sen. Warner offered concrete actions governors can take today to better secure critical infrastructure: Convene a regional working group with state government and critical infrastructure owners and operators to establish a baseline for the tools, talent, and communication channels necessary to deploy the latest technology to not only identify and remediate vulnerabilities but anticipate and prevent future risks; Direct a statewide critical infrastructure audit to identify the most vulnerable operators and fund mitigations; Increase engagement with regional information sharing organizations, like fusion centers, that share threat intelligence and coordinate responses; Identify under-resourced operators who lack baseline cybersecurity capacity and broker partnerships or funding mechanisms to bring them up to a defensible standard; Demand the appropriate resourcing in funding and personnel for the federal agencies that partner with state and local governments, critical infrastructure owners and operators, and other stakeholders with the mission of preventing harm to U.S. critical infrastructure. Sen. Warner concluded with emphasizing that the threats we face do not respect state borders or party lines and encouraging governors to reach out on how to coordinate to better protect their community. Read the bill text here , the full letter to Sec. Mullin here , and the letter to governors here . ###