The federal government cut all funding for the Election Infrastructure ISAC in 2025, leaving rural counties without free cybersecurity tools while facing nation-state threats

In February 2025, CISA withdrew federal support for the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC), which had grown from 25 analysts in 2018 to over 135 regional experts who conducted more than 1,000 vulnerability scans of election systems. In March 2025, CISA cut $10 million in funding for the broader Multi-State ISAC. The proposed fiscal year 2026 budget would eliminate CISA's Election Security Program entirely—$39.6 million and 14 positions. Between February and November 2025, an estimated 1,000 CISA employees were terminated, including specialists who directly assisted state election officials. The impact falls hardest on rural and small counties that relied on free EI-ISAC services because they cannot afford cybersecurity on their own. In Washington state alone, 15 of 39 counties were designated as "cyber-underserved" by the EI-ISAC. These are counties where the election office might be two people who also handle recording, licensing, and vital records. They do not have an IT security team. They were using free EI-ISAC tools for network monitoring, vulnerability scanning, and threat intelligence briefings. Now those tools are gone, and these same counties are still targets for ransomware gangs and foreign intelligence services. Arizona Secretary of State Adrian Fontes said election officials are "effectively flying blind" without CISA's assistance. Maine Secretary of State Shenna Bellows said the federal government "pulled the rug out from under" officials who relied on free EI-ISAC services. The structural problem is that election cybersecurity was never funded as a permanent line item. It was built on top of CISA as a program that could be expanded or eliminated by executive branch decisions, with no dedicated congressional appropriation. County election offices have budgets set by county commissioners who are balancing roads, jails, and social services—a $50,000-per-year cybersecurity contract is a hard sell when the last bridge inspection failed. The result is that election cybersecurity for thousands of small jurisdictions depended on a single federal program that turned out to be politically vulnerable, and when it was cut, there was no fallback.