{"id":211993,"date":"2026-05-11T08:07:00","date_gmt":"2026-05-11T12:07:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/11\/new-cybersecurity-industry-alliance-aims-to-lead-us-critical-infrastructure-protection\/"},"modified":"2026-05-11T09:10:08","modified_gmt":"2026-05-11T13:10:08","slug":"new-cybersecurity-industry-alliance-aims-to-lead-us-critical-infrastructure-protection","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/11\/new-cybersecurity-industry-alliance-aims-to-lead-us-critical-infrastructure-protection\/","title":{"rendered":"New cybersecurity industry alliance aims to lead US critical infrastructure protection"},"content":{"rendered":"

New cybersecurity industry alliance aims to lead US critical infrastructure protection<\/a><\/p>\n

https:\/\/www.cybersecuritydive.com\/news\/critical-infrastructure-cybersecurity-coalition-aci-government\/818662\/<\/a><\/p>\n

Publish Date: 2026-05-11 08:07:00<\/a><\/p>\n

Source Domain: www.cybersecuritydive.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

As some of the organizations that run essential services in the U.S. lose faith in the federal government\u2019s willingness and ability to help them, a few of the biggest critical infrastructure operators are taking matters into their own hands to improve coordination \u2014\u00a0and prepare for a major crisis.
\nIn February, a coalition that includes corporate titans JPMorgan Chase, Mastercard, AT&T and Berkshire Hathaway Energy launched the Alliance for Critical Infrastructure (ACI), vowing to take the lead in helping infrastructure sectors work more closely together to understand and mitigate the shared cybersecurity risks they face. Reading between the lines, the message was clear: The critical infrastructure community, increasingly alarmed at the Trump administration\u2019s retreat from decades-long partnerships, is trying to fill the growing void of coordination and leadership.<\/p>\n

Government budget cuts and personnel losses have made it much harder for agencies to support and advise infrastructure operators, and the White House has encouraged states to take over historically federal responsibilities for protecting local utilities. Amid those changes, infrastructure firms like the ones that founded the ACI say the private sector must step up.
\nBen Flatgard, the ACI\u2019s chairman, noted that the private sector manages the vast majority of U.S. infrastructure. \u201cWe can\u2019t outsource that responsibility or the risk management practices that come along with it,\u201d he said in an interview with Cybersecurity Dive. \u201cWe need to own the solution for that as well.\u201d
\nMany experts say that while the government must retain a leadership role in protecting critical infrastructure, it\u2019s a good sign that private companies want to assume more of the burden.
\n\u201cIf the private sector does not step up to self-organize,\u201d said Brian Harrell, a former assistant director for infrastructure security at the Cybersecurity and Infrastructure Security Agency (CISA), \u201cthe nation faces a period of unprecedented visibility gaps in its most vital systems.\u201d
\n\u2018Changing landscape\u2019 after government cutbacks
\nThe ACI is an evolution of the Tri-Sector Executive Working Group, which united energy, financial services and telecommunications industry leaders and served as a key private sector voice during both the Biden and first Trump administrations. Tri-sector leaders shaped executive-branch policies and legislation, including the influential recommendations of the congressionally chartered Cyberspace Solarium Commission. But despite helping Washington make progress, the companies continually fretted over the fact that infrastructure protection remained heavily siloed.
\n\u201cWe still weren\u2019t getting to the cross-sector component, and we were [just] in our verticals,\u201d Michele Guido, the ACI\u2019s executive director, said in an interview.<\/p>\n

Many infrastructure operators, especially the best-resourced ones,\u00a0have \u201cgotten really good within our silos,\u201d said Flatgard, who leads cybersecurity policy for JPMorgan Chase. But individual corporate efforts won\u2019t be enough to confront a truly wide-ranging crisis, he added.\u00a0
\nThe ACI was formed \u201cto start building those bridges between our sectors,\u201d Flatgard said, because \u201cthere\u2019s serious dependencies that we have on the others to operate our essential services.\u201d<\/p>\n

The second Trump administration\u2019s changes to longstanding public-private partnerships also helped spur the companies to build something new.
\nThroughout 2025, the Trump administration purged CISA, eliminated a public-private coordination channel known as the Critical Infrastructure Partnership Advisory Council and considered shutting down the Federal Emergency Management Agency. \u201cYou just had a changing landscape,\u201d said Guido, the strategic security policy director at the energy giant Southern Company.
\nInfrastructure operators saw the government stepping back and felt a new sense of urgency to move from a supporting role to a leading one.
\nTo that end, the companies in the tri-sector restructured their group as a nonprofit that could recruit more members. The ACI is now creating working groups, defining pilot projects and reviewing membership applications. In addition to its formal members, the group will collaborate with government agencies, sector coordinating councils (SCCs), information sharing and analysis centers (ISACs) and cybersecurity think tanks.
\nThe ACI won\u2019t be a sprawling organization, however. Its leaders want to carefully choose a selection of infrastructure operators with the resources to contribute to its projects. At the same time, the group wants to consult with a wide range of organizations, including small utilities that may have something to teach the bigger players.
\n\u201cSome of them may be less sophisticated in cyber,\u201d Flatgard said, \u201cbut most of them are really good at responding to crises within their business and within their area of expertise. I think we have a lot to learn from those.\u201d<\/p>\n

\u201cWho\u2019s making key decisions on that bad day, from the critical infrastructure perspective? We have continuity of government, but what does continuity of critical infrastructure look like?\u201d<\/p>\n

Michele Guido
\nExecutive Director, Alliance for Critical Infrastructure<\/p>\n

Four-part strategy
\nOver the next 18 months, ACI members will dive into activities that support the four pillars of the group\u2019s strategic plan.
\nThe first pillar will focus on analyzing cross-sector dependencies \u2014 the organizations that support essential services in multiple sectors. \u201cWithin the verticals, you have all these plans, but no plans really come together to understand the cross-sector component,\u201d Guido said. The ACI plans to publish a white paper offering a high-level overview of how each sector operates and how multiple sectors can work together, which will help infrastructure operators better understand each others\u2019 needs.
\nThe strategy\u2019s second pillar will test ways to unite infrastructure sectors in responding to a \u201cpolycrisis\u201d \u2014\u00a0a national-level emergency that simultaneously threatens a wide range of infrastructure, with both physical and digital consequences. \u201cWe want to develop an operational national response event protocol,\u201d Guido said. \u201cWho’s making key decisions on that bad day, from the critical infrastructure perspective? We have continuity of government, but what does continuity of critical infrastructure look like?\u201d
\nSuccess in this area would mean that infrastructure operators could \u201cwork through the fog of war\u201d and smoothly take steps to maintain, rebuild and restart vital services, Flatgard said.
\nAs part of this pillar, Guido said, the ACI is working with CISA to expand the agency\u2019s cybersecurity incident-response playbooks to reflect cross-sector cooperation.<\/p>\n

The third pillar addresses the private sector\u2019s operational support to the government on countering adversaries\u2019 malicious activities, including through expanded information-sharing. The fourth pillar deals with advising policymakers on legislation and regulation, which the ACI\u2019s leaders said will remain important even as companies do more on their own.<\/p>\n

JPMorgan Chase is a founding member of the ACI.
\nMichael M. Santiago via Getty Images
\n\u00a0<\/p>\n

\u2018That\u2019s not how we plan\u2019
\nThe emphasis on cross-sector dependencies \u2014\u00a0areas of risk that no sector can fully understand or mitigate alone \u2014 distinguishes the ACI from other groups. ACI members will focus on evaluating the technologies that invisibly underpin multiple aspects of daily life, from the GPS satellites essential to smartphones, airplanes and tractors, to the undersea cables that connect AI and cloud computing data centers around the world.
\nThe resulting analyses could help businesses across the critical infrastructure community better prepare for major cybersecurity incidents.
\nNatnael Habtesion, the chief security officer at ACI founding member Lumen Technologies, said the new group\u2019s \u201crecognition that threats to one sector rarely stay contained and can have adjacent impacts\u201d is its unique value.
\nThe ACI is especially focused on collaborative planning for a polycrisis. Guido conjured the image of a natural disaster that affects a region of the U.S. at the same time that it\u2019s hit with a major cyberattack. \u201cThat’s not how we plan,\u201d she said.
\nIn the tri-sector\u2019s annual exercises over the past few years, infrastructure operators realized that the same strategies they used to prepare for, say, a geographically limited Category 5 hurricane weren\u2019t very useful in a polycrisis. An environment of multiple simultaneous emergencies \u201cstretches our capacity really thin,\u201d Flatgard said.
\nTaking initiative, with allies and limitations
\nWhile the ACI is still in its infancy, it\u2019s already thinking about how to test the ideas its members come up with. That could include regional pilot programs \u2014 on topics such as incident response, information sharing and service restoration \u2014 involving the most important organizations in a specified area, from water treatment plants to health clinics to military bases.
\nPartnerships with sector-specific groups will be critical to the ACI\u2019s success. The group has already been talking to ISACs and SCCs to reassure them that it understands their role. \u201cWe don\u2019t want this to be duplicative of existing sector functions and apparati,\u201d Flatgard said.
\nErrol Weiss, the Health-ISAC\u2019s chief security officer, said it was essential for the ACI to integrate with information-sharing groups like his. ISACs \u201calready provide operational threat intelligence and sector\u2011specific context,\u201d he said. \u201cDuplicating or bypassing that ecosystem would risk confusion for operators.\u201d<\/p>\n

\u201cThis is a great time for this conversation about the resilience of the technology infrastructure that underpins all of the sectors that the country relies upon.\u201d<\/p>\n

Ben Flatgard
\nChairman, Alliance for Critical Infrastructure<\/p>\n

The ACI\u2019s leaders also want a strong relationship with federal agencies. \u201cWe need the government\u2019s help to be successful,\u201d Flatgard said.
\nCISA recently published guidance to infrastructure operators on maintaining services during a crisis. The agency also plans to assess operators\u2019 resilience through targeted engagements, but CISA\u2019s staffing cuts may limit the scale of that work.
\nIn addition, broader government-industry relationships are currently suffering in the absence of the Critical Infrastructure Partnership Advisory Council (CIPAC) framework, which let government and industry leaders meet privately without antitrust concerns. The Trump administration abruptly eliminated CIPAC with little explanation, and while DHS is developing a replacement, the government isn\u2019t answering infrastructure operators\u2019 questions about it.
\n\u201cWe still have to keep marching forward,\u201d Guido said. The ACI wants a CIPAC replacement, \u201cbut I don\u2019t think we can let it deter us at this point.\u201d
\nThe absence of strong federal partnerships will inevitably hamper companies\u2019 work, experts said.\u00a0
\n\u201cIndependent industry alliances could theoretically move faster than federal bureaucracy, addressing interconnected risks,\u201d Harrell said, but \u201cwithout federal oversight, these groups lack the sovereign intelligence feeds and antitrust immunity that once anchored their operations.\u201d
\nACI leaders said they recognized those challenges. But as their group gets off the ground, they also said they saw lots of opportunities to play a productive role.
\n\u201cThis is a great time for this conversation about the resilience of the technology infrastructure that underpins all of the sectors that the country relies upon,\u201d Flatgard said. \u201cThere\u2019s gonna be some hard truths within our own companies as well in terms of what this means, but that\u2019s why we’re forming this group.\u201d<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

New cybersecurity industry alliance aims to lead US critical infrastructure protection https:\/\/www.cybersecuritydive.com\/news\/critical-infrastructure-cybersecurity-coalition-aci-government\/818662\/ Publish Date: 2026-05-11…<\/p>\n","protected":false},"author":1,"featured_media":211995,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/tvsRfm77SVU1NsuYcr0zwttwTkWhqInYGLW9UpD3crI\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0yMjY4MzgxODEyLmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24],"class_list":["post-211993","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211993"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=211993"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211993\/revisions"}],"predecessor-version":[{"id":211997,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211993\/revisions\/211997"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/211995"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=211993"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=211993"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=211993"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}