{"id":239181,"date":"2026-07-01T05:56:00","date_gmt":"2026-07-01T09:56:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/01\/critical-infrastructure-cybersecurity-practical-law-the-journal\/"},"modified":"2026-07-01T06:55:08","modified_gmt":"2026-07-01T10:55:08","slug":"critical-infrastructure-cybersecurity-practical-law-the-journal","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/01\/critical-infrastructure-cybersecurity-practical-law-the-journal\/","title":{"rendered":"Critical Infrastructure Cybersecurity | Practical Law The Journal"},"content":{"rendered":"<p><a href=\"https:\/\/www.reuters.com\/practical-law-the-journal\/transactional\/critical-infrastructure-cybersecurity-2026-07-01\/\">Critical Infrastructure Cybersecurity | Practical Law The Journal<\/a><\/p>\n<p><a href=\"https:\/\/www.reuters.com\/practical-law-the-journal\/transactional\/critical-infrastructure-cybersecurity-2026-07-01\/\">https:\/\/www.reuters.com\/practical-law-the-journal\/transactional\/critical-infrastructure-cybersecurity-2026-07-01\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-01 05:56:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.reuters.com\">www.reuters.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. Cyberattacks and data breaches continue to increase in frequency and magnitude. Organizations that provide essential services across the US:Are often the targets of:specific nation-state threats; andopportunistic cybercriminal attacks.Must manage their cyber risks with reasonable security practices, including preparing to respond effectively to cyber incidents.Understanding the wide range of critical infrastructure entities, their interconnections and dependencies, including supply chain relationships, and their vital role in national security can be challenging. This article provides an overview of US critical infrastructure and cybersecurity-related issues, specifically:The definition and scope of critical infrastructure, including federal agency roles.The 16 critical infrastructure sectors, including their subsectors, sector risk management agencies (SRMAs), and sector-specific plans.Cybersecurity program guidance.Cyber incident reporting expectations and evolving obligations.(For a collection of resources on cybersecurity concepts and programs, see Cybersecurity Toolkit (US) on Practical Law.)National Security Memorandum-22 (NSM-22) broadly defines critical infrastructure as \u201cthe physical and virtual assets and systems so vital to the Nation that their incapacity or destruction would have a debilitating impact on national security, national economic security, or national public health or safety\u201d (NSM-22, Critical Infrastructure Security and Resilience, 2024 WL 1883227, at *1 (Apr. 30, 2024)). The critical infrastructure community:Spans 16 defined sectors.Includes both public and private owners and operators. Critical infrastructure entities must take reasonable security measures to ensure the safety and resilience of their essential products, services, and facilities. This includes addressing cybersecurity-related issues and obligations, as well as physical, human, and other related risks.The Department of Homeland Security (DHS) coordinates overarching critical infrastructure protection planning and cross-sector activities, primarily through CISA.The CISA cybersecurity strategic plan, which is regularly updated, supports the agency\u2019s mission of defending the systems and assets that constitute the nation\u2019s critical infrastructure. It sets three goals, specifically to:Address immediate threats, supported by objectives to:increase visibility into and the ability to mitigate cybersecurity threats and campaigns;coordinate the disclosure of, hunt for, and mitigation of critical and exploitable vulnerabilities;plan for, exercise, and execute joint cyber defense operations; andcoordinate the response to significant cybersecurity incidents.Harden the terrain, bolstered by objectives to:understand how attacks occur and how to stop them;drive implementation of measurably effective cybersecurity investments; andprovide cybersecurity capabilities and services that fill gaps and help measure progress.Drive security at scale, reinforced by objectives to:contribute to efforts to build a national cyber workforce;understand and reduce cybersecurity risks posed by emergent technologies; anddrive development of trustworthy technology products. (CISA: FY2024-2026 Cybersecurity Strategic Plan.)Critical infrastructure entities must take reasonable security measures to ensure the safety and resilience of their essential products, services, and facilities. This includes addressing cybersecurity-related issues and obligations, as well as physical, human, and other related risks.CISA offers resources that stakeholders, including critical infrastructure owners and operators, regional planning entities, and state, local, tribal, and territorial (SLTT) governments, can use to:Identify and manage a broad set of risks.Increase critical infrastructure resilience and security. (See CISA: Infrastructure Resilience Planning Framework (IRPF); see Box, Critical Infrastructure Protection History and Development below.)The US classifies critical infrastructure into 16 sectors. For each of these sectors, this article:Lists the types of entities, facilities, or services included, as well as any subsectors, segments, functions, or taxonomy that the sector participants commonly use.Identifies one or more SRMAs designated in NSM-22.Provides a link to the DHS-posted sector-specific plan, which generally addresses cyber, physical, and human elements in a sector-specific annex to the National Infrastructure Protection Plan (NIPP) (see Box, Critical Infrastructure Protection History and Development below). Some sector links provide general guidance and resources with information regarding planning and implementation activities.The chemical sector is involved in the manufacturing, use, storage, and transportation of often dangerous chemicals throughout the global supply chain. Some end users of the over 70,000 products that the chemical sector entities create are in other critical infrastructure sectors. The following information applies to the chemical sector:Subsectors, segments, functions, or taxonomy: basic chemicals (for example, ethanol, sodium chloride, and sulfuric acid);specialty chemicals (for example, adhesives, flavors and fragrances, explosives, and food additives);consumer products (for example, toothpaste, detergents, paints, and soaps);pharmaceutical products (for example, medicines, biological products, diagnostic substances, and vitamins); andagricultural chemicals (for example, pesticides, insecticides, and fertilizers).SRMA: DHS.Sector-specific plan or guidance: Chemical Sector-Specific Plan. (See CISA: Chemical Sector.)The commercial facilities sector includes places that attract significant numbers of people. Although these facilities are typically open to the public, most of them are privately owned and operated. The following information applies to the commercial facilities sector:Subsectors, segments, functions, or taxonomy:entertainment (for example, broadcast media and motion picture studios);gaming (for example, casinos);lodging (for example, motels, hotels, and campgrounds);outdoor events (for example, parades, marathons, parks, exhibitions, and amusement parks);public assembly (for example, arenas, zoos, aquariums, museums, stadiums, and convention centers);real estate (for example, office and apartment buildings, condominiums, mixed-use facilities, and self-storage facilities);retail (for example, shopping malls and retail centers and districts); andsports leagues (for example, professional sports leagues and federations).SRMA: DHS.Sector-specific plan or guidance available at CISA: Commercial Facilities Sector.The communications sector gives people the ability to instantly access information through the internet and contact others. It also provides an enabling function to businesses, organizations, and other critical infrastructure sectors and includes complex, interconnected networks that distinct service providers own and operate. The following information applies to the communications sector:Subsectors, segments, functions, or taxonomy:broadcast (for example, free and subscription-based television stations and over-the-air radio);cable (for example, digital telephone, analog and digital programming, and high-speed broadband services);satellite (that is, platforms launched into Earth orbit to relay video, voice, or data signals);wireless (for example, high-frequency radio, Wi-Fi, cellphones, and related technologies); andwireline (for example, circuit- and packet-switched networks, including telephony and private enterprise data networks).SRMA: DHS.Sector-specific plan or guidance: Communications Sector-Specific Plan. (See CISA: Communications Sector.)The critical manufacturing sector creates specialized equipment and parts that play a crucial enabling role for other entities, including critical infrastructure sectors like defense, energy, and transportation. The following information applies to the critical manufacturing sector:Subsectors, segments, functions, or taxonomy:primary metals manufacturing (for example, aluminum and non-ferrous metal production and iron and steel mills);machinery manufacturing (for example, agricultural and construction equipment, engine manufacturing, and power-transmission equipment manufacturing);electrical equipment, appliance, and component manufacturing (for example, generator, transformer, and electric motor manufacturing); andtransportation manufacturing (for example, transit cars, ships, rail track equipment, aerospace products, and vehicles).SRMA: DHS.Sector-Specific Plan or Guidance: Critical Manufacturing Sector \u2014 Cybersecurity Framework Implementation Guidance. (See CISA: Critical Manufacturing Sector.)The dams sector provides water control and retention services, which many regions of the US and industries rely on for hydroelectric power, water storage, nuclear power plant cooling water, and flood protection. The following information applies to the dams sector:Subsectors, segments, functions, or taxonomy:dams;levees; andnavigation locks.SRMA: DHS.Sector-specific plan or guidance: Homeland Security Information Network-Critical Infrastructure (HSIN-CI) Dams Portal. (See CISA: Dams Sector.) The DIB sector supports the research, design, production, and maintenance of military weapons systems, components, and parts to meet US military requirements. The DIB sector is made up of government and private sector organizations, including entities like laboratories, ammunition plants, and domestic and foreign companies. However, the DIB sector does not include general commercial infrastructure addressed by other sectors and SRMAs that the military sometimes uses to meet its operational requirements. The following information applies to the DIB sector:Subsectors, segments, functions, or taxonomy:aircraft (for example, drone systems and fixed-wing and rotary-wing craft);ships (for example, underwater drones and surface and subsurface craft);tracked and wheeled land vehicles (for example, tactical, combat, and robotic ground vehicles);electronics (for example, avionics and electronic warfare equipment and command, control, communications, computer, and intelligence (C4I) assets);soldier systems (for example, clothing and textiles, subsistence and medical systems, and chemical and biological defense systems);structural components (for example, armor, castings and forgings, composites, and precious metals);munitions (for example, ammunition, precision-guided munitions, and missile assets and systems);space (for example, satellites, missile defense agency assets, and launch vehicles); andmechanical components (for example, hydraulics, propulsion, bearings, nuclear components, and transmissions).SRMA: Department of Defense (DoD).Sector-specific plan or guidance: Defense Industrial Base Sector-Specific Plan. (See CISA: Defense Industrial Base Sector.)The emergency services sector (ESS) provides the first response to the American people during emergencies, including natural disasters. The ESS is the most geographically dispersed critical infrastructure sector with over 2.5 million individuals working in either paid or volunteer positions throughout federal and SLTT entities across the US and includes public and private organizations. The following information applies to the ESS:Subsectors, segments, functions, or taxonomy:law enforcement;fire and rescue services;emergency medical services;emergency management (for example, incident management and coordination); andpublic works (for example, assessing and repairing damage to buildings, roads, and bridges, clearing debris, and restoring utility services).SRMA: DHS.Sector-specific plan or guidance: Emergency Services Sector-Specific Plan. (See CISA: Emergency Services Sector.)The energy sector ensures a stable energy supply for the US, serving all other critical infrastructure sectors and industries. Some energy sector entities are government owned, but over 80 percent of the sector\u2019s assets are privately owned. The following information applies to the energy sector:Subsectors, segments, functions, or taxonomy:electricity;oil; andnatural gas.SRMA: Department of Energy.Sector-specific plan or guidance: Energy Sector-Specific Plan. (See CISA: Energy Sector.)The financial services sector is made up of various consumer and business banking, investment, insurance, credit, and finance entities. The following information applies to the financial services sector:Subsectors, segments, functions, or taxonomy:deposit, consumer credit, and payment systems products;credit and liquidity products;investment products; andrisk transfer products (for example, insurers).SRMA: Department of the Treasury.Sector-specific plan or guidance: Financial Services Sector-Specific Plan. (See CISA: Financial Services Sector.)The FA sector ensures that sufficient food is available to support individuals and animals in the US and often globally through exports. The FA sector includes mostly privately owned entities engaged in food production, processing, and delivery. This sector is responsible for about 20 percent of US economic activity. The following information applies to the FA sector:Subsectors, segments, functions, or taxonomy:supply;processing, packaging, and production;agricultural and food product storage;agricultural and food product transportation;agricultural and food processing product distribution;agricultural and food supporting facilities;regulatory, oversight, and industry organizations; andother agriculture and food entities.SRMAs:Department of Agriculture; andDepartment of Health and Human Services (HHS).Sector-specific plan or guidance: Food and Agriculture Sector-Specific Plan. (See CISA: Food and Agriculture Sector.)The assets of the government services and facilities sector exist to conduct the business and fulfill the responsibilities of US federal and SLTT government agencies. Publicly owned or leased facilities may be open to the public, like embassies, educational institutions, and courthouses, or have limited access, like record centers, research and development facilities, and military bases. The following information applies to the government services and facilities sector:Subsectors, segments, functions, or taxonomy:educational facilities (for example, primary and secondary schools and state universities);national monuments and icons (for example, locations on the list of National Historic Landmarks or National Register of Historic Places); andelection infrastructure (for example, polling and vote tabulation locations and supporting technology, like voting machines).SRMAs:DHS; andGeneral Services Administration.Sector-specific plan or guidance available at CISA: Government Services and Facilities Sector.The HPH sector supports US and global population health maintenance. The assets and individuals who work in the HPH sector, making up over 10 percent of the American workforce, carry out five core mission areas:Prevention.Protection.Mitigation. Response.Recovery.The following information applies to the HPH sector:Private HPH subsectors, segments, functions, or taxonomy:direct patient care (for example, emergency medical services, professional associations, and clinical facilities);health information technology (for example, information standards bodies, electronic health record systems vendors, and research institutions);health plans and payers (for example, private health insurance companies, Medicare, Medicaid, and the Children\u2019s Health Insurance programs);mass fatality management services (for example, cremation services, funeral homes, cemeteries, and morgues);medical materials (for example, medical equipment manufacturing and distribution facilities); andlaboratories, blood, and pharmaceuticals (for example, drug stores, blood banks, and pharmaceutical manufacturers).Government HPH subsectors, segments, functions, or taxonomy:public health (for example, emergency response, epidemiological surveillance, and health information communication and outreach); andfederal response and program offices (for example, relevant HHS and DoD functions).SRMA: HHS.Sector-specific plan or guidance: Healthcare and Public Health Sector-Specific Plan. (See CISA: Healthcare and Public Health Sector.)The IT sector is an integral part of the US critical infrastructure, providing important enabling functions to the public and other critical infrastructure sectors. The IT sector researches, develops, manufactures, distributes, and maintains IT hardware and software products and services, including operational technology (OT) such as industrial control systems and the internet of things (IoT) devices. Sector assets include physical and virtual systems and networks. The IT sector collaborates closely with the communications sector to support internet connectivity and related services. The following information applies to the IT sector:Subsectors, segments, functions, or taxonomy: provide IT products and services;provide incident management capabilities;provide domain name resolution services;provide identity management and associated trust support services;provide internet-based content, information, and communications services; andprovide internet routing, access, and connection services.SRMA: DHS.Sector-specific plan or guidance: Information Technology Sector-Specific Plan. (See CISA: Information Technology Sector.)The nuclear reactors, materials, and waste sector supports the US civilian nuclear infrastructure. Sector assets include power-generating reactors, research and testing reactors, and radioactive materials used in academic, industrial, and medical settings. The following information applies to the nuclear reactors, materials, and waste sector:Subsectors, segments, functions, or taxonomy:nuclear power plants with commercial nuclear reactors;research, training, and test reactors (for example, academic facilities);deactivated nuclear facilities (for example, power reactors in various stages of decommissioning);fuel cycle facilities (for example, facilities that produce nuclear reactor fuels, including uranium milling, enrichment, and recovery);nuclear materials transport;radioactive waste (for example, storage and disposal facilities); andradioactive materials (for example, sealed sources used in cancer radiotherapy, food and medical irradiators, other industrial equipment, and unsealed sources used for medical and research purposes).SRMA: DHS.Sector-specific plan or guidance: Nuclear Reactors, Materials, and Waste Sector-Specific Plan. (See CISA: Nuclear Reactors, Materials, and Waste Sector.)The transportation systems sector ensures safe, reliable, and efficient travel for goods and individuals, supporting the public and many other critical infrastructure sectors. The following information applies to the transportation systems sector:Subsectors, segments, functions, or taxonomy:aviation (for example, airports, aircraft, and air traffic control systems);highway and motor carriers (for example, bridges, tunnels, roadways, and certain commercial vehicles and related systems);maritime transportation (for example, navigable waterways, coastlines, and intermodal landside connections);mass transit and passenger rail (for example, subways, transit buses, passenger rail, terminals, and related public transportation systems);pipeline systems (for example, natural gas and various chemical pipelines);freight rail (for example, locomotives, freight cars, and railroad tracks); andpostal and shipping (for example, mail, delivery, and courier services).SRMAs: DHS; andDepartment of Transportation.Sector-specific plan or guidance available at CISA: Transportation Systems Sector. (See Transportation Security Administration: For Industry.) The water and wastewater systems sector ensures a reliable water supply, protects public health, and averts the spread of disease while aiming to preserve the environment. Natural disasters pose significant hazards to the sector. The following information applies to the water and wastewater systems sector:Subsectors, segments, functions, or taxonomy:drinking water; andwastewater (for example, treatment facilities).SRMA: Environmental Protection Agency.Sector-specific plan or guidance: Water and Wastewater Systems Sector-Specific Plan. (See CISA: Water and Wastewater Systems.)Each critical infrastructure sector and individual entity has its own unique cybersecurity risk profile. However, all organizations:Must implement proactive cybersecurity measures to ensure resilience.Can benefit from sharing experiences and following best practices.Two key resources include:The Department of Commerce National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).CISA\u2019s Cybersecurity Performance Goals (CPGs). The CSF:Offers a risk-based approach to cybersecurity using a set of desired outcomes organized into six core functions:govern;identify;protect; detect;respond; and recover.Provides a methodology that any organization can use to develop and maintain a comprehensive information security program as risks evolve, regardless of the organization\u2019s size, sector, technology environment, cybersecurity experience, or other characteristics.Does not prescribe implementation details but offers supporting resources, including implementation examples and mappings to widely recognized standards, to help organizations understand and choose safeguards appropriate to their circumstances.Each critical infrastructure sector and individual entity has its own unique risk profile. However, all organizations must implement proactive cybersecurity measures to ensure resilience and can benefit from sharing experiences and best practices.The CSF is voluntary. However:It gives critical infrastructure owners and operators:a structured approach for understanding their current and desired target cybersecurity postures; anda standard means for communicating with stakeholders and sharing experiences with similarly situated organizations.SRMAs and others may refer to it in their guidance and expectations, such as CISA\u2019s critical infrastructure CPGs. (For more information, see The NIST Cybersecurity Framework on Practical Law.)CISA\u2019s cross-sector CPGs:Address key CISA-identified challenges to critical infrastructure cyber resilience, including that:some entities fail to adopt baseline security practices;small and medium-sized organizations need help selecting the most effective measures to implement with their limited resources;inconsistent cybersecurity practices exist within and across sectors; andthere is frequently a lack of attention to securing OT assets.Provide:a baseline of widely applicable cybersecurity practices with proven risk-reduction value for critical infrastructure owners and operators;the ability for critical infrastructure owners and operators to benchmark their practices; andIT- and OT-related security practices.Consider aggregate risks to the nation and practices to address them.Align with the CSF (See CISA: Cross-Sector Cybersecurity Performance Goals.)Most critical infrastructure owners and operators find themselves subject to an increasing array of federal and SLTT cyber incident and data breach notification obligations. Many current laws and regulations focus on general or sector-specific data privacy and personal information breaches, while others address impacts on critical infrastructure. Some cyber incidents implicate both sets of laws and regulations. (For more on federal and state reporting requirements, see Cyber Incident and Data Breach Notification on Practical Law.)CIRCIA (6 U.S.C. \u00a7\u00a7 681 to 681g) requires critical infrastructure owners and operators to report covered cybersecurity incidents to CISA within 72 hours after the covered entity reasonably believes a covered incident has occurred and report ransomware payments within 24 hours after the payment was made (6 U.S.C. \u00a7\u00a7 681 and 681b(a)). CISA must then share those reports with relevant federal agencies within 24 hours (6 U.S.C. \u00a7 681a(a)(10)).These reporting obligations will not take effect until CISA finalizes its related CIRCIA rulemaking. In its proposed rulemaking, CISA:Broadly defines covered entities and reportable incidents.Sets detailed report content and data retention requirements.Stated that it expected to finalize the rulemaking in late 2025, with reporting to begin in 2026. However, CISA has since delayed finalization of the rulemaking to allow external stakeholders an additional opportunity to provide input. (91 Fed. Reg. 30498-01, 30498 (May 26, 2026); 89 Fed. Reg. 23644-01, 23743 (Apr. 4, 2024); see CISA: Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).)CIRCIA has also required DHS to examine the plethora of federal cyber incident reporting requirements. The resulting report identified 45 current reporting requirements created by law, regulation, or agency final guidance, administered by 22 different federal agencies, as well as additional proposed rules and requirements under consideration. These obligations sometimes overlap, creating duplication. Further, they often define reportable incidents and reporting time frames differently, complicating any potential data aggregation or trend analysis. DHS\u2019s report also provided harmonization recommendations. (DHS: Harmonization of Cyber Incident Reporting to the Federal Government (Sept. 19, 2023).)Despite DHS\u2019s harmonization recommendations, agencies remain on different paths. For example, in promulgating cybersecurity incident disclosure obligations that affect many critical infrastructure owners and operators, the Securities and Exchange Commission (SEC) noted that it believes harmonization is impractical because its rules focus on investors\u2019 information needs rather than the needs of regulators, affected individuals, or others (88 Fed. Reg. 51907-8 (Aug. 4, 2023)). (For more on the SEC\u2019s rules, see SEC Cybersecurity Disclosure Rules and Enforcement on Practical Law.)CISA:Encourages organizations of all kinds to voluntarily report cyber incidents.Explains that cyber incident reports help the agency to:better understand the current cyber threat climate;spot trends;share information to help others defend themselves, including critical infrastructure owners and operators; andsupport law enforcement in identifying and prosecuting cyberattackers. (See CISA: Voluntary Cyber Incident Reporting.)Congress enacted the Homeland Security Act of 2002 following the events of September 11, 2001. The Act consolidated over 20 federal departments and agencies, or certain components of them, into DHS with a unified mission to:Protect the US from terrorist attacks.Minimize the damage and support recovery when attacks do occur. (Pub. L. No. 107-296, 116 Stat. 2135 (2002).)DHS released the initial version of the National Infrastructure Protection Plan in 2006, with revisions in 2009 and 2013 (see CISA: National Infrastructure Protection Plan and Resources).In 2013, President Obama issued Presidential Policy Directive-21 (PPD-21) on Critical Infrastructure Security and Resilience, which:Identified the 16 critical infrastructure sectors.Placed responsibility with DHS to coordinate federal regulatory efforts, working with applicable sector-specific agencies. (2013 WL 503845 (Feb. 12, 2013).)The Cybersecurity and Infrastructure Security Agency Act of 2018, signed into law by President Trump, established CISA within DHS, expanding the mission of the former DHS National Protection and Programs Directorate (Pub. L. No. 115-278, 132 Stat. 4168 (2018)).In early 2024, the White House rescinded and replaced PPD-21 with NSM-22, which reiterated the 16 critical infrastructure sectors and set out additional risk management and coordination activities (see Critical Infrastructure Defined above).Several executive orders and other White House actions have also played an important role in critical infrastructure protection, including:President Obama\u2019s Executive Order 13636 titled Improving Critical Infrastructure Cybersecurity, which accompanied PPD-21 and directed NIST to create the CSF, among other activities (78 Fed. Reg. 11739 (Feb. 12, 2013)).President Trump\u2019s Executive Order 13800 titled Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, which sought to bolster the government\u2019s cybersecurity posture, protect critical infrastructure from cyberattacks, improve international cooperation, and develop a trained workforce by:setting US policy to manage cybersecurity risk as an executive branch enterprise;placing responsibility for managing cybersecurity risk with executive departments and agency heads who are accountable to the president; anddirecting agency heads to use the CSF and show a procurement preference for shared IT services, to the extent permitted by law, including email, cloud, and cybersecurity services (82 Fed. Reg. 22391 (May 11, 2017)).President Biden\u2019s Executive Order 14028 titled Improving the Nation\u2019s Cybersecurity, which focused on federal agencies and their systems by:emphasizing federal supply chain security and other safeguards addressed in the CSF following the widely publicized SolarWinds attack (for information on the SolarWinds attack, see Trends in Privacy and Data Security: 2020 on Practical Law);setting policy on cyber incident reporting obligations for federal contractors; anddirecting NIST (working with stakeholders) to identify existing or develop new supply chain security standards, tools, and best practices, which NIST continues to support through an ongoing initiative (86 Fed. Reg. 26633 (May 12, 2021); see NIST: Cybersecurity Supply Chain Risk Management).The White House\u2019s 2023 National Cybersecurity Strategy, which set goals to:President Trump\u2019s Executive Order titled Sustaining Select Efforts to Strengthen the Nation\u2019s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144, which modified previous cybersecurity executive orders and added some new directives, seeking to strengthen, reprioritize, and advance US cybersecurity efforts (90 Fed. Reg. 24723 (Jun. 6, 2025); for more information, see Morrison Foerster: Trump Issues Executive Order on Cybersecurity Rolling Back Some Prior Policies and Introducing New Ones on Practical Law).President Trump\u2019s Cyber Strategy for America, released on March 6, 2026, which aims to expand public-private sector collaboration, emphasizes undertaking both offensive and defensive missions, and offers the following six pillars to guide policy and implementation activities:shape adversary behavior;promote common sense regulation;modernize and secure federal government networks;secure critical infrastructure;sustain superiority in critical and emerging technologies; andbuild talent and capacity.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Critical Infrastructure Cybersecurity | Practical Law The Journal https:\/\/www.reuters.com\/practical-law-the-journal\/transactional\/critical-infrastructure-cybersecurity-2026-07-01\/ Publish Date: 2026-07-01 05:56:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":239182,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.reuters.com\/resizer\/v2\/FEQ6TNXAMVAUDHN2WJWVKXI46U.jpg?auth=99bcfd58a8b3147c1fda7da443221847adb5a6b460898d58d1f87783341ca5b8&height=1005&width=1920&quality=80&smart=true","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24,28],"class_list":["post-239181","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity","tag-data-security"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239181"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=239181"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239181\/revisions"}],"predecessor-version":[{"id":239183,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239181\/revisions\/239183"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/239182"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=239181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=239181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=239181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}