The Department of Homeland Security is finalizing plans for the Alliance of National Councils for Homeland Operational Resilience (ANCHOR), a new body designed to replace the disbanded Critical Infrastructure Partnership Advisory Council (CIPAC) and facilitate communication between government and industry on critical infrastructure threats.
What happened
DHS is completing a proposed regulation for ANCHOR, which is currently in final review and approval stages with Secretary Kristi Noem's office. The new council will replace CIPAC, which Secretary Noem shuttered last year along with other DHS advisory bodies when President Trump returned to office. ANCHOR will serve as an umbrella organization for federal sector risk management agencies and aims to restart conversations around infrastructure security. All 15 federal sector coordinating councils have been briefed on the initiative. Unlike CIPAC, ANCHOR will feature different structural authorities and liability protections, moving away from the rigid charter requirements that created bureaucratic obstacles under the previous system.
The backstory
CIPAC served as a central hub for federal agencies, industry, and stakeholders under previous administrations. Industry widely praised the council's utility for facilitating critical infrastructure discussions. However, when President Donald Trump returned to office, Secretary of Homeland Security Kristi Noem disbanded CIPAC as part of a broader elimination of DHS advisory bodies. The shutdown prompted industry groups to voice concerns to Congress, with Rep. Andrew Garbarino, now chair of the Homeland Security Committee, pledging to address the issue with the administration.
Going deeper
According to a Government Accountability Office testimony on critical infrastructure protection, CIPAC facilitated "communication and information sharing between the government and the private sector" and allowed "the government and industry to interact without being open to public scrutiny."
However, CIPAC's structure created obstacles:
- CIPAC was essentially what a former DHS official described as "an advisory council that could be chartered to create other advisory councils," requiring Secretary-level approval and separate charters for every new council
- This created what the official called "a waterfall effect" of bureaucracy that made CIPAC a poor vehicle for holding broad conversations between not just DHS and industry, but all other federal sector risk management agencies and sector coordinating councils
- CIPAC conversations were "closed by default" to the public, with mandatory liability protections for every setting
- The government could typically only issue press releases or cite comments under Chatham House Rule
ANCHOR changes include:
- DHS and other councils will be able to open certain meetings to the public or provide conversation transcripts
- The new framework eliminates the need to create multiple advisory councils or new charters for each engagement
- Liability protections remain under negotiation, with the administration still determining when protections would apply to ANCHOR discussions
What was said
A former DHS official who requested anonymity explained that DHS "strived to create a new framework for engaging on threat conversations and pre-deliberative policy conversations impacting security outcomes with sectors and the private sector, without having to create all these waterfall advisory councils or new charters and all that stuff."
Regarding CIPAC's liability protections, the official stated, "That was a very understood and very counted-on liability shield for allowing senior officials, all the way up to the CEO of private sector companies, to really openly communicate with each other."
A DHS spokesperson told CyberScoop that discussions of an imminent regulation release are "premature" and added, "We look forward to sharing more details once we have something to announce."
Adrienne Lotto of the American Public Power Association testified to Congress that liability protections in CIPAC were critical to fostering open dialogue between industry and government. She indicated that industry "was apprised by DHS that the administration's proposed CIPAC replacement is ready for publication in the Federal Register" and encouraged the administration to finalize plans "quickly."
In the know
Critical infrastructure includes systems and assets essential to national security, economic stability, and public health. These range from energy grids and water systems to healthcare networks and financial institutions. Information-sharing partnerships between government and industry help stakeholders understand threats targeting these sectors. Advisory councils like CIPAC and now ANCHOR allow companies to discuss vulnerabilities and threat intelligence with federal agencies while receiving legal protections. The liability shields are important because they enable executives to share sensitive information about security incidents and weaknesses without fear of legal exposure that could result from public disclosure.
Why it matters
The creation of ANCHOR represents a restoration of communication channels that industry leaders considered vital for protecting infrastructure from cyber attacks and other threats. Healthcare organizations depend on these partnerships to understand emerging threats and coordinate responses. The unresolved liability protection issues carry weight because healthcare executives need assurance they can discuss breaches, vulnerabilities, and security incidents openly without creating legal exposure for their organizations. Without clear liability shields, senior officials may hesitate to share the detailed threat information necessary for effective collective defense. The new council's approach to transparency, potentially opening some meetings to the public, could also change how healthcare and other sectors engage with the government on security matters.
The bottom line
ANCHOR's launch will restore government-industry partnerships for infrastructure protection, but healthcare organizations should monitor how liability protections are finalized. These protections will determine how freely executives can share sensitive security information. As the regulation moves through final approval, healthcare leaders should engage with their sector coordinating councils to ensure the new framework protects information sharing while supporting the collaborative threat response that CIPAC previously enabled.
FAQs
Could ANCHOR influence how critical infrastructure threats are prioritized nationally?
By streamlining conversations across sectors, ANCHOR may help DHS and industry align more quickly on which risks require immediate attention.
Will ANCHOR impact how quickly threat information is shared during active incidents?
If liability and governance rules are clarified, ANCHOR could accelerate information sharing.
How might ANCHOR affect public trust if more meetings are opened to the public?
Greater transparency could improve public confidence.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
