The Department of Homeland Security is finalizing plans for the Alliance of National Councils for Homeland Operational Resilience (ANCHOR), a new body designed to replace the disbanded Critical Infrastructure Partnership Advisory Council (CIPAC) and facilitate communication between government and industry on critical infrastructure threats.
DHS is completing a proposed regulation for ANCHOR, which is currently in final review and approval stages with Secretary Kristi Noem's office. The new council will replace CIPAC, which Secretary Noem shuttered last year along with other DHS advisory bodies when President Trump returned to office. ANCHOR will serve as an umbrella organization for federal sector risk management agencies and aims to restart conversations around infrastructure security. All 15 federal sector coordinating councils have been briefed on the initiative. Unlike CIPAC, ANCHOR will feature different structural authorities and liability protections, moving away from the rigid charter requirements that created bureaucratic obstacles under the previous system.
CIPAC served as a central hub for federal agencies, industry, and stakeholders under previous administrations. Industry widely praised the council's utility for facilitating critical infrastructure discussions. However, when President Donald Trump returned to office, Secretary of Homeland Security Kristi Noem disbanded CIPAC as part of a broader elimination of DHS advisory bodies. The shutdown prompted industry groups to voice concerns to Congress, with Rep. Andrew Garbarino, now chair of the Homeland Security Committee, pledging to address the issue with the administration.
According to a Government Accountability Office testimony on critical infrastructure protection, CIPAC facilitated "communication and information sharing between the government and the private sector" and allowed "the government and industry to interact without being open to public scrutiny."
However, CIPAC's structure created obstacles:
ANCHOR changes include:
A former DHS official who requested anonymity explained that DHS "strived to create a new framework for engaging on threat conversations and pre-deliberative policy conversations impacting security outcomes with sectors and the private sector, without having to create all these waterfall advisory councils or new charters and all that stuff."
Regarding CIPAC's liability protections, the official stated, "That was a very understood and very counted-on liability shield for allowing senior officials, all the way up to the CEO of private sector companies, to really openly communicate with each other."
A DHS spokesperson told CyberScoop that discussions of an imminent regulation release are "premature" and added, "We look forward to sharing more details once we have something to announce."
Adrienne Lotto of the American Public Power Association testified to Congress that liability protections in CIPAC were critical to fostering open dialogue between industry and government. She indicated that industry "was apprised by DHS that the administration's proposed CIPAC replacement is ready for publication in the Federal Register" and encouraged the administration to finalize plans "quickly."
Critical infrastructure includes systems and assets essential to national security, economic stability, and public health. These range from energy grids and water systems to healthcare networks and financial institutions. Information-sharing partnerships between government and industry help stakeholders understand threats targeting these sectors. Advisory councils like CIPAC and now ANCHOR allow companies to discuss vulnerabilities and threat intelligence with federal agencies while receiving legal protections. The liability shields are important because they enable executives to share sensitive information about security incidents and weaknesses without fear of legal exposure that could result from public disclosure.
The creation of ANCHOR represents a restoration of communication channels that industry leaders considered vital for protecting infrastructure from cyber attacks and other threats. Healthcare organizations depend on these partnerships to understand emerging threats and coordinate responses. The unresolved liability protection issues carry weight because healthcare executives need assurance they can discuss breaches, vulnerabilities, and security incidents openly without creating legal exposure for their organizations. Without clear liability shields, senior officials may hesitate to share the detailed threat information necessary for effective collective defense. The new council's approach to transparency, potentially opening some meetings to the public, could also change how healthcare and other sectors engage with the government on security matters.
ANCHOR's launch will restore government-industry partnerships for infrastructure protection, but healthcare organizations should monitor how liability protections are finalized. These protections will determine how freely executives can share sensitive security information. As the regulation moves through final approval, healthcare leaders should engage with their sector coordinating councils to ensure the new framework protects information sharing while supporting the collaborative threat response that CIPAC previously enabled.
By streamlining conversations across sectors, ANCHOR may help DHS and industry align more quickly on which risks require immediate attention.
If liability and governance rules are clarified, ANCHOR could accelerate information sharing.
Greater transparency could improve public confidence.