A shift in federal policy is underway as the Department of Homeland Security (DHS) finalizes the Alliance of National Councils for Homeland Operational Resilience (ANCHOR), a body intended to replace the previously disbanded Critical Infrastructure Partnership Advisory Council (CIPAC). This move signals a renewed effort to facilitate discussions between government agencies and private sector leaders concerning escalating cyber threats to critical infrastructure. The rollout of ANCHOR follows more than a year of uncertainty after CIPAC’s dissolution, which left industry groups voicing concern over the loss of a vital platform for collaboration. Observers note that restoring such communication channels is significant at a time of increasing scrutiny on the cyber resilience of national infrastructure, particularly as public and private sectors face complex risk environments.
CIPAC had been widely acknowledged by industry as a practical forum for government and sector representatives to address pressing security issues before its termination last year under Secretary of Homeland Security Kristi Noem. Previous public records indicated that industry leaders and lawmakers promptly flagged the council’s closure as problematic, anticipating that a successor would be necessary for effective policy dialogue. What distinguishes the current proposal for ANCHOR are adjustments in meeting openness and the possibility of improved administrative flexibility, contrasting the former council’s more rigid structure and closed meetings. Regulatory review for ANCHOR draws on feedback that emerged during the period when CIPAC functions were absent.
Why Was ANCHOR Created to Replace CIPAC?
According to sources familiar with the regulatory process, ANCHOR is set to operate not only as a successor to CIPAC but as an umbrella group for other federal risk management councils. One of the primary motivations for its formation stems from criticism of bureaucratic hurdles in the CIPAC framework, which often delayed or restricted broad information-sharing initiatives. Stakeholders had expressed concern that the previous method, requiring extensive documentation and approval for each new sector council, hindered responsive decision-making efforts. The goal for ANCHOR is to enable a more streamlined environment for policy and threat discussions relating to infrastructure security. As a former DHS official noted,
“What DHS strived to do was to create a new framework for engaging on threat conversations and pre-deliberative policy conversations impacting security outcomes with sectors and the private sector, without having to create all these waterfall advisory councils or new charters and all that stuff.”
What Structural Changes Will ANCHOR Bring?
Comparisons between the two councils reveal ANCHOR’s intent to make policy conversations more accessible and efficient. While CIPAC required each new council to have its own charter and mostly closed meetings to the public, ANCHOR is anticipated to allow for greater transparency. The public could gain increased access to certain meetings or summaries of discussions. Despite these changes, some structural questions remain unresolved, especially regarding legal liability protections for participants. Liability has been a cornerstone issue, as past protections encouraged candid information exchange among industry leaders and government officials without fear of legal repercussions.
Will Liability Protections Be Maintained?
There continues to be debate over the extent to which liability protections, particularly for “one-to-many” interactions, will transition from CIPAC to ANCHOR. The Cybersecurity and Information Sharing Act of 2015 only guarantees liability coverage in “one-to-one” exchanges, while CIPAC had broader coverage for group engagements. Industry representatives, such as Adrienne Lotto from the American Public Power Association, have urged DHS to maintain robust liability shields, warning that weakened protections could impede open communication. She underscored the sector’s stance by telling Congress,
“Liability protections in CIPAC were critical to fostering open dialogue between industry and government around cybersecurity and infrastructure protection.”
Some industry groups continue to seek clarity on how the new framework will balance information sharing with legal safeguards.
The previous period without CIPAC saw significant concern regarding industry-government collaboration on infrastructure security, leading to appeals from industry groups and congressional engagement. While some anticipated a prolonged vacuum in information sharing, ANCHOR’s imminent launch has altered expectations. Stakeholders have voiced optimism tempered by calls for careful review of liability provisions and structural transparency. The new council is expected to build on lessons learned from CIPAC’s operational challenges, potentially shaping how other advisory groups approach similar collaborations.
Restoring a platform akin to CIPAC suggests recognition of persistent vulnerabilities within the nation’s critical infrastructure sectors and the necessity for structured, open coordination. The ANCHOR framework’s design may help reduce bureaucratic delays, attract a broader range of participants, and address the complexities of modern cyber threats. Organizations engaged in infrastructure protection can look to ANCHOR as an evolving model for government-industry partnership. As developments unfold, monitoring how liability protections are implemented will be essential for stakeholders who depend on candid discussion to address cybersecurity challenges. Ultimately, balancing openness, efficiency, and legal clarity will determine the effectiveness of this renewed information-sharing effort.
