The Department of Homeland Security is restoring a cybersecurity information sharing forum for critical infrastructure, replacing the defunct Critical Infrastructure Partnership Advisory Council with the ANCHOR-CI federal register notice, which says the program will let government and private sector representatives review threats and vulnerabilities.
KEY FACTS
- Replacement ANCHOR-CI is meant to take over CIPAC’s coordination role.
- Scope The program covers critical infrastructure sectors, cross-sector threats, industry councils and regional councils.
- Oversight CISA will manage the body and appoint members.
- Transparency The notice exempts ANCHOR-CI from the Federal Advisory Committee Act.
CIPAC allowed agencies including the FBI, CISA and the intelligence community to work with owners and operators of water, power, internet and telecommunications systems on cyber threats and digital weaknesses. DHS said ANCHOR-CI will provide similar forums for federal, state, local, tribal and territorial officials to meet with private sector representatives.
The notice says the council will be organized into four types of groups, including sector-specific councils, cross-sector councils for emerging threats such as cyberattacks or zero-day vulnerabilities, industry councils and regional coordinating councils. CISA will appoint members from industry, trade associations, state and local governments and other sources.
The move follows the shutdown of CIPAC under then-Secretary Kristi Noem, which left many infrastructure operators without the federally enabled threat intelligence and cybersecurity support they had relied on. A source said current Secretary Markwayne Mullin was sympathetic to those concerns and wanted to repair the relationship with industry.
Former CISA official Bob Kolasky said the new structure gives the CISA director more authority over who participates than CIPAC did, when private sector councils had more control over their own representatives. He said some questions remain about how representatives will be chosen and what role other sector risk management agencies will play.
WHY IT MATTERS
The change restores a government-backed channel for sharing cyber threat information with key infrastructure operators at a time when attacks and vulnerabilities can affect essential services. It also raises questions about how much control industry will have in a process now more tightly managed by CISA.

