I Have Good News and Bad News
Actually, that is not all that different from cybersecurity every day 🙂 .
In this case, we are talking about the safety of critical infrastructure.
Last year, as part of the DOGE’s effort to save money, DHS killed a program that you probably never heard of called CIPAC or Critical Infrastructure Partnership Advisory Council. Likely this was because the word Council was in the name and you can figure out the rest. CIPAC, which was started in 2006, created a legal framework for companies to meet privately with government officials in a way that did not require public disclosure, to discuss cybersecurity and vulnerability concerns and share and create strategies to deal with that.
For the last year the program has been dead and critical infrastructure – like your lights, your water, gas, etc. have been completely on their own to protect themselves. Luckily, so far, that seems to have worked for them, but all it takes is one minor slip up for the lights to go off.
That is the bad news.
DHS says they are working on creating a new program – no timeline – called ANCHOR. In the tortured acronym department, ANCHOR stands for Alliance of National Councils for Homeland Operational Resilience. Unfortunately, it, too, has the dreaded C word in it, council. DHS claims it will streamline the process for critical infrastructure operators to work with the feds. If and when it ever happens. ANCHOR, supposedly, will allow for more transparency, which is good. Some meetings could, possibly, be public. Maybe. No requirement for that. Or, at least, maybe some information about the meetings could be made public.
The administration says they have briefed all 15 critical infrastructure sector coordinating councils, but multiple people say that the feds have not shared any details, so, maybe – don’t know – ANCHOR is a plan, not a real thing.
When one reporter asked a representative of an infrastructure sector what DHS had told them, the response was “not a word. We keep being told it’s under development”.
Reports are it is waiting for the DHS secretary to approve it. Not clear what; maybe the outline. Apparently, it has been sitting there for weeks.
One big problem is the legal challenge of how to shield competitors who collaborate in ANCHOR to avoid being sued for antitrust violations. That might require Congressional action.
So this is the good news, as best we have it.
It would seem to me that you might have wanted to keep the old system in place, even if it was clunky, until you actually had a new system to replace it with, but that is not how DC rolls these days. When asked when ANCHOR would be more than a paper plan, the media got no response from DHS.
So, unfortunately, while I am pretty clear that the bad news is bad, I am less sure that the good news is good – at least not in the short term. But, hopefully, it is good in the long term. Credit: Cybersecurity Dive
by 