Ask almost any critical infrastructure leader what keeps them awake at night, and I expect you’ll hear pretty similar answers: cyberattacks, supply chain disruptions, insider threats, artificial intelligence, drones, extreme weather, geopolitical instability.
But after spending a day with more than 170 leaders from across the nation’s 16 critical infrastructure sectors, I left grappling with a bigger question: how do we account for the risks that exist at the margins of what we’re planning for? The vulnerabilities that emerge not because we failed to prepare, but because our plans rely on assumptions that other systems will remain operational, that backup resources will be available, or that disruptions will stay contained.
The conversations throughout the day reinforced a simple truth: today’s most consequential risks rarely stay confined to a single organization, sector, or incident. They emerge through the interdependencies, assumptions, and cascading effects that are easy to overlook until they become impossible to ignore.
On June 18, the Center for Cross-Sector Coordination (CXC) hosted its inaugural Cross-Sector Symposium in Washington, D.C. Owners and operators sat beside technology innovators. Federal agencies, including DHS, CISA, the U.S. Coast Guard, TSA, the FBI, NIST, and others, joined state and local government leaders, researchers, and industry associations for conversations about some of the most pressing issues facing critical infrastructure today.
The agenda covered artificial intelligence, supply chain security, emergency response, interdependencies, and countering unmanned aircraft systems.
Yet by the end of the day, despite the diversity of topics, many of our conversations pointed to the same conclusion: critical infrastructure’s biggest vulnerabilities, and greatest opportunities, exist in the grey areas where one sector or organization interacts with another.
Today’s Risks Are Broader Than Our Existing Networks
In the US, our critical infrastructure model has historically relied on public and private sectors working together. Sector Specific Agencies, Information Sharing and Analysis Centers, industry associations, local emergency planning committees, and other coordination mechanisms have created partnerships that I believe are indispensable. But today’s threats spread through interconnected technologies, common communications platforms, transportation systems, cloud providers, shared suppliers, and human networks – and our critical infrastructure is more interconnected than ever before.
One panelist observed that you cannot truly understand your risk until you understand your dependencies. I would take that one step further to say that in today’s environment, you cannot understand your dependencies, or optimize your planning, if you’re only talking to your own sector and your immediate supply chain.
Artificial Intelligence Is a Coordination Challenge
Take AI, for example. Much of the public conversation around artificial intelligence focuses on whether organizations should adopt AI – but that is no longer the most interesting question anymore.
Critical infrastructure owners and operators are already exploring how AI can improve physical security, cybersecurity, operations, maintenance, emergency management, and decision support. The real challenge is ensuring that adoption is secure, practical, and informed by operational realities. Different sectors are moving at different speeds. Some operate under unique regulatory requirements. Others face workforce or technology constraints. Still others have decades-old operational technology that cannot simply be modernized overnight.
This is precisely why cross-sector collaboration matters. As NIST continues developing guidance and frameworks, owners and operators must help translate those standards into operational practices. No single organization—or even a single sector—should have to solve these implementation challenges alone. The opportunity isn’t simply to adopt AI faster. It’s to adopt it smarter by learning from one another.
Supply Chains Have Made Every Sector Everyone Else’s Business
The experts’ discussions on supply chain resilience offered another reminder that traditional boundaries no longer reflect operational reality. Organizations increasingly recognize the importance of understanding not only their direct suppliers but also second- and third-order dependencies. Yet mapping those relationships remains difficult (if not impossible) because of the amazing complexity of today’s supply chains.
When looking at the reality of what can be accomplished in such a complex environment, participants repeatedly returned to one idea: relationships matter. Not during a crisis, but before one. Trust cannot be improvised after a disruption has already begun – but it can be the key to getting through the hard times.
Resilience Depends on Understanding Shared Failure
Perhaps the most thought-provoking discussion centered on emergency response and interdependencies. For years, resilience planning has emphasized redundancy. Facilities have a backup system, an alternate supplier, and a secondary communications path. This remains a sound principle – but our experts asked: what happens when everyone has selected the same backup…and we don’t even realize it?
As one participant noted, resilience planning often assumes those redundant resources will still be available when needed. Increasingly, that assumption deserves scrutiny. The concept of “poly-crisis”—multiple concurrent disruptions affecting multiple sectors—illustrates this challenge well. At some point, cascading failures stop being isolated incidents and begin stressing the entire national infrastructure ecosystem.
Planning for those scenarios requires organizations to understand not only their own continuity plans, but also how their decisions affect partners across sectors.
Making Space for Cross-Sector Planning
The questions raised throughout the symposium come at a pivotal moment in how the United States approaches critical infrastructure resilience. Recent developments—from the White House’s release of a new National Resilience Strategy to DHS’s new public-private collaboration models such as ANCHOR-CI—signal that the landscape is changing. As the federal government’s role continues to evolve, owners and operators will increasingly need to strengthen the relationships, networks, and partnerships that underpin resilience.
The relationships that matter most during a crisis are built long before one occurs. They are forged through regular engagement, trusted networks, candid conversations, and a willingness to learn from one another’s experiences. Government will remain an essential partner, but it cannot be the sole convener of the relationships that enable effective cross-sector coordination. Industry must take an active role in building and sustaining those connections.
As the risk landscape grows more interconnected, so must the community responsible for securing it. Building that community—and strengthening it before the next disruption—may be one of the most important investments we can make in our collective resilience.


