ANCHOR-CI: What Critical Infrastructure Owners & Operators Need to Know 

For nearly two decades, the Critical Infrastructure Partnership Advisory Council (CIPAC) had served as the principal framework for collaboration between government and the owners and operators of the nation’s critical infrastructure. Through Sector Coordinating Councils (SCCs), Government Coordinating Councils (GCCs), and a cross-sector council, CIPAC provided a forum for industry and government to exchange information, identify shared priorities, and develop consensus recommendations outside the requirements of the Federal Advisory Committee Act. In March 2025, DHS canceled CIPAC and, ever since, critical infrastructure operators have been asking what would come next.

The recent establishment of the Alliance of National Councils for Homeland Operational Resilience–Critical Infrastructure (ANCHOR-CI) represents far more than a change in branding. It reflects a significant evolution in how the Cybersecurity and Infrastructure Security Agency (CISA) envisions public-private governance for critical infrastructure security and resilience.

While ANCHOR-CI preserves the fundamental purpose of facilitating collaboration between government and industry, it introduces a broader governance model, includes opportunities to expand participation, and centralizes oversight under CISA in ways that will reshape how the critical infrastructure community organizes itself moving forward.

From Sector-Centric to an Ecosystem Model

The ANCHOR-CI framework moves beyond the traditional sector-based structure that has defined critical infrastructure coordination since the original National Infrastructure Protection Plan.

Under CIPAC, collaboration largely occurred through SCCs aligned to the nation’s 16 critical infrastructure sectors. ANCHOR-CI recognizes what practitioners have understood for years: today’s infrastructure challenges rarely fit neatly within sector boundaries.

Cyberattacks, supply chain disruptions, natural disasters, AI adoption, workforce shortages, and geopolitical instability routinely affect multiple sectors simultaneously. Infrastructure operates as a system of systems, where dependencies extend across physical assets, digital systems, supply chains, and operational relationships. At the same time, many industries have long struggled to fit within the existing critical infrastructure construct. Cloud service providers, commercial space companies, logistics providers, space systems, data center operators, advanced technology firms, and other emerging industries often support multiple sectors simultaneously while lacking a natural home within the traditional sector framework.

Recent federal emphasis on state- and locally driven resilience is also reflected in ANCHOR-CI, understanding that critical infrastructure risk is inherently local. A hurricane affecting Gulf Coast energy infrastructure presents different challenges than wildfire risk in the West or agricultural disruptions across the Midwest. Likewise, rural communities often face different resilience challenges than major metropolitan areas.

To better reflect this cross-cutting and ecosystem reality, ANCHOR-CI establishes an overarching model composed not only of Sector Coordinating Councils, but also Industry Coordinating Councils, Regional Coordinating Councils, and Cross-Sector Councils.

The result is a framework that acknowledges resilience must be built across an interconnected infrastructure ecosystem rather than within individual sectors alone. As emerging technologies continue reshaping critical infrastructure, this flexibility will become increasingly important.

Opportunity for Broadening Participation

ANCHOR-CI also expands who may participate through the creation of additional council opportunities and subject matter experts. Rather than focusing primarily on recognized SCCs and GCCs, the new framework opens participation to a broader community of infrastructure owners and operators, organizations with cybersecurity and infrastructure security responsibilities, state and local governments, and additional private-sector entities selected by CISA.

This reflects an important reality. Many organizations that contribute substantially to infrastructure resilience have not historically participated in the sector council construct. The question remains: to what extent will organizations be invited to participate and granted membership or contribution as a subject matter expert and how will organizations decide which councils they seek to join? This may pose an additional challenge for both CISA in managing membership and for organizations in deciding where to invest their time and resources.

Organizations that provide security solutions and support critical infrastructure will likely not be able to invest time and resources into each sector coordinating council and companies that have facility locations across the country will likely not be able to invest in each regional council. This challenge could amplify the importance of a cross-sector council and robust cross-sector frameworks in bringing together the whole of the community – a mission the Center for Cross-Sector Coordination (CXC) prioritizes as a non-profit organization that is industry-led, cross-sector, and operationally focused on security and resilience challenges across the critical infrastructure community.

A More Centralized Governance Model

Perhaps the most significant governance change is the expanded role of the CISA Director and the government, in general, in managing the SCCs.

Under CIPAC, SCCs traditionally remained industry-led and largely self-organized and self-governed. This allowed each sector to identify what worked well for its community – some SCCs were made up mostly of senior level critical infrastructure owners and operators whereas others included membership from trade associations representing owners and operators.

ANCHOR-CI shifts this decision-making.

The framework requires CISA approval of councils, participating organizations, leadership, subject matter experts, and member entities while providing authority for the Director to appoint additional participants as needed.

Supporters may argue that this creates greater consistency across the partnership structure and improves accountability.

Others may question whether increased federal oversight also increases bureaucracy and timelines and could affect the independence that has historically made the sector councils valuable forums for candid industry discussion.

How that balance ultimately develops will likely depend on the implementation of future bylaws and operating procedures. The Federal Register notice establishing ANCHOR-CI does not include many of the detailed administrative provisions that were historically included within the CIPAC Charter, such as governance procedures, ethics requirements, meeting processes, membership lists, and recordkeeping expectations.

Rather than eliminating these requirements altogether, the expectation appears to be that they will reside in future bylaws or charter guidance. While this provides greater flexibility, it also leaves important implementation questions unanswered and owners and operators wondering how membership will be decided and what councils will be prioritized.

What Success Will Require

The publication of the ANCHOR-CI Federal Register Notice is a long-awaited milestone for the critical infrastructure community. While the framework establishes an important foundation, the publication of the notice is only the beginning. Its success will ultimately depend on how it is implemented.

There are many encouraging aspects of the new model. ANCHOR-CI recognizes that today’s critical infrastructure ecosystem extends beyond the traditional sector construct. The addition of Industry Coordinating Councils creates opportunities to better engage organizations whose missions span multiple sectors, while Regional Coordinating Councils acknowledge that resilience is ultimately built and sustained at the state, local, Tribal, and territorial levels. These are meaningful advancements that better reflect how critical infrastructure operates today.

At the same time, implementation matters.

The critical infrastructure community has long benefited from governance models that are industry-driven, operationally focused, and built on trusted relationships. As ANCHOR-CI evolves, we must focus on ensuring that new governance structures do not unintentionally introduce additional bureaucracy, political considerations, or prolonged uncertainty into what should remain an operational national security mission.

Perhaps most importantly, representation matters. If ANCHOR-CI is intended to reflect the perspectives of the non-federal critical infrastructure community, it must include organizations that collectively represent the full diversity of owners, operators, and organizations that contribute to infrastructure security and resilience. No single organization or sector has a monopoly on understanding today’s complex risk environment.

The Center for Cross-Sector Coordination (CXC) understands this opportunity and has established itself as a cross-sector organization that welcomes and encourages participation from critical infrastructure owners and operators, industry associations, technology and solutions providers, academia, government agencies, and others who support the security and resilience of the nation’s critical infrastructure. From CXC’s perspective, the greatest strength of ANCHOR-CI is its recognition that infrastructure challenges are increasingly cross-sector. Artificial intelligence, supply chain security, operational technology, space-enabled services, communications, emergency response, and emerging threats rarely affect a single sector in isolation. They require continuous dialogue among organizations that may not traditionally work together but whose operations are deeply interconnected.

As ANCHOR-CI develops, one principle should remain central: effective public-private partnership is built on trust, operational expertise, and shared ownership.

CXC believes sector, cross-sector, industry, and regional councils are most effective when they are empowered to organize around the expertise of their members while maintaining close coordination with CISA and the Sector Risk Management Agencies. Self-governance has historically enabled councils to respond quickly to emerging challenges, leverage operational experience, and maintain the confidence of participating organizations. As new governance structures are implemented, preserving that agility will be essential.

After all, governance structures alone do not create resilience—trusted relationships do.

Looking Ahead

Critical infrastructure security has always depended on partnership. That truth remains unchanged regardless of the governance framework.

The threats facing the nation continue to evolve. Infrastructure systems are becoming more interconnected. Emerging technologies are reshaping operational risk. State and local partners are assuming greater responsibility for resilience. No single agency, sector, or organization can address these challenges alone.

CXC applauds CISA’s continued focus on critical-infrastructure security and resilience and looks forward to supporting ANCHOR-CI and continuing to serve as a force multiplier for government by convening cross-sector expertise, facilitating collaboration among government and industry, translating strategic discussions into practical solutions, and helping strengthen the connective tissue that underpins national resilience.

If implemented thoughtfully, ANCHOR-CI has the potential to become an important advancement in public-private partnership. Its success, of course, will ultimately depend not on the framework itself, but on whether, in implementation, it contributes to the ability of the critical infrastructure community to work together more effectively than before.

Kelly Rae Murray is the former Associate Director for the Cybersecurity and Infrastructure Security Agency (CISA) Office of Chemical Security within the U.S. Department of Homeland Security (DHS). Ms. Murray led the Office of Chemical Security in identifying, regulating, and managing infrastructure security risk by overseeing the former Chemical Facility Anti-Terrorism Standards (CFATS) regulation as well as voluntary critical infrastructure security and resilience programs. Ms. Murray served as a technical authority on critical infrastructure and chemical security with expertise in risk-based and performance-based security measures to best assist critical infrastructure owners and operators and communities across the nation both understand and address their security risk. Further, she was a co-implementer of the Global Congress on Chemical Security and Emerging Threats, an international group of more than 1,000 experts from 80 countries, established to build capacity worldwide, enable technology innovation, address emerging threats like artificial intelligence and drones, and influence global security strategies for critical infrastructure. Currently, Ms. Murray is the Executive Director and Co-Founder for the Center for Cross-Sector Coordination (CXC), a not-for-profit initiative focusing on promoting cross-sector collaboration and information sharing, private-public discussion, and cross-sector security and resilience solutions for critical infrastructure owners and operators. The Center serves as a trusted network and forum for true expert coordination—and as a force multiplier for government Sector Risk Management Agencies and information sharing initiatives. Additionally, Ms. Murray is President and Founder of Resilience and Risk Solutions where she provides expert strategic policy, legislative approach, organizational development, risk analysis, vulnerability assessment, emergency management, and program development for critical infrastructure and government partners, driving impactful change and increased national and economic security and resilience. She also partners with Deep Water Point & Associates as a Principal to identify opportunities, maintain public and private sector partnerships, and provide expert guidance, agency-savvy insights, and mission-informed perspectives on national-level projects.

Related Articles

Latest Articles