A coalition of America's largest critical infrastructure operators has launched a new nonprofit organization to coordinate cybersecurity defenses across sectors, filling a void left by federal government retreat from longstanding public-private partnerships. The Alliance for Critical Infrastructure, formed in February by JPMorgan Chase, Mastercard, AT&T, and Berkshire Hathaway Energy, aims to help infrastructure sectors work together to understand and mitigate shared cybersecurity risks. The group evolved from the Tri-Sector Executive Working Group, which previously advised both the Biden and first Trump administrations on infrastructure security policy.
The formation of the ACI reflects growing alarm within the critical infrastructure community about the Trump administration's withdrawal from decades-long coordination efforts. Throughout 2025, the administration purged staff at the Cybersecurity and Infrastructure Security Agency, eliminated the Critical Infrastructure Partnership Advisory Council (CIPAC), and considered shutting down the Federal Emergency Management Agency. Government budget cuts and personnel losses have significantly reduced agencies' ability to support and advise infrastructure operators, prompting private sector leaders to take initiative. Ben Flatgard, the ACI's chairman and cybersecurity policy lead at JPMorgan Chase, noted that the private sector manages the vast majority of U.S. infrastructure and must own the responsibility for protecting it.
The ACI's strategic plan centers on four pillars over the next 18 months. First, the group will analyze cross-sector dependencies, examining technologies like GPS satellites and undersea cables that underpin multiple infrastructure sectors. Second, it will develop protocols for responding to a "polycrisis" - a national emergency simultaneously threatening multiple infrastructure types with both physical and digital consequences. The third pillar addresses operational support to government on countering adversaries through expanded information sharing, while the fourth focuses on advising policymakers on legislation and regulation. The group is working with CISA to expand the agency's cybersecurity incident response playbooks to reflect cross-sector cooperation.
The ACI distinguishes itself from existing sector-specific groups by focusing on dependencies that no single sector can fully understand or mitigate alone. Michele Guido, the ACI's executive director and strategic security policy director at Southern Company, emphasized that existing plans within individual sectors fail to address cross-sector components. The group plans to publish white papers on how sectors operate and can work together, conduct regional pilot programs on incident response and service restoration, and develop protocols for maintaining critical services during widespread emergencies. Leaders stressed the initiative will complement rather than duplicate existing information sharing and analysis centers and sector coordinating councils.
Experts acknowledge both the promise and limitations of the private sector initiative. Brian Harrell, former assistant director for infrastructure security at CISA, warned that without federal oversight, industry groups lack sovereign intelligence feeds and antitrust immunity that previously anchored operations. The absence of CIPAC has created uncertainty around government-industry coordination, though DHS is developing a replacement framework. ACI leaders said they recognize these challenges but believe the group can play a productive role even with constrained federal partnerships. The organization is currently creating working groups, defining pilot projects, and reviewing membership applications from infrastructure operators with resources to contribute to collaborative security efforts.
Source: https://www.cybersecuritydive.com/news/critical-infrastructure-cybersecurity-coalition-aci-government/818662/