Published: 2026-07-14
Categories: Policy & Governance, Critical Infrastructure, Threat Intelligence Sharing
ANCHOR-CI: CISA’s New Council and AI-Era Threat Sharing
Key Takeaways
- On July 1, 2026, the Department of Homeland Security published a Federal Register notice establishing the Alliance of National Councils for Homeland Operational Resilience–Critical Infrastructure (ANCHOR-CI), a new advisory framework operating under Section 871 of the Homeland Security Act that replaces the Critical Infrastructure Partnership Advisory Council (CIPAC), which DHS disbanded in March 2025 [1][2][3].
- ANCHOR-CI organizes participation into four council types — critical infrastructure sector councils, cross-sector councils, critical infrastructure industry councils, and regional coordinating councils — and, unlike CIPAC, gives CISA direct authority to approve council membership rather than leaving selection to self-governed private sector coordinating bodies [1][4].
- The new framework drops the liability protections CIPAC provided, meaning the antitrust and regulatory-exposure shield that previously gave executives confidence to discuss incidents candidly in a group setting is not carried forward. Health-ISAC chief security officer Errol Weiss has said government “must address the legal exposures that keep companies from discussing sensitive cyber incidents” [4][5].
- This liability gap compounds an existing one: the Cybersecurity Information Sharing Act of 2015, the separate federal statute that provides liability, antitrust, and FOIA protections for company-to-government threat sharing, lapsed on September 30, 2025 and has only been extended on a short-term basis, most recently through September 30, 2026 [6][14].
- ANCHOR-CI is a distinct effort from the proposed AI-ISAC called for in the administration’s AI Action Plan, but CISA officials have acknowledged the two initiatives must be coordinated rather than built in parallel, and as of this writing the AI-ISAC remains an undated, pre-decisional proposal with no committed timeline [7][8].
Background
From CIPAC to ANCHOR-CI
For nearly two decades, the Critical Infrastructure Partnership Advisory Council served as one of the primary legal mechanisms through which the federal government and private-sector critical infrastructure owners and operators exchanged sensitive threat and vulnerability information without triggering antitrust exposure. DHS terminated CIPAC in March 2025 under Executive Order 14217, part of a broader push to eliminate what the administration characterized as redundant advisory structures [2][3]. The move drew immediate pushback from industry groups warning that the CIPAC forum’s legal protections would be lost with no replacement in place [3]. Rep. Andrew Garbarino, chair of the House Homeland Security Committee, later called the “abrupt elimination of CIPAC” a source of “unnecessary confusion and strain,” even while welcoming ANCHOR-CI itself as “a welcome step” [4].
ANCHOR-CI is DHS’s answer to that gap. The Federal Register notice frames it as an entity that “incorporates the best practices and lessons learned” from CIPAC while broadening engagement to a wider range of public-private stakeholders and addressing threats in closer to real time [1]. Structurally, ANCHOR-CI is exempted from the Federal Advisory Committee Act because of the sensitive nature of the information exchanged, which allows government and industry representatives to meet in a closed setting rather than under FACA’s public-meeting and public-record requirements [1][4]. CISA will fund and administer the council system, and the notice sets an initial two-year operating term under the Homeland Security Act’s Section 871 authority, renewable at the Secretary’s discretion [1][2].
A More Centralized, Less Self-Governed Model
In CSA’s assessment, the most consequential structural change from CIPAC is who decides who gets a seat at the table. Under CIPAC, sector coordinating councils were self-organized and self-governed by the private sector; under ANCHOR-CI, CISA approves council membership directly. Bob Kolasky, a former senior CISA official who helped shape the agency’s earlier critical infrastructure partnership work, has publicly noted that this “really puts CISA in the position of having authority over who participates” [4]. In CSA’s assessment, that represents a shift away from CIPAC’s partnership model toward one in which government exercises more direct control over council composition — and, potentially, over the tenor of the conversations that happen inside it. Kolasky himself has separately framed his concern as less about any specific administration’s intentions and more about the durability of the arrangement: he has argued that what matters most is a consistent, transparent membership process so that participation does not depend on being “in the good graces of a particular agency or administration,” a condition ANCHOR-CI’s initial notice does not yet fully specify [4].
Healthcare presents a useful lens on what this means in practice. The Healthcare and Public Health sector, working through HHS’s Office of Cybersecurity and Infrastructure Protection, is expected to participate in ANCHOR-CI’s sector council structure, alongside water, communications, and other interdependent infrastructure sectors [3]. Hospital and health-system CISOs, who relied on CIPAC’s protected forum to discuss ransomware incidents and vulnerability data without exposing themselves to antitrust or regulatory risk, now have reason to question whether ANCHOR-CI membership will carry the same practical value, particularly given the unresolved liability question described above [5].
Security Analysis
The Liability Protection Gap Arrives at the Worst Possible Time for AI Threat Sharing
In CSA’s view, the most significant security implication of ANCHOR-CI’s launch is not its structure but what it omits. CIPAC’s liability shield was designed to address the real legal risk that candid incident discussion among competitors can carry absent an explicit safe harbor. Errol Weiss, chief security officer at Health-ISAC, has been direct about the consequence: government “must address the legal exposures that keep companies from discussing sensitive cyber incidents,” and ANCHOR-CI’s founding notice does not resolve that exposure [5]. CISA’s own leadership has acknowledged the same gap exists in its planning: at a February 2026 industry event, CISA Executive Assistant Director for Cybersecurity Nick Andersen listed liability protections and appropriate transparency levels as open questions still being worked through, not settled features of the new council [7].
This gap does not exist in isolation. The Cybersecurity Information Sharing Act of 2015, the federal statute that separately provides liability, antitrust, and Freedom of Information Act protections for voluntary company-to-government and company-to-company cyber threat sharing, lapsed on September 30, 2025 when Congress failed to reauthorize it before its ten-year sunset. Congress has since extended it twice on a short-term basis, first through January 30, 2026 and then, as part of the FY2026 Consolidated Appropriations Act, through September 30, 2026 [6][14]. That means two of the most significant legal mechanisms that historically made critical infrastructure threat sharing viable — the CIPAC forum protection and the CISA 2015 statutory shield — are simultaneously either absent or on a short-term extension clock at precisely the moment DHS is standing up a replacement framework and separately exploring a technology-specific AI-ISAC, even accounting for narrower protections, such as the PCII program, that remain in place. In CSA’s assessment, this represents a materially less stable legal foundation for AI-related security cooperation than existed even eighteen months ago.
Two Parallel Efforts, One Coordination Risk
ANCHOR-CI and the proposed AI-ISAC are being developed as separate initiatives, and understanding that separation matters for organizations trying to anticipate where AI-specific threat information will actually flow. The administration’s AI Action Plan directed DHS, the Commerce Department’s Center for AI Standards and Innovation, and the White House Office of the National Cyber Director to establish an AI-ISAC “to promote the sharing of AI-security threat information and intelligence across U.S. critical infrastructure sectors” [7][8]. If realized, this would represent a novel model in CSA’s assessment — an ISAC organized around a technology rather than a specific infrastructure sector, a structure without a clear precedent among existing sector ISACs. As of February 2026, Andersen described the AI-ISAC proposal as “a pre-decisional memo” moving through the interagency process, with no committed launch date [8], and characterized the administration’s posture as wanting to “get that relationship right” between government and industry before moving forward [7].
The practical risk CISA leadership itself has named is that these efforts could end up operating “parallel to, rather than in coordination with, industry efforts,” creating two separate government-facing information-sharing relationships for organizations already stretched thin on compliance and liaison capacity [7]. IT-ISAC is not waiting for that clarity: it has already begun publishing guidance urging its members to route AI-related threat indicators through existing ISAC channels rather than waiting for a dedicated AI-ISAC to materialize, on the reasoning that established trust relationships and legal groundwork already exist within current sector structures, with other ISACs monitoring AI-enabled threats and sharing intelligence through the National Council of ISACs [9]. At the same time, ISAC leadership across sectors has acknowledged a harder problem that no new council structure resolves on its own. RH-ISAC’s Pam Lindemoen, Health-ISAC’s Denise Anderson, and FS-ISAC’s John Denning have each pointed to the growing use of AI-driven automation to generate and triage submitted threat indicators as raising real questions about the trustworthiness and signal quality of the intelligence streams that make information sharing valuable in the first place [10]. A council that gives organizations a legally viable venue to share AI threat data does nothing to guarantee that data is accurate, deduplicated, or attributable, and CISOs should not conflate the governance question ANCHOR-CI addresses with the data-quality question that AI-era information sharing separately raises.
What This Means for Organizations Weighing Participation
For a critical infrastructure owner or operator deciding whether and how to engage with ANCHOR-CI’s sector or cross-sector councils, the practical calculus now includes a legal risk assessment that CIPAC participation never required. Organizations should treat ANCHOR-CI membership as offering a coordination and situational-awareness benefit that is real but bounded, rather than as a like-for-like replacement for CIPAC’s protected information-sharing function, until DHS clarifies liability treatment and until Congress either permanently reauthorizes or again extends the Cybersecurity Information Sharing Act of 2015 beyond its current September 2026 sunset. Legal and compliance teams, not just security teams, need a seat in the decision about what an organization is willing to disclose in ANCHOR-CI forums given this uncertainty.
Recommendations
Immediate Actions
Security and legal leadership at critical infrastructure organizations should jointly review what information their organization currently shares through CIPAC-successor channels, existing sector ISACs, or informal peer relationships, and explicitly document what legal protections, if any, currently apply to each channel given that neither ANCHOR-CI’s forum protections nor the Cybersecurity Information Sharing Act of 2015’s statutory shield are on stable, long-term footing. Organizations in sectors with an active or forming ANCHOR-CI sector council, including healthcare through HHS’s Office of Cybersecurity and Infrastructure Protection, should confirm through their sector risk management agency how council membership will be determined and whether existing sector coordinating council relationships carry forward, rather than assuming continuity with prior CIPAC arrangements [1][3]. For AI-specific threat intelligence, route indicators through existing, established ISAC relationships now rather than waiting for the AI-ISAC to launch, consistent with current guidance from IT-ISAC and other sector ISACs already extending their monitoring to cover AI-related threats [9].
Short-Term Mitigations
Where an organization does participate in ANCHOR-CI councils, treat disclosure decisions conservatively until liability protection questions are resolved: share indicators and technical detail sufficient to support collective defense while withholding the kind of internally sensitive incident narrative that CIPAC’s antitrust shield was specifically designed to protect. Build internal review processes so that legal counsel, not only the security team, signs off on what gets disclosed in ANCHOR-CI forums, particularly for cross-sector councils where competitors may be present in the same room. Organizations should also track the Cybersecurity Information Sharing Act of 2015’s reauthorization status directly, since its September 30, 2026 expiration would remove statutory protections for information sharing regardless of what ANCHOR-CI itself provides, and should have a contingency communication plan for a lapse scenario given the precedent set by the 2025 lapse [6][14].
Strategic Considerations
Over the medium term, organizations should plan for continued fragmentation between critical infrastructure information-sharing governance (ANCHOR-CI) and AI-specific threat intelligence sharing (the prospective AI-ISAC), rather than assuming these will converge into a single coordinated channel in the near term. Security leaders should also recognize that resolving the legal and governance questions ANCHOR-CI raises does not by itself solve the harder, longer-running problem that sector ISACs have flagged: as AI-driven automation increasingly shapes both attacker tradecraft and the threat-intelligence submission pipelines defenders rely on, the trustworthiness and provenance of shared indicators deserves the same institutional attention as the legal framework for sharing them. Organizations building or maturing AI governance programs should treat information-sharing policy, including what categories of AI-incident data can be disclosed externally and under what protections, as a first-class component of that program rather than an afterthought handled ad hoc when the next incident occurs.
CSA Resource Alignment
ANCHOR-CI’s core subject matter — the legal and structural mechanics of cross-organization threat information sharing — connects directly to CSA’s existing published guidance on information-sharing program design, while the critical infrastructure and OT/ICS dimension of the new council structure connects to CSA’s dedicated Zero Trust guidance for that environment.
In CSA’s assessment, “Effective Methods for Security Information Sharing” is the most directly on-point prior CSA resource, since it lays out a practical framework for building cyber threat intelligence exchange programs, including the trust, automation, and data-handling considerations that make sharing programs actually function rather than remain aspirational [11]. Its treatment of confidentiality protection, anonymization, and reducing friction in submission speaks directly to the concern this analysis raises about ANCHOR-CI: a legally viable venue for sharing is necessary but not sufficient, and organizations evaluating participation should apply this resource’s practical lens on program design, not just the legal question of liability, when deciding what and how to share.
CSA’s “Zero Trust Guidance for Critical Infrastructure” is, in CSA’s assessment, the most specifically relevant resource for the operational technology and industrial control system dimension of ANCHOR-CI’s sector councils, since it directly addresses the unique architecture, legacy-system, and cross-functional coordination challenges facing the same critical infrastructure sectors ANCHOR-CI is meant to serve, building on the NSTAC Report to the President on Zero Trust [12]. Organizations participating in ANCHOR-CI’s critical infrastructure sector or regional coordinating councils can draw on this guidance’s five-step Zero Trust implementation process to inform what technical detail about their OT/ICS environments is appropriate to disclose in a council setting versus what should remain internal.
As a topical fallback for the AI governance dimension of this analysis, the AI Controls Matrix (AICM) v1.1 provides applicable control language for organizations formalizing policy on what AI-related incident and threat data can be shared externally and under what conditions, an area that sits at the intersection of AICM’s governance and third-party risk domains [13]. Organizations pursuing STAR or STAR-for-AI assurance can document their ANCHOR-CI and sector-ISAC participation decisions, including the legal risk assessment described in this note’s recommendations, as supporting evidence of mature AI governance and information-sharing policy.
References
[1] Federal Register. “Establishment of the Alliance of National Councils for Homeland Operational Resilience–Critical Infrastructure (ANCHOR-CI).” Federal Register, July 1, 2026.
[2] Cybersecurity and Infrastructure Security Agency. “CISA Announces New Advisory Council to Strengthen Partnerships and Secure Critical Infrastructure.” CISA, July 2026.
[3] HIPAA Journal. “ANCHOR-CI Framework Strengthens Partnerships and Information Sharing to Secure Critical Infrastructure.” HIPAA Journal, July 2026.
[4] CyberScoop. “DHS to Unveil Replacement Council for Critical Infrastructure Cybersecurity.” CyberScoop, July 2026.
[5] HealthSystemCIO. “DHS Revives Critical Infrastructure Threat Sharing, Without the Legal Shield Industry Wants.” HealthSystemCIO, July 2, 2026.
[6] Mayer Brown. “Cybersecurity Information Sharing Act of 2015 Lapses.” Mayer Brown, October 2025.
[7] CyberScoop. “What’s Next for DHS’s Forthcoming Replacement Critical Infrastructure Protection Panel, AI Information Sharing.” CyberScoop, February 2026.
[8] Nextgov/FCW. “AI Info-Sharing Center Is in Development, CISA Official Says.” Nextgov/FCW, February 2026.
[9] IT-ISAC. “Leverage Existing ISACs to Share AI Threat Information.” IT-ISAC, 2026.
[10] Cybersecurity Dive. “ISACs Confront AI’s Promise and Peril for Threat Intelligence-Sharing.” Cybersecurity Dive, 2026.
[11] Cloud Security Alliance. “Effective Methods for Security Information Sharing.” CSA, 2020 (updated 2025).
[12] Cloud Security Alliance. “Zero Trust Guidance for Critical Infrastructure.” CSA, 2024.
[13] Cloud Security Alliance. “AI Controls Matrix (AICM) v1.1.” CSA, 2026.
[14] Hunton Andrews Kurth. “Congress Extends Cybersecurity Information Sharing Act of 2015 through September 2026.” Hunton Privacy & Cybersecurity Law Blog, February 2026.