25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

ANCHOR-CI Framework Strengthens Partnerships and Information Sharing to Secure Critical Infrastructure

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has announced the formation of the Alliance of National Councils for Homeland Operational Resilience–Critical Infrastructure, or ANCHOR-CI for short. ANCHOR-CI will operate for two years initially but may be extended by DHS Secretary under the authority provided by Section 871 of the Homeland Security Act.

ANCHOR-CI is the successor to the Critical Infrastructure Partnership Advisory Council (CIPAC), which enabled critical infrastructure entities to exchange sensitive information with the federal government about physical and cyber risks. CIPAC was established by the DHS in March 2006 and served as the framework for public collaboration on security for almost two decades, until it was eliminated by then DHS Secretary Kristi Noem in March 2025. There has been no formal framework for government-industry coordination on critical infrastructure cybersecurity for more than a year, and without the legal protections provided by CIPAC or an equivalent framework, some critical infrastructure sectors stopped sharing cybersecurity data with the federal government.

ANCHOR-CI retains the legal protections of CIPAC and creates a new framework to strengthen information sharing and broaden partnerships across government and industry to better secure the nation’s critical infrastructure. “The new and innovative ANCHOR-CI framework will be a game changer in how the public and private sectors collaborate and share information,” said DHS Secretary Markwayne Mullin. “In a rapidly evolving threat environment, ANCHOR-CI will ensure we have the right people in the room working together to keep the critical infrastructure Americans rely on secure and resilient. This is just another example of the partnership needed to confront the threats of today and tomorrow.”

ANCHOR-CI allows the establishment of four council types: critical infrastructure sector councils, cross-sector councils, critical infrastructure industry councils, and regional coordinating councils, which will advise and provide strategic and actionable recommendations to ensure a coordinated national effort to strengthen critical infrastructure cybersecurity. The councils will recruit members from four groups: critical infrastructure owners, operators and their trade associations; federal, state, local, tribal and territorial government agencies; organizations with direct responsibility for cybersecurity and infrastructure resilience; and other private sector entities.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The new framework is more flexible than its predecessor, supports open and candid discussions of sensitive information, strengthens collaboration between the government and industry, and will ensure more critical infrastructure stakeholders participate. One key feature of CIPAC that has been dropped in ANCHOR-CI is liability protection for participants. This was an important feature that allowed executives to discuss incidents in group settings without antitrust or regulatory exposure.

Under the new framework, CISA will approve proposed council members and may appoint additional participants. Under CIPAC, private sector councils chose their own representatives. While some meetings can be opened to the public, sensitive discussions are shielded, as ANCHOR-CI is exempted from the Federal Advisory Committee Act.

Governance of the ANCHOR-CI councils will be managed by the DHS and CISA, and it will be housed by CISA, which will provide the necessary funding and administrative support. The HHS Office of Cybersecurity and Infrastructure Protection (CIP) will work closely with DHS and CISA to advance collaboration and ensure that the Healthcare and Public Health (HPH) sector priorities are elevated.  The ANCHOR-CI councils will help strengthen partnerships within the HPH sector, as well as across interdependent critical infrastructure sectors, including water and communications.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist