US Cybersecurity Policy and Preparedness Efforts for Critical Infrastructure and Government Networks
U.S. lawmakers and agencies are advancing multiple efforts to sustain and strengthen cybersecurity capabilities, with some federal authorities at risk of lapsing if Congress fails to avert a government shutdown. Nextgov/FCW reported that the Cybersecurity Information Sharing Act of 2015—which provides liability protections to enable private-sector sharing of threat intelligence with the government—and the National Cybersecurity Protection System (a federal civilian network intrusion-detection and prevention capability) were both tied to Department of Homeland Security funding legislation and faced imminent expiration absent reauthorization. The same DHS legislative vehicle was also described as key to reauthorizing the State and Local Cybersecurity Grant Program, which has provided $1B to improve cybersecurity at state and local entities.
In parallel, Congress is considering sector-specific measures to improve resilience in energy and utility environments, while the Department of Energy continues operational readiness exercises. Nextgov/FCW highlighted proposed legislation including the Pipeline Cybersecurity Preparedness Act (DOE-led programs to improve pipeline/LNG cybersecurity, information sharing, and incident response coordination) and the Rural and Municipal Utility Cybersecurity Act (expanding grant and technical assistance for smaller utilities, with $250M proposed for FY2026–2030 and protections for sensitive shared cyber information). Separately, Industrial Cyber reported on DOE’s annual Liberty Eclipse exercise on Plum Island, which uses an isolated grid environment to train utilities and partners to detect, respond to, and recover from simulated attacks including ransomware and stealthy compromise scenarios spanning IT/OT and real-time operations teams.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Key U.S. cyber authorities face another expiration deadline
As Congress worked to avert a shutdown, officials warned that major cybersecurity authorities, including the Cybersecurity Information-Sharing Act and the National Cybersecurity Protection System, could lapse again on Jan. 30 if not reauthorized.
DOE hosts annual Liberty Eclipse exercise on Plum Island
DOE CESER hosted the annual Liberty Eclipse exercise on Plum Island, bringing together utilities, national laboratories, and government defenders for live-fire simulations of ransomware, stealth intrusions, data theft, and disruption in an isolated grid environment.
House proposals introduced to strengthen utility and pipeline cybersecurity
Three U.S. House measures—the Pipeline Cybersecurity Preparedness Act, the Rural and Municipal Utility Cybersecurity Act, and the SECURE Grid Act—were put forward to improve cybersecurity, resilience, information sharing, and planning across energy and pipeline sectors.
Congress temporarily extends cyber authorities through Jan. 30
After the prior lapse, lawmakers temporarily extended key cybersecurity authorities, including the Cybersecurity Information-Sharing Act, through Jan. 30, 2026.
Cyber information-sharing law lapses during 43-day shutdown
The Cybersecurity Information-Sharing Act of 2015 expired during a 43-day government shutdown late in the prior year, interrupting legal protections for companies that share cyber threat intelligence with the government.
DOE holds first full-scale Liberty Eclipse exercise
The Department of Energy expanded the earlier effort to include power utilities and conducted the first full-scale Liberty Eclipse exercise, using realistic grid cyberattack simulations to train defenders.
DARPA launches precursor effort for grid cyber exercise
A DARPA effort began focusing on the military’s reliance on the commercial power grid, laying the foundation for what later became the Liberty Eclipse exercise program.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Key cyber statutes at risk again as Congress works to avert shutdown - Nextgov/FCW
nextgov.com
Open sourceTech Bills of the Week: Measures seek to boost cyber posture of utilities - Nextgov/FCW
nextgov.com
Open sourceDOE’s Liberty Eclipse simulates ransomware and stealth attacks to prepare utilities for real-world grid cyber threats - Industrial Cyber
industrialcyber.co
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
US Cybersecurity Policy Setbacks and Calls for Legislative Action
The annual implementation report from the Cyberspace Solarium Commission (CSC 2.0) has concluded that the United States is regressing in its efforts to strengthen national cybersecurity. The report highlights that, for the first time since the commission began tracking progress, the nation has moved backward in enacting key recommendations, with implementation percentages dropping across all measured categories. The report attributes this decline to several factors, including budget and personnel cuts initiated during the Trump administration, which have affected critical cyber diplomacy and science programs. The absence of stable leadership at major agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the State Department is also cited as a significant barrier to progress. The commission recommends reversing these budget cuts, empowering the Office of the National Cyber Director, and expanding federal workforce initiatives to address the growing gap between technological advancement and federal cybersecurity efforts. The report underscores that the pace of technology evolution is outstripping the government's ability to secure it, leaving the nation and its allies increasingly vulnerable to cyber threats. In parallel, the U.S. electric utility sector is prioritizing the reauthorization of the Cybersecurity Information Sharing Act (CISA) of 2015, which lapsed earlier in the month. Industry leaders argue that the law is essential for fostering trust and enabling the sharing of sensitive operational information between utilities and the government without fear of reprisal. The lapse of this legislation has raised concerns among utility executives and cybersecurity experts, who emphasize that robust information sharing is critical in the face of escalating threats to the power sector. Multiple industry associations, including the American Public Power Association and the Edison Electric Institute, have urged Congress to reauthorize the act to maintain effective collaboration and threat mitigation. The convergence of these developments points to a broader challenge in U.S. cybersecurity policy, where legislative and organizational setbacks are undermining national resilience. The lack of progress in implementing strategic recommendations and the expiration of key information-sharing laws are seen as compounding risks for critical infrastructure. Experts warn that without renewed commitment and legislative action, the U.S. may continue to lose ground in the global cybersecurity landscape. The reports collectively call for immediate policy reversals, leadership stabilization, and legislative renewal to restore momentum in national cyber defense. The situation is further complicated by the increasing sophistication of cyber threats targeting both government and private sector entities. Stakeholders across sectors are advocating for a unified approach to address these vulnerabilities and ensure the security of essential services. The urgency of these recommendations is underscored by the potential consequences of inaction, which could include increased exposure to cyberattacks and diminished national security. The reports serve as a wake-up call for policymakers to prioritize cybersecurity funding, leadership, and legislative frameworks. The need for a coordinated and well-resourced response is emphasized as essential for safeguarding the nation's digital infrastructure. The findings highlight the interconnectedness of policy, leadership, and industry collaboration in achieving effective cybersecurity outcomes. The overall message is clear: reversing recent setbacks and renewing key laws are critical steps toward regaining lost ground in U.S. cybersecurity.
Mar 21, 2026
US Utilities Warn of Grid Cybersecurity Risks Amid Federal Funding Shortfalls
Utility executives and grid security analysts have warned Congress that U.S. federal funding for cybersecurity is not keeping pace with the increasing threat of nation-state cyber intrusions, particularly from Chinese actors. Leaders from investor-owned utilities, rural cooperatives, and national laboratories testified that Chinese hackers are already embedded within U.S. energy infrastructure, and that the next wave of attacks is likely to exploit persistent resource gaps, especially in rural systems and outdated operational technology. The testimony highlighted that modern cybersecurity defenses require significant upfront investment and ongoing funding, which many utilities—especially rural cooperatives—struggle to secure. The warnings come as researchers and officials describe a threat environment shaped by nation-state adversaries conducting pre-positioning campaigns, embedding themselves in operational technology networks in preparation for potential destructive attacks. Despite Congressional authorization for Department of Energy grants aimed at bolstering rural and municipal utility cybersecurity, the release of these funds has been delayed, further undermining the sector's readiness to defend against sophisticated cyber threats targeting critical infrastructure.
Mar 21, 2026
Government Cybersecurity Legislation and Resilience Initiatives
Governments in the US, UK, and EU are advancing major legislative and regulatory efforts to strengthen cybersecurity and resilience across critical sectors and software supply chains. The European Union’s Cyber Resilience Act (CRA) introduces requirements for software and connected product vendors to embed security from the design phase, manage vulnerabilities throughout the product lifecycle, and deliver rapid updates, with global implications for SaaS providers and technology companies. In the UK, the new Cyber Security and Resilience Bill aims to overhaul protections for critical national infrastructure, updating the NIS Regulations and addressing the growing threat from nation-state actors, as highlighted by recent disruptive attacks on healthcare and other essential services. In the United States, Congress has reauthorized the Cybersecurity Information Sharing Act (CISA 2015) through early 2026, restoring liability protections for organizations sharing threat intelligence with the federal government and sector-specific communities. However, the Cybersecurity and Infrastructure Security Agency (CISA) faces significant staffing shortages and capability gaps, prompting calls for increased funding and new strategies to address escalating cyber threats. Collectively, these legislative and regulatory actions reflect a global trend toward more robust, proactive, and coordinated approaches to cyber resilience and critical infrastructure protection.
Mar 21, 2026