US Cybersecurity Policy and Preparedness Efforts for Critical Infrastructure and Government Networks
U.S. lawmakers and agencies are advancing multiple efforts to sustain and strengthen cybersecurity capabilities, with some federal authorities at risk of lapsing if Congress fails to avert a government shutdown. Nextgov/FCW reported that the Cybersecurity Information Sharing Act of 2015—which provides liability protections to enable private-sector sharing of threat intelligence with the government—and the National Cybersecurity Protection System (a federal civilian network intrusion-detection and prevention capability) were both tied to Department of Homeland Security funding legislation and faced imminent expiration absent reauthorization. The same DHS legislative vehicle was also described as key to reauthorizing the State and Local Cybersecurity Grant Program, which has provided $1B to improve cybersecurity at state and local entities.
In parallel, Congress is considering sector-specific measures to improve resilience in energy and utility environments, while the Department of Energy continues operational readiness exercises. Nextgov/FCW highlighted proposed legislation including the Pipeline Cybersecurity Preparedness Act (DOE-led programs to improve pipeline/LNG cybersecurity, information sharing, and incident response coordination) and the Rural and Municipal Utility Cybersecurity Act (expanding grant and technical assistance for smaller utilities, with $250M proposed for FY2026–2030 and protections for sensitive shared cyber information). Separately, Industrial Cyber reported on DOE’s annual Liberty Eclipse exercise on Plum Island, which uses an isolated grid environment to train utilities and partners to detect, respond to, and recover from simulated attacks including ransomware and stealthy compromise scenarios spanning IT/OT and real-time operations teams.
Sources
Related Stories
US Cybersecurity Policy Setbacks and Calls for Legislative Action
The annual implementation report from the Cyberspace Solarium Commission (CSC 2.0) has concluded that the United States is regressing in its efforts to strengthen national cybersecurity. The report highlights that, for the first time since the commission began tracking progress, the nation has moved backward in enacting key recommendations, with implementation percentages dropping across all measured categories. The report attributes this decline to several factors, including budget and personnel cuts initiated during the Trump administration, which have affected critical cyber diplomacy and science programs. The absence of stable leadership at major agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the State Department is also cited as a significant barrier to progress. The commission recommends reversing these budget cuts, empowering the Office of the National Cyber Director, and expanding federal workforce initiatives to address the growing gap between technological advancement and federal cybersecurity efforts. The report underscores that the pace of technology evolution is outstripping the government's ability to secure it, leaving the nation and its allies increasingly vulnerable to cyber threats. In parallel, the U.S. electric utility sector is prioritizing the reauthorization of the Cybersecurity Information Sharing Act (CISA) of 2015, which lapsed earlier in the month. Industry leaders argue that the law is essential for fostering trust and enabling the sharing of sensitive operational information between utilities and the government without fear of reprisal. The lapse of this legislation has raised concerns among utility executives and cybersecurity experts, who emphasize that robust information sharing is critical in the face of escalating threats to the power sector. Multiple industry associations, including the American Public Power Association and the Edison Electric Institute, have urged Congress to reauthorize the act to maintain effective collaboration and threat mitigation. The convergence of these developments points to a broader challenge in U.S. cybersecurity policy, where legislative and organizational setbacks are undermining national resilience. The lack of progress in implementing strategic recommendations and the expiration of key information-sharing laws are seen as compounding risks for critical infrastructure. Experts warn that without renewed commitment and legislative action, the U.S. may continue to lose ground in the global cybersecurity landscape. The reports collectively call for immediate policy reversals, leadership stabilization, and legislative renewal to restore momentum in national cyber defense. The situation is further complicated by the increasing sophistication of cyber threats targeting both government and private sector entities. Stakeholders across sectors are advocating for a unified approach to address these vulnerabilities and ensure the security of essential services. The urgency of these recommendations is underscored by the potential consequences of inaction, which could include increased exposure to cyberattacks and diminished national security. The reports serve as a wake-up call for policymakers to prioritize cybersecurity funding, leadership, and legislative frameworks. The need for a coordinated and well-resourced response is emphasized as essential for safeguarding the nation's digital infrastructure. The findings highlight the interconnectedness of policy, leadership, and industry collaboration in achieving effective cybersecurity outcomes. The overall message is clear: reversing recent setbacks and renewing key laws are critical steps toward regaining lost ground in U.S. cybersecurity.
4 months agoUS Utilities Warn of Grid Cybersecurity Risks Amid Federal Funding Shortfalls
Utility executives and grid security analysts have warned Congress that U.S. federal funding for cybersecurity is not keeping pace with the increasing threat of nation-state cyber intrusions, particularly from Chinese actors. Leaders from investor-owned utilities, rural cooperatives, and national laboratories testified that Chinese hackers are already embedded within U.S. energy infrastructure, and that the next wave of attacks is likely to exploit persistent resource gaps, especially in rural systems and outdated operational technology. The testimony highlighted that modern cybersecurity defenses require significant upfront investment and ongoing funding, which many utilities—especially rural cooperatives—struggle to secure. The warnings come as researchers and officials describe a threat environment shaped by nation-state adversaries conducting pre-positioning campaigns, embedding themselves in operational technology networks in preparation for potential destructive attacks. Despite Congressional authorization for Department of Energy grants aimed at bolstering rural and municipal utility cybersecurity, the release of these funds has been delayed, further undermining the sector's readiness to defend against sophisticated cyber threats targeting critical infrastructure.
3 months agoGovernment Cybersecurity Legislation and Resilience Initiatives
Governments in the US, UK, and EU are advancing major legislative and regulatory efforts to strengthen cybersecurity and resilience across critical sectors and software supply chains. The European Union’s Cyber Resilience Act (CRA) introduces requirements for software and connected product vendors to embed security from the design phase, manage vulnerabilities throughout the product lifecycle, and deliver rapid updates, with global implications for SaaS providers and technology companies. In the UK, the new Cyber Security and Resilience Bill aims to overhaul protections for critical national infrastructure, updating the NIS Regulations and addressing the growing threat from nation-state actors, as highlighted by recent disruptive attacks on healthcare and other essential services. In the United States, Congress has reauthorized the Cybersecurity Information Sharing Act (CISA 2015) through early 2026, restoring liability protections for organizations sharing threat intelligence with the federal government and sector-specific communities. However, the Cybersecurity and Infrastructure Security Agency (CISA) faces significant staffing shortages and capability gaps, prompting calls for increased funding and new strategies to address escalating cyber threats. Collectively, these legislative and regulatory actions reflect a global trend toward more robust, proactive, and coordinated approaches to cyber resilience and critical infrastructure protection.
3 months ago