US Government Pushes Cybersecurity and AI Resilience for Critical Infrastructure
The U.S. government is advancing multiple critical infrastructure cybersecurity initiatives focused on resilience, public-private coordination, and the secure adoption of AI. National Cyber Director Sean Cairncross said the administration wants AI to be secure by design, framing technical security as an enabler of innovation rather than a barrier. The approach includes closer collaboration with private industry, expanded threat-information sharing, federal support for offensive cyber operations, and new mechanisms for AI companies to coordinate on threat response while the administration revises earlier policies it views as constraining competitiveness.
The Department of Energy is preparing to release its first cybersecurity strategic plan to strengthen defenses for the power grid and improve preparedness for cyber and physical incidents affecting the energy sector. That effort is expected to deepen coordination with private operators and evaluate AI investments that could help defend critical infrastructure against AI-enabled threats. A separate article on why attacks against critical national infrastructure are dangerous is not about this same policy development; it is a general explainer on infrastructure targeting and disruption rather than reporting on the U.S. government’s current AI and energy cybersecurity initiatives.
Timeline
Apr 16, 2026
DOE and LLNL develop Mjlnir AI Testbed for energy-sector AI security
The Department of Energy's Office of Cybersecurity, Energy Security and Emergency Response and Lawrence Livermore National Laboratory developed the Mjlnir AI Testbed to adversarially test advanced AI models for vulnerabilities such as manipulation and information leakage. The platform is intended to help energy-sector vendors, utilities, and grid operators assess AI risks before deploying models in critical workflows.
Mar 23, 2026
DOE releases first five-year cybersecurity strategy for energy sector
The U.S. Department of Energy released its first comprehensive five-year cybersecurity strategy for U.S. energy infrastructure through CESER. The plan focuses on operational technology security, grid and supply-chain hardening, and faster incident response and recovery, formalizing DOE’s role in sector risk management.
Mar 18, 2026
Energy Department says first cyber strategy will be released soon
The U.S. Department of Energy said it is preparing to release its inaugural cybersecurity strategic plan to strengthen power grid defenses amid rising cyber threats. Officials said the strategy will align with the recently unveiled national cyber strategy, emphasize private-sector collaboration, and evaluate AI investments for critical infrastructure security.
Mar 18, 2026
Trump administration outlines secure-by-design AI policy shift
At the Billington Cybersecurity Summit, U.S. National Cyber Director Sean Cairncross said the administration would promote a secure-by-design approach to AI while accelerating innovation. He said the government plans to work with private companies on AI threat-information sharing, keep offensive cyber operations within federal agencies, and roll back some prior AI security policies viewed as restrictive.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Trump Administration Cyber Strategy Emphasizes Secure AI Adoption and Industry Coordination
The White House Office of the National Cyber Director (ONCD) said a forthcoming U.S. national cyber strategy will prioritize **rapid but secure adoption of AI** for cyber defense, aiming to expand the use of AI-enabled tools to *detect, divert, and deceive* threat actors without unintentionally widening the attack surface. ONCD policy lead Alexandra Seymour also highlighted plans to advance U.S. **AI cybersecurity standards**, establish industry best practices for secure AI deployment, and pursue “counter-AI” efforts to protect frontier models and counter adversary use of AI. The strategy is also expected to include a pillar focused on strengthening the cybersecurity workforce by aligning curriculum, workforce standards, cyber literacy, and job placement across government, industry, and academia. Separately, ONCD indicated U.S. cyber responses will be more explicitly **linked to adversary actions** and will require closer coordination with **state/local governments and critical infrastructure owners/operators**, reflecting a more assertive posture driven in part by recent high-profile intrusions into U.S. critical infrastructure (including telecom). In parallel with these federal strategy signals, the U.S. Treasury Department announced it will publish a set of resources created by a public-private coalition to improve **cyber risk management for AI systems in the financial sector**, intended to support secure AI adoption as banks expand AI use for fraud detection, customer service, trading, and risk modeling—areas that can introduce new vulnerabilities due to sensitive data dependencies and third-party/vendor exposure.
1 months ago
US government and industry expand AI and critical-infrastructure cyber information sharing efforts
US cybersecurity officials said work is underway to stand up new and expanded government–industry mechanisms for sharing threat intelligence, with a particular focus on **AI security** and **operational technology (OT)** risks to critical infrastructure. CISA executive assistant director Nick Andersen said an **AI Information-Sharing and Analysis Center (AI-ISAC)** ordered by the White House is still in an “ongoing policy dialogue” phase, with stakeholders trying to resource the effort and avoid duplicating existing private-sector information-sharing initiatives; he also said there is no launch timeline and described the effort as moving through a “pre-decisional” process. In parallel, Andersen said DHS/CISA is planning a replacement for the disbanded **Critical Infrastructure Partnership Advisory Council (CIPAC)**, aiming to correct gaps in the prior structure—particularly the lack of an explicit cybersecurity charter—and to enable more targeted focus groups on issues such as **undersea cables** and OT systems. Separately, the White House Office of the National Cyber Director said it is developing an **AI security policy framework** intended to embed security controls into AI “tech stacks” in coordination with the Office of Science and Technology Policy, citing risks such as **data poisoning** and the potential for **agentic** capabilities to accelerate intrusions. In the private sector, the **Manufacturing ISAC (MFG-ISAC)** reported increased collaboration to address rising threats to manufacturing, including OT-focused initiatives such as tabletop exercises, OT training, and development of incident response playbooks and OT threat guidelines, alongside preparation for updated **CMMC** requirements—reinforcing the broader push toward structured, sector-based information sharing and readiness for critical-infrastructure cyber threats.
1 months ago
U.S. Cyber Policy Emphasizes Private-Sector Defense Partnerships Over Offensive Hacking
The U.S. government signaled that **private industry is not expected to conduct offensive cyber operations** on the government's behalf, even as the new national cyber strategy calls for stronger collaboration with commercial partners. National Cyber Director Sean Cairncross said the administration wants to use private-sector capabilities for **information sharing, threat intelligence, and defensive support**, while offensive action remains the responsibility of agencies that already hold that authority, including the **NSA, CIA, FBI, and U.S. Cyber Command**. The same policy direction is reflected in the Energy Department's planned **first-ever cyber strategy**, which is intended to align with the national strategy and focus on protecting the energy grid through stronger public-private coordination. Energy officials said the plan will prioritize getting **timely, actionable information** to operators, improving the sector's **security resilience**, and investing in **AI for cyber defense** to counter adversaries using AI-enabled offensive capabilities against critical infrastructure.
1 months ago