Three Key Partnerships for Cyber Resilience
Cyber resilience is the goal; partnership is how we achieve it.
Add bookmark 
Monty McGee
02/25/2026 
More than a decade ago, the attack on Ukraine’s energy grid felt like a surprising watershed, proof that cyber operators could reach through keyboards to shut off the lights. This marked a shift into a new phase of geopolitical conflict: one defined by cyber-attacks manifesting physical world effects, particularly against critical infrastructure. Since 2015, there have been ransomware attacks against major oil systems[1], healthcare systems[2], and water systems[3] in the United States and across the globe. Cyber criminals are conducting reconnaissance and pre-positioning[4] for future operations, and are coordinating actions on a larger scale, like the recent cyber-attack against Poland’s energy sector[5].
Today, the threat to critical infrastructure, particularly in the United States, remains a top priority for industry and government. Adversaries are more patient, better resourced, and increasingly exploring how to enhance their attacks using advanced AI capabilities[6]. Many critical infrastructure operators also are working to integrate AI technologies into their cyber defense plans and operations. The race between defenders and attackers is on and it is unclear what side will win.
One key to successfully protecting the nation’s critical infrastructure is to establish and sustain intra-sector, inter-sector, and public-private partnerships. These distinct partnership types can help organizations operating and supporting critical infrastructure effectively and efficiently prepare for, respond to, and recover from cyber-attacks.
Intra-sector partnerships are perhaps the most efficient and effective approaches given an industry’s relatively shared threat landscape, security tool usage, and operational risks. When organizations within a critical sector share threat intelligence on potential or actual cyber-attacks, the entire industry can strengthen resilience to prevent threat actors from successfully scaling their attacks. Within the electric power sector, the Cyber Mutual Assistance (CMA) Program[7] serves as a decades-long proven model of collective defense. Following the 2015 attack on Ukraine’s electric grid, a group of CEOs within the Electricity Subsector Coordinating Council (ESCC) convened to discuss ways to prevent a similar outage, and CMA was born. Today, CMA is a group of security experts representing more than 210 electric and natural gas entities that stand ready to provide mutual assistance in the event of a significant cyber incident. This kind of support is vital in a shifting threat landscape where it is increasingly difficult for a single organization to defend itself against a growing number of malicious actors.
In addition to mutual assistance, it’s important for organizations within a sector to participate in joint exercises that challenge assumptions, strengthen relationships, and build resilience. For example, the Electricity Information Sharing and Analysis Center hosted its eighth biennial GridEx exercise[8]. This cyber and physical security exercise convened thousands of experts from across the electric power industry and government partners to assess and improve their responses to simulated attacks on the energy grid. GridEx helps to inform organizational planning and budget priorities that can strengthen the overall resilience of the U.S. energy grid.
Inter-sector partnerships are a natural expansion from those within an industry. No critical infrastructure sector has a monopoly on security threats or the experts to help defend against them, and many facets of U.S. critical infrastructure are interconnected and interdependent. As Volt and Salt Typhoon revealed, threat actors aim to burrow into multiple critical sectors with the goal of having the ability to disrupt U.S. economic and national security. Therefore, it’s imperative to work across sectors to better understand how adversaries are targeting critical infrastructure and to better strengthen it.
Another recent example is the 2024 CrowdStrike outage[9] that made computers inoperable in organizations across the transportation, financial, and healthcare sectors.
Finally, critical industries and government must renew their commitment to public-private partnerships. The Department of Homeland Security Cybersecurity and Infrastructure Security Agency launched the Joint Cyber Defense Collaborative in 2021 to unify public and private sector cyber defenses through real-time, bi-directional intelligence sharing operational planning. Two years later, the Department of Energy piloted the Energy Threat Analysis Center (ETAC) to fuse industry data with government intelligence so cyber defenders can identify, analyze, and mitigate threats together. ETAC experts from public power utilities, electric cooperatives, investor-owned electric companies, and oil and natural gas entities analyze threat intelligence in real time, assess potential impacts to the energy sector, and develop risk mitigations that are broadly shared by Information Sharing and Analysis Centers to energy providers across the country. These examples of public-private partnerships leading to operational collaboration can be extrapolated across other critical sectors.
America’s adversaries are constantly enhancing their cyber-attacks and increasingly looking for ways to compromise critical infrastructure. We must continue to meet these challenges head on by leveraging intra-sector, inter-sector, and public-private partnerships. Cyber resilience is the goal; partnership is how we achieve it.
References
1. Cybersecurity and Infrastructure Security Agency. (2023). The attack on Colonial Pipeline: What we’ve learned and what we’ve done over the past two years. https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years
2. Paganini, P. (2024). Memorial Hospital and Manor suffered a ransomware attack. Security Affairs. https://securityaffairs.com/170629/cyber-crime/memorial-hospital-and-manor-ransomware-attack.html
3. Franck, T. (2024, October 8). American Water, the largest U.S. water utility, says it was targeted in a cyber-attack. CNBC. https://www.cnbc.com/2024/10/08/american-water-largest-us-water-utility-cyber-attack.html
4. Cybersecurity and Infrastructure Security Agency. (2024). AA24‑038A: PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a
5. Cybersecurity and Infrastructure Security Agency. (2026, February 10). Poland energy sector cyber incident highlights OT and ICS security gaps. https://www.cisa.gov/news-events/alerts/2026/02/10/poland-energy-sector-cyber-incident-highlights-ot-and-ics-security-gaps
6. Anthropic. (2024). Disrupting AI-enabled espionage campaigns. https://www.anthropic.com/news/disrupting-AI-espionage
7. Electricity Subsector Coordinating Council. (n.d.). Cyber Mutual Assistance Program one-pager. https://www.electricitysubsector.org/-/media/Files/ESCC/Documents/CMA/Cyber-Mutual-Assistance-Program-One-Pager.pdf?la=en&hash=827569B6061E85794AC581BF383C89E5D9DCD419
8. Electricity Information Sharing and Analysis Center. (n.d.). GridEx. https://www.eisac.com/s/gridex
9. CrowdStrike. (2024, July 24). Falcon content update preliminary post‑incident report. https://www.crowdstrike.com/en-us/blog/falcon-content-update-preliminary-post-incident-report/
Tags: Vehicle Security Automotive cybersecurity
