Critical Infrastructure

What Federal Contractors Should Be Watching This Summer

Summer 2026 has arrived with a new wave of artificial intelligence (AI) policy from the White House. On June 2, 2026, President Trump signed an Executive Order titled “Promoting Advanced Artificial Intelligence Innovation and Security” (the Order). The Order directs federal agencies—on aggressive 30‑ and 60‑day timelines, with key deliverables due by July 2, 2026 and August 1, 2026—to harden federal information systems with AI‑enabled defenses, establish a voluntary framework for pre‑release federal access to so‑called “covered frontier models,” and prioritize criminal enforcement against malicious AI‑enabled cyber activity. Although the Order is framed as innovation‑and‑security policy and expressly disclaims any “mandatory governmental licensing, preclearance, or permitting requirement” for new AI models, it will have immediate operational consequences for federal information‑technology and cyber contractors, AI developers, critical‑infrastructure operators, and their service providers.

Continue Reading AI Heats Up: New Executive Order on Promoting Advanced Artificial Intelligence Innovation and Security

July’s “Winning the Race: America’s AI Action Plan,” released by the White House, contains helpful recommendations for the energy sector as the use of AI becomes more prevalent and, with it, the need for more energy. The plan recommends the use of an existing consultation and coordination process for expediting the federal permitting and review of large infrastructure projects to cover all eligible data center and data center energy projects. It also recommends optimizing existing grid resources, prioritizing the interconnection of reliable power sources, ensuring sufficient generation exists to support data centers, and embracing new technology and sources of energy.

Continue Reading Power Up: What the AI Action Plan Means for the Energy Sector

Cyber incidents involving critical infrastructure pose a serious risk to the US. In March 2024, the Environmental Protection Agency and the National Security Advisor warned state governors about potential attacks on drinking water and wastewater facilities by specific Iran- and China-aligned hackers. The following month (on April 4, 2024), in an attempt to prepare for such attacks and otherwise improve the federal government’s ability to collect and analyze data related to cyber incidents on critical infrastructure, the Cybersecurity and Infrastructure Security Agency (CISA) issued a proposed rule to implement cyber incident reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Enacted in an omnibus appropriation, CIRCIA directed CISA to issue rulemaking requiring the reporting of cyber incidents or the payment of ransoms in response to cyberattacks affecting critical infrastructure.  

Continue Reading CISA’s CIRCIA Proposed Rule: Another Player Enters the Reporting Regime

For just shy of a decade, the Defense Industrial Base (DIB) has had to operate under rules dictating the safeguarding of Controlled Unclassified Information, along with a strict 72-hour notification requirement if/when/should a “cyber incident” occur. For the uninitiated, these are the requirements found in the Department of Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. And for a large swath of government contractors, these requirements have been more bane than benefit, as many have struggled to meet the DFARS’ stringent requirements.Continue Reading Critical Infrastructure Industry Drafted: Welcome to the Cyber War