Concerns Over Infrastructure Security Continue to Escalate

A new bill is fueling critical conversations that go beyond the grid.

Feb 26, 2026
Manufacturing Infrastructure Cyber

The Energy Threat Analysis Center Act of 2026 aims to strengthen cybersecurity, threat analysis, and resilience across the energy sector. The bill would amend the Infrastructure Investment and Jobs Act and reauthorize the Department of Energy’s Energy Sector Operational Support for Cyber Resilience Program through fiscal year 2031. It calls for: 

  • Expanded classified and unclassified information sharing, joint threat analysis, and new technical infrastructure to support faster detection and     coordinated response across government and industry.
  • The legislation also includes strong protections for sensitive data, exempting shared information from FOIA disclosure and placing assistance decisions solely at the discretion of the Energy Secretary.
  • The proposal comes amid rising concern over state-linked activity and ransomware targeting energy and utilities organizations, underscoring the sector’s growing exposure to cyber threats.

Christian Schnedler, former counter terrorism specialist and current CEO of Rilian offered these thoughts on the proposed legislation. 

“The proposed new bill also complements other US policies to strengthen energy sector cyber defenses, such as the North American Electric Reliability Corporation Critical Infrastructure Protection Standard, or NERC CIP-15. The new legislation improves the sector's collective visibility into threat actors, their tactics and indicators of compromise at a national level, while CIP-015 requires visibility into each operator's networks, enabling operators to apply this shared intelligence operationally. 

"But it is important to remember that intelligence without visibility might fail to achieve the intended effect.  

"The Bill calls for a new Section A (II) as follows: 'by increasing operational collaboration through establishing the technical infrastructure necessary to house, access, and perform advanced analytics and experimentation to enable analysis, discovery, alerts, and collaboration activities of intelligence-driven and intelligence-informed technical data and knowledge, threat information and to share actionable insights and threat mitigation.' 

"This is a directionally-correct amendment in that it supports public-private collaboration and acknowledges the need for technology to assist in the same. However, the Bill is extraordinarily high level and focused on intelligence collection and sharing. 

"The net effect will be, at best, that energy providers will have a better understanding of the threat landscape through this enhanced public-private partnership — but so long as they are able to operate with their head in the sand they will be in no better of a position to preempt or respond to an attack against their infrastructure.

"What do I mean by this? 

"The critical infrastructure relies on the ‘Purdue Model’ which essentially suggests that so long as no device in your operational technology network interfaces with the internet, then there is no way a threat actor can disrupt your operational activities. 

"An unfortunate but all-too-common second order effect of this logic is that so long as networks are ‘air gapped,’ the need to gain visibility into them is seen as unnecessary. Even worse, the act of ‘piercing the veil’ and allowing for centralized visibility of the traffic on these networks is seen as an increase in exposure based on the largely false assumption that enabling such visibility creates a path that threat actors can leverage from the outside in.

"Why does this matter for this Bill? Greater intelligence sharing and collaboration will enhance energy providers’ awareness of the threat landscape. However, it will not materially impact the security of America’s critical infrastructure so long as willful blindness of what is going on in these networks remains the norm. 

"Rather than intelligence sharing, the recommendation we as Rilian would put forward is to focus on the sharing and collaboration around events and alerts occurring within these networks, which presupposes and essentially forces that these organizations gain visibility into what is going on in there. 

"This, in context with the external threat intelligence contemplated by this Bill, will enable actionable intelligence and produce informed recommendations regarding which vulnerabilities should be addressed, scenario planning around the impact of a potential breach of these vulnerabilities, and collaborative threat hunting when (not if) an attack occurs.”

While the energy sector is not a new topic of concern when it comes to government involvement in cybersecurity, the profile of these entities has been raised in recent months following the CERT Polska report detailing attacks on energy infrastructure in Poland.

Manish Sharma, CISO at Aurigo Software offered the following commentary about the situation.

“The Poland energy-sector incident should not be viewed as a one-off; it is the latest proof point in a widening global pattern of cyber threats aimed at critical infrastructure, where the boundary between IT and operational technology is now a direct path to real-world disruption. 

"This attack targeted industrial control environments across energy facilities and came close to a devastating level of impact, reinforcing what incidents in Ukraine’s power grid, the TRITON safety-system attack in petrochemicals, ransomware-driven operational shutdowns like Colonial Pipeline, attempted manipulation of treatment processes in water utilities, and even satellite-network disruptions affecting wind-farm operations have already shown: modern infrastructure is increasingly a geopolitical battleground, and operational environments that were never designed to be internet-connected are now on the frontline. 

"For organizations running long-term capital programs—data centers, grid expansions, renewables, transport, and water - cybersecurity cannot sit separate from the asset or be bolted on late in the lifecycle; cyber-resilience must be engineered in from day one, alongside visibility and control over the legacy systems that still underpin essential services. 

"Resilience now means not only preventing intrusions, but ensuring operations can fail safely, recover quickly, and continue serving communities—because digital risk is no longer separate from physical risk, and must be planned, governed, funded, and tested the same way.”

Read Next
Industrial Cyber
Cybersecurity
OPSWAT, Emerson Partner on Cybersecurity for Critical Infrastructure
June 4, 2026
Latest in Cybersecurity
Fixing Congested/Underutilized Loading Docks
Sponsored
Fixing Congested/Underutilized Loading Docks
June 5, 2026
Robot Human Hand Connection 000075665883 Small
The Impact of AI on the Identity Attack Surface
June 4, 2026
Industrial Hack Andrey Popov
Your RAID Backup Isn’t Really Backup
June 4, 2026
Phishing Tadamichi
A Simple Tool to Combat Phishing Schemes
June 4, 2026
Related Stories
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
Wi-Fi Security Flaws Exposed
Coding
Cybersecurity
Research Uncovers Critical Vulnerabilities in Claude Code
Ransomware
Cybersecurity
How You Should Approach a Ransomware Attack
Building AI-Powered Operations and Systems That Win
Sponsor Content
Building AI-Powered Operations and Systems That Win
More in Cybersecurity
Fixing Congested/Underutilized Loading Docks
Sponsored
Fixing Congested/Underutilized Loading Docks
Carriers are not the main cause of this problem. Here’s what’s really happening.
June 5, 2026
Robot Human Hand Connection 000075665883 Small
Cybersecurity
The Impact of AI on the Identity Attack Surface
Companies are giving AI agents the keys to critical systems faster than safeguards can be established.
June 4, 2026
Industrial Hack Andrey Popov
Cybersecurity
Your RAID Backup Isn’t Really Backup
Avoid finding out the hard way.
June 4, 2026
Cybersecurity
Brooke Watson
Macrium
June 4, 2026
Phishing Tadamichi
Cybersecurity
A Simple Tool to Combat Phishing Schemes
Consistent email signatures can help support human-centric security and foster a cybersecurity culture.
June 4, 2026
Cybersecurity
Yuval Yelin
CISO at WiseStamp
June 4, 2026
Ai Cybersecurity Ismagilov
Cybersecurity
Trump's AI Order Generates Support, Raises More Questions
'Adversaries are operating at machine speed and the Government is operating at bureaucracy speed.'
June 4, 2026
Patching Istock Pashalgnatov
Cybersecurity
Verizon Report Fuels Feedback on AI, Patching, Vulnerability Management
'The reflex after a report like this is to procure more AI. The data argues against it.'
June 4, 2026
Hacktivist Peshkov
Cybersecurity
CISA, Partners Release Fact Sheet on Securing Automatic Tank Gauge Systems
Threat activity involves bad actors manipulating the readings of internet-exposed ATG systems.
June 3, 2026
Kela
Cybersecurity
Inside The Gentlemen Data Breach
Breaking down how this Ransomware-as-a-Service group has surged in the threat rankings.
June 2, 2026
Phishing Tadamichi
Cybersecurity
Report Details New Phishing Scheme
How calendar invite files are now being used to unleash malware.
June 2, 2026
Hacker In Clouds Leolintang
Cybersecurity
The Expanding OT Threat
These attacks are finally being recognized for impacts that go beyond just a single enterprise.
May 29, 2026
Soc
Cybersecurity
OT Remote Access Compliance Tool Helps Control Audit Costs
Continuous audit evidence is built into OT and CPS remote access - eliminating manual work.
May 29, 2026
Encryption
Cybersecurity
The Risks of Delaying Quantum Encryption Strategies
The mindset is understandable, but dangerous.
May 29, 2026
Ai
Cybersecurity
The Hidden Pitfalls of AI Integration in Manufacturing
The question is not whether AI can be useful, but whether it can be integrated without compromise.
May 29, 2026