Although approximately 85% of U.S. critical infrastructure is privately owned, the federal government should take a proactive, coordinating, and enabling role in shaping cybersecurity policy and safeguarding critical infrastructure, carefully balancing oversight with incentives that foster innovation.
Historically relying on trust and voluntary best practices, U.S. infrastructure sectors have seen growing federal oversight in the early 2020s. This includes mandatory incident reporting and stronger enforcement to boost national resilience. Although these measures boosted transparency, they also added layers of complexity and drove up compliance costs.
A stronger federal role strengthens preparedness, sets consistent cybersecurity standards, and promotes information sharing, but overly burdensome regulation risks stifling innovation and diverting resources from proactive defense.
With experience spanning communist and EU environments and expertise in startups, business intelligence, and compliance, I advocate a balanced U.S. cybersecurity approach that enforces standards and reporting to strengthen resilience while supporting business innovation and economic growth.
A balanced, risk-based approach is essential: domestically, the federal government should set minimum security standards, promote private-sector collaboration, and incentivize strong defenses, while internationally, flexible oversight signals U.S. resilience, deters cyber threats, and reinforces national credibility.
When it comes to AI, with only 44% of companies implementing governance policies, critical infrastructure faces both opportunities and urgent challenges. The U.S. can lead in space and AI by combining strategic investment, adaptive regulation, and risk-based cybersecurity, aligning law, policy, and practice through actionable guidance, private-sector implementation, and continuous monitoring.