INSIGHT: Five Quick Takes from CXC’s Inaugural Symposium

On June 18, more than 120 leaders from industry, government, and the broader critical infrastructure community gathered in Washington, D.C., for CXC's inaugural Cross-Sector Symposium.

Conversations spanned artificial intelligence, supply chains, emergency response and interdependencies, unmanned aircraft systems (UAS), and cross-sector collaboration. While each panel explored a different topic, many arrived at the same conclusions. Here are five themes that surfaced repeatedly.

1. The biggest knowledge gap isn't inside your organization—it's at the seams between organizations.

Organizations generally understand the systems they own. What they struggle to understand are the cascading impacts when another sector experiences disruption and when the services they rely on become unavailable. Whether discussing AI, emergency response, or supply chains, experts repeatedly returned to the same challenge: resilience increasingly depends on understanding not just your own operations, but everyone else's dependencies on them—and yours on theirs. Some examples:

  • Many facilities, from hospitals to data centers, rely on backup generators and fuel supply contracts that guarantee prioritization. But if there are only one or two suppliers in an area, when a widescale incident (say, a hurricane) takes out multiple sites, prioritization cannot be guaranteed.

  • The next frontier in supply chain resilience isn't Tier 1 suppliers—it's understanding the dependencies that exist beyond them: the supplier’s supplier and beyond. Unknown sub-tier relationships continue to surprise organizations during disruptions, and some companies are mapping out second and third tier supply chains in order to prepare.

2. Relationships are an operational capability.

One of the strongest messages from participants was that resilience depends as much on relationships as it does on technology. Trusted relationships enable organizations to share information more quickly, coordinate more effectively during incidents, and solve problems collaboratively before they become crises. Those relationships cannot be built during an emergency; they must be established beforehand.

Throughout the symposium, experts repeatedly highlighted 1) the value of bringing together practitioners who might not otherwise have opportunities to engage with one another in order to build trust and 2) the need for different sectors and job roles to learn to speak each other’s language…perhaps not fluently, but well enough to work together – before a crisis occurs.

3. Practitioners want practical solutions, not just more reports and technology tools.

Across every panel, attendees emphasized the need for practical, operational guidance – and in some cases, the simpler the better.

Organizations are looking for:

  • Proven practices

  • Templates and playbooks

  • Exercises

  • Case studies

  • Examples of what works

While frameworks and policy remain important, participants consistently expressed a desire for resources that help them implement resilience strategies within their own organizations. Another point surfaced repeatedly: organizations don't necessarily need more guidance—they need help finding and applying the guidance that already exists. In other words, members aren't asking CXC to reinvent the wheel. They're asking us to help identify which wheels actually work. CXC has heard the message loud and clear: curate, don't duplicate.

4. When it comes to AI, existing security frameworks can be adapted, not just replaced. 

Artificial intelligence generated some of the day's most active discussion.  Acknowledging that hosting AI in our critical systems is no longer a “choice,”, conversations focused on how organizations can adopt the technology responsibly while managing new operational risks and dependencies. Many noted that existing cybersecurity and risk management principles remain highly relevant—they simply need to be adapted for rapidly evolving technologies. Participants discussed the importance of establishing governance, clarifying accountability, and translating technical AI issues into practical decisions for executives and operators. Perhaps the bigger challenge isn't technical—it's organizational. Who owns AI risk? Who decides what's acceptable? And how do technical experts translate AI risks into decisions executives can act on?

5. Cross-sector thinking is a must-have in resilience planning.

Perhaps the clearest takeaway from the symposium was that no single organization—or even a single sector—can solve today's resilience challenges alone. Participants repeatedly identified opportunities to strengthen collaboration across and between industry, government, and academia while improving communication across critical infrastructure sectors.


In the coming weeks, CXC will be hosting a follow-up session with sponsors and board members to identify and prioritize projects in the cross-sector space. A full report on the symposium will be available for CXC members.

Next
Next

EVENT: 6/24 Maritime Transportation System ISAC’s Cybersecurity Summit