Which set of measures best protects U.S. critical infrastructure against cyber threats and coordinates defense with the private sector?

Protecting U.S. critical infrastructure against cyber threats requires a comprehensive, layered approach that blends technical protections with organized response and strong collaboration between government and the private sector. Cyber hardening reduces vulnerabilities by securing systems and configurations; redundancy ensures essential services stay up even if parts of the system are attacked or fail; and having robust incident response enables rapid detection, containment, and recovery across the affected networks and sectors. But because most critical infrastructure is privately owned, government-led coordination through public-private partnerships is essential to align standards, share threat intelligence, coordinate defenses, and run joint exercises. Together, these elements create both the technical prevention and the coordinated resilience needed to protect critical services. Without incident response plans, even well-hardened and redundant systems can suffer extended damage because threats aren’t detected quickly and containment and recovery aren’t coordinated. Without technical measures, public-private partnerships won’t address the underlying vulnerabilities. And public-private collaboration without concrete technical actions or incident response capability leaves gaps in protection, threat sharing, and rapid joint action. Relying solely on private sector resilience misses the scale and speed of government coordination that national infrastructure protection relies on.