The U.S. Chamber of Commerce, in collaboration with Trend Micro, convened the Threat Intelligence Forum, which brought together senior leaders from government and industry for in-depth discussions on the latest strategies and innovations shaping the market. Key topics included AI in cybersecurity, operational technology (OT) security, cloud and container security, and the evolving threat landscape. 

The event offered practical, outcome-driven discussion focused on real-world impact. The forum aimed to foster collaboration, share intelligence, and explore proactive strategies for defending critical infrastructure in an increasingly complex cyber environment. Below are recaps of each of the sessions.

Panel #1: Cloud and Container Security

• Stacy O’Mara, Senior Director of Cybersecurity Services, Venable (Moderator)
• Nick Polk, Federal Cybersecurity Branch Director, Office of Management and Budget (OMB)
• Mridul Chopra, Containers Specialist, Amazon Web Services (AWS)

With both public and private sector representation, this panel discussed how to improve upon public-private partnerships and optimize cloud and container security efficiency. 

Polk discussed the Trump administration’s Executive Order on Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity, which introduces amendments to the Biden administration’s Executive Order 14144. From his perspective, two key changes stand out: looking at the return on investment on secure software development and acquisition practices, along with working with the National Security Council (NSC) on public-key and post-quantum cryptography (PQC). Polk emphasized that the OMB remains  committed to PQC migration, with the release of agency guidance on migration expected soon. 

Polk also addressed the sunk-cost fallacy, stating that “just because we’ve invested in something for decades, doesn’t mean it still needs to be invested in today.” Secure software is a prime example of how OMB is re-evaluating whether or not their policies are having the impact they expect and desire. He highlighted the importance of making risk-based decisions and argued that software management should be dedicated to high-valued assets and high-impact systems.

Regarding threat intelligence, the government is moving from classified threat intelligence to commercial – providing real-time insights beneficial for civilian agencies. With support from CISA and OMB, the goal is to adopt a data-driven, centralized model that reduces guesswork and improves response speed. 

Looking ahead, Polk noted expected developments in federal IT, including closer coordination with both cloud service providers (CSPs) to centralize operations and help agencies for acquisition decisions. We may also see PQC migration and SaaS where everything is within CSPs’ control. 

Fireside Chat: OT Cybersecurity

• Matthew Eggers, Vice President of Cybersecurity Policy in the Cyber, Intelligence, and Security Division, U.S. Chamber of Commerce (Moderator) 
• James Wolff, Chief Information Officer, National Nuclear Security Administration (NNSA)

In this fireside chat, Eggers sat down with Wolff to discuss the reauthorization of the Cybersecurity and Information Sharing Act of 2015 (CISA 2015) and recommendations for public-private partnerships. Wolff emphasized the need for greater information sharing between industry, government, and customers. 

One of the core challenges stems from disjointed teams. For example, cyber teams may not have an established relationship with counsel, and even when incidents are reported to the FBI, that information does not always make its way back to customers. 

Improving  this connectivity and collating important information for the public will be critical to building a more resilient cybersecurity ecosystem. While much attention is given to the public-private relationship, there is a third piece: building a relationship with the customer. 

On the defense side, Wolff mentioned that the Department of Defense (DoD) is modernizing its entire delivery system portfolio as a way to drive efficiency within the IT department. With seven active weapon programs — more than during the Cold War or Manhattan Project — the NNSA wants to focus more on the weapons than the timeline and budget. 

Panel #2: AI Cybersecurity

• Shannon Murphy, Senior Manager for Global Security and Strategy, Trend Micro (Moderator)
• Martin Stanley, AI and Cybersecurity Researcher, National Institute of Standards and Technology (NIST)
• Johann Dettweiler, Chief information Security Officer, StackArmor

This panel explored the evolving challenges and opportunities of AI in cybersecurity, including how adversaries are leveraging AI for attacks, how AI can strengthen defenses, and how both public and private sectors can collaborate more effectively.

Stanley emphasized that defending AI systems requires more than conventional security controls. He outlined how the AI Risk Management Framework (AI RMF) helps organizations manage both the benefits and risks of AI adoption, with a strong focus on trustworthiness, including system confidentiality, integrity, and availability.

Looking ahead, NIST is working to align the AI RMF with its Cybersecurity Framework (CSF) to provide a more unified approach for organizations navigating AI and cybersecurity. These efforts are deeply collaborative, with thousands of stakeholders participating in recent workshops and open comment periods.

In the near term, NIST is developing an AI-specific control overlay for NIST SP 800-53, targeting risks like compromised training data, model theft, and access control within machine learning environments. Stanley also underscored the importance of applying zero trust principles, particularly in safeguarding models trained on sensitive data.

To close, Stanley urged industry to support adoption by clearly articulating compliance and integration requirements to government partners. Simplifying this process will be key to building stronger, more effective public-private partnerships as AI becomes increasingly embedded in critical systems.

Panel #3: Operational Technology (OT) Cybersecurity

• Laura Galante, Principal, WestExec Advisors (Moderator)
• Erin Shepley, Deputy Associate Director for the Joint Cyber Defense Collaborative (JCDC), Cybersecurity and Infrastructure Security Agency (CISA)
• Pat Ford, Chief Information Security Officer for the Americas Region, Schneider Electric 

Panelists highlighted the critical need for government and industry collaboration in a rapidly evolving cyber threat landscape. Coordinated detection and response, along with leveraging private-sector expertise, are essential to strengthening cybersecurity resilience nationwide.

Shepley described the Joint Cyber Defense Collaborative’s (JCDC) role in strategic and operational cyber defense, specifically in disrupting nation-state actors like China and Russia. The key goal is to reduce reliance on future patches by partnering with edge device vendors to identify common attack tactics and improve device security. She emphasized how combining threat insights from cloud providers, internet service providers (ISPs), cybersecurity firms, and government can build a comprehensive, real-time threat picture.

JCDC promotes real-time information sharing and crowdsourcing visibility to unite defenses, simplifying complex intelligence across diverse organizations to better protect critical sectors.

Shepley outlined four key challenges in assessing resiliency: 

• Threat Intelligence: Access to accurate, tailored intelligence from trusted community sources.
• Asset Awareness: Knowing what software and hardware is in use to respond quickly to vulnerabilities.
• Scoring and Thresholds: Prioritizing threats to allocate response efforts effectively.
• Incident and Vulnerability Response Plans: Actively maintaining and practicing plans with clear triggers to avoid “shelfware.”

Addressing these challenges helps reduce the “fog of war” during the critical first 24 to 72 hours of an incident.

By tackling these challenges together, government and industry can build stronger, more resilient defenses to better protect against today’s complex and evolving cyber threats.

The Threat Intelligence Forum highlighted an urgent need for close collaboration between government and industry to address an increasingly complex cyber landscape. Central themes included securing next-generation AI systems, improving visibility across diverse infrastructures, and fostering public-private partnerships that streamline communication and response. United efforts can strengthen national cybersecurity resilience and prepare organizations for the evolving threats ahead.

‍