Really? CISA isn't allowed to work with any private companies on a problem that impacts critical infrastructure and thus national security? Do you have any sources for this claim?

Nobody's saying that CISA would break down Verizon's doors and go to their keyboards and start pushing commits, but they sure as hell are working with the telecom industry.