Cyber Focus

Cyber Focus, from the McCrary Institute, explores the people and ideas that shape and protect our digital world. Each week our host, Frank Cilluffo, speaks with the leading voices in cybersecurity, and brings to light what steps public and private organizations need to be taking to keep our country secure.

Inside State Cyber Defense: Whole-of-State Security with Alabama's Daniel Urquhart and Chad Smith 11/18/2025

Inside State Cyber Defense: Whole-of-State Security with Alabama's Daniel Urquhart and Chad Smith State and local governments are stepping up to defend critical services against fast-evolving cyber threats. In this episode of Cyber Focus, Alabama’s top IT leaders show how they’re staying ahead of the curve. They explain how a hybrid, highly decentralized environment forces them to lean on shared standards, SLCGP funding, and whole-of-state partnerships. Along the way, they unpack a recent incident that came dangerously close to crisis and what it revealed about tools, visibility, and trust. They also look ahead to AI-enabled attacks, deepfakes, and “distortion,” and why automation and better intel will shape Alabama’s next moves. Watch to see what other states, utilities, and local leaders can learn from Alabama’s playbook. Main Topics: How Alabama OIT governs technology across roughly 140 executive agencies in a mostly decentralized environment. Using SLCGP funds, shared contracts, and enterprise tools to lift up smaller municipalities that lack resources. Rethinking threat intelligence by pairing MS-ISAC and CISA feeds with deep knowledge of state business processes. Lessons from a major cyber incident, including incident-response retainers, tooling gaps, and the value of open communication. Building whole-of-state partnerships with CISA, FBI, utilities, National Guard, and the McCrary Institute through exercises and real incidents. Preparing for AI-enabled cyberattacks through automation, platform integration, and continuous upskilling for Alabama’s cyber workforce. Key Quotes: “Cybersecurity is a team sport. It’s not just one person. We’re trying to build the community.” — Daniel Urquhart “There’s a huge concern that I have as we think about the amount of threats that are going to come at us from an AI enabled cyber attack. It is going to be so broad and so unlike anything that we’ve seen today.” — Chad Smith “I think we have to be willing to talk about [a recent cyber incident] so that people can learn from it, but also so that people know, hey, they're actually doing something and things are happening in a way that we can respect.”— Chad Smith “We try to do a lot of education and team building and building that cohesive whole estate approach by setting up technology demos and articulating the why.” — Daniel Urquhart “We’ve done a really good job the last couple of years working with the FBI, Secret Service, National Guard. Those types of partnerships can make us stronger as a state.” — Daniel Urquhart Relevant Links and Resources · · Guest Bios: Daniel Urquhart is the Secretary of the Alabama Office of Information Technology. OIT is responsible for the strategic planning, governance, and resource utilization of all IT for the State of Alabama. Before joining OIT, he served as CIO for the Alabama Law Enforcement Agency, where he worked with industry partners to build a state-of-the-art criminal justice network. Chadwick Smith serves as the Chief Information Security Officer for Alabama’s Office of Information Technology (OIT). Mr. Smith has worked in the technology industry for over twenty-five years. Prior to joining OIT, Chad worked in the insurance, banking, and data communications industries. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/39080350

The Hidden Dangers in Your Supply Chain with SecurityScorecard's Aleksandr Yampolskiy 11/11/2025

The Hidden Dangers in Your Supply Chain with SecurityScorecard's Aleksandr Yampolskiy SecurityScorecard CEO Aleksandr Yampolskiy joins Cyber Focus to warn that third-party risk is now the dominant cybersecurity epidemic. With just 150 companies responsible for 90% of the global attack surface, a single compromise can ripple across sectors and continents. He and host Frank Cilluffo explore the cascading risks of software dependencies, fourth- and fifth-party exposure, and the challenges of shadow IT and shadow AI. Yampolskiy outlines where companies fall short on governance and calls for outcome-driven oversight, not just busywork. They also discuss how AI can be both a vulnerability vector and a force multiplier for defense. Main Topics Covered • Third-party breaches now account for 65% of cyber incidents globally • Only 150 companies comprise 90% of the global attack surface • The risks of shadow IT and “shadow AI” leaking sensitive data • Systemic vulnerabilities in critical infrastructure like U.S. ports and healthcare • Limitations of compliance-driven approaches without continuous risk measurement • The need for clear governance, outcome-oriented metrics, and board-level engagement Key Quotes “65% of data breaches today happen through use of a third party. Hackers go after one weak link.” — Aleksandr Yampolskiy “150 companies’ products comprise 90% of a global attack surface. So if one of those companies gets compromised, all of a sudden, you can compromise almost everybody.” — Aleksandr Yampolskiy “You can be fully compliant with all the regulations, but not secure. Or you could be really secure but not compliant.” — Aleksandr Yampolskiy “An employee takes [the] general ledger or... some sensitive corporate information, uploads it to ChatGPT—or worse, to [a model] in China—gets a beautiful response, looks like a champion... but then you just leaked sensitive information from a company and nobody knows about it.” — Aleksandr Yampolskiy “Our ability to network has far outpaced our ability to protect networks.” — Frank Cilluffo Relevant Links and Resources • Guest Bio Aleksandr Yampolskiy is the Co-Founder and CEO of SecurityScorecard, a global leader in cybersecurity ratings and risk management. A former CISO and CTO, he has led the company since 2014 in helping tens of thousands of organizations—including half of the Fortune 100—measure and strengthen their cyber resilience. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38981810

CVE at a Crossroads: Global Standards, Local Failures, and What Comes Next with Nick Leiserson 11/04/2025

CVE at a Crossroads: Global Standards, Local Failures, and What Comes Next with Nick Leiserson Cybersecurity veteran joins Cyber Focus this week to break down critical governance gaps in the Common Vulnerabilities and Exposures (CVE) system and what’s at stake if they’re not fixed. He and host Frank Cilluffo explore the risks of global fragmentation, the lingering fallout from the F5 breach, and why policy tools like Executive Order 14028 remain stalled. Leiserson warns that the U.S. court system faces an under-the-radar cyber crisis, and shares specific, actionable funding priorities Congress should tackle now. From software supply chain failures to operational coordination gaps, the episode provides a sharp look at what’s missing in the federal cybersecurity response—and what can still be done to fix it. Main Topics Covered · Why CVE is the global “lingua franca” for vulnerabilities—and what happens if it fails · How a near-shutdown exposed CVE’s fragile funding and governance model · The F5 breach and what it reveals about persistent risks in the software supply chain · Missed opportunities in EO 14028 and regulatory inertia in implementation · Why the U.S. court system breach is a cybersecurity crisis hiding in plain sight · Urgent spending needs: water system grants, K-12 cybersecurity, and court system defense Key Quotes “CVE... It’s the universal language that we can all look at and understand what we’re talking about. And today in 2025, we totally take that for granted.” “The worst case is fragmentation. The second worst is [when] government comes in and says, we're going to supplant the expertise that's been built up over 25 years” —Nick Leiserson “[Some ask] ‘Didn’t we put a bunch of policy in place to stop SolarWinds?’ The answer is we did. If you look at Executive Order 14028… it came out in the immediate aftermath of SolarWinds, and it has not been implemented.” —Nick Leiserson “This is just one of those things that’s vaguely terrifying, and it takes a lot to terrify me after 15 years in this space. But as best we can tell from public reporting, either there’s been one continuous breach since 2020, or at least similar types of actors are continually being able to get into the federal court system.” —Nick Leiserson “[F5 is] one of these bits of technologies that most people would not immediately wake up and say that's essential to our economy, our national security, our public safety. But it is.” —Frank Cilluffo Relevant Links and Resources Guest Bio Nick Leiserson is Senior Vice President for Policy at the Institute for Security and Technology. He was a founding member of the Office of the National Cyber Director, where he led national cyber policy development and helped launch the National Cybersecurity Strategy Implementation Plan. Previously, he served as Chief of Staff to Rep. Jim Langevin and helped enact dozens of recommendations from the Cyberspace Solarium Commission. A longtime strategist on Capitol Hill and in the White House, Leiserson is known for translating complex tech policy into action on issues ranging from regulatory harmonization to software liability. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38910220

Code Red: Breaking Down China’s Cyber Offensive—Volt, Salt, and Flax Typhoon 10/28/2025

Code Red: Breaking Down China’s Cyber Offensive—Volt, Salt, and Flax Typhoon What do Volt Typhoon, Salt Typhoon, and Flax Typhoon reveal about China's cyber playbook? This episode of Cyber Focus breaks down a new McCrary Institute report on China’s advanced persistent threat campaigns—and what they mean for U.S. national security. Frank Cilluffo sits down with Mark Montgomery, Brad Medairy, and Bill Evanina to explain how China is embedding itself in American infrastructure, telecom, and data systems. They warn that Beijing is laying the groundwork for future conflict and that the U.S. response has been dangerously slow. The guests call for stronger deterrence, better public awareness, and a renewed focus on the economic toll of cyber theft. Main Topics Covered China’s long-term cyber threat strategy Volt Typhoon and infrastructure targeting Salt Typhoon and telecom espionage Flax Typhoon and persistent access Gaps in U.S. cyber deterrence Economic costs of IP theft Relevant Links and Resources Key Quotes: "Each year we can say the threat has grown. And I would say the leading driver of that growth in the cyber threat environment in the United States is China." — Mark Montgomery "China is using cyberspace to project power. And as a nation, I think that we need to recognize this threat." — Brad Medairy (~05:50) "Until people believe that [China’s cyber actions] matters to them, we're not going to get the kind of actions we need." — Mark Montgomery “China[‘s] … offensive cyber tradecraft is going to be AI enabled. They're going to be able to deliver effects and capabilities at pace that we never imagined. — Brad Medairy “I think the Chinese want not only us, but they want the world to know that they're inside… Xi wants… the world to know that he can do this.” — Bill Evanina “We have to expeditiously get into place where we could harden ourselves so the railroad could work, the ports work, the electricity grids work. We're not ready. We're nowhere near ready.” — Bill Evanina Guest Bios: RADM Mark Montgomery (Ret.) is Senior Director of the Center on Cyber and Technology Innovation and a Senior Fellow at the Foundation for Defense of Democracies. He also serves as Executive Director of Cybersolarium.org, a nonprofit advancing the recommendations of the Cyberspace Solarium Commission, which he led from 2019 to 2021. Previously, he was Policy Director for the Senate Armed Services Committee under Senator John McCain, following a 32-year career as a nuclear-trained surface warfare officer in the U.S. Navy, retiring as a Rear Admiral in 2017. Bill Evanina is the Founder and CEO of the Evanina Group, where he advises corporate boards and CEOs on strategic risk, counterintelligence, and national security threats. He served as the first Senate-confirmed Director of the National Counterintelligence and Security Center (NCSC), leading U.S. government efforts to defend against espionage and foreign influence. A 24-year FBI veteran, Evanina held senior roles in both counterintelligence and counterterrorism and previously led the CIA’s Counterespionage Group. He also chairs national and international security boards and is an instructor at the University of Chicago. Brad Medairy is an Executive Vice President at Booz Allen Hamilton, where he leads the firm’s cybersecurity business and supports national-level clients including the FBI, DHS, DOD, U.S. Cyber Command, and the Intelligence Community. He focuses on protecting critical infrastructure, securing emerging technologies, and defending against advanced cyber threats. Medairy leads multidisciplinary teams that integrate AI, cloud, and cyber operations to deliver full-spectrum solutions. He has been recognized as a Top 50 Cybersecurity Leader and Cyber Executive of the Year, and holds degrees from UMBC and Johns Hopkins University. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38811490

Fuel, Force, and the Frontlines: Critical Infrastructure in Conflict with Chris Cleary 10/21/2025

Fuel, Force, and the Frontlines: Critical Infrastructure in Conflict with Chris Cleary What if the easiest way to disrupt U.S. military operations isn’t with missiles—but by targeting fuel logistics? In this episode, Chris Cleary explains how civilian infrastructure has become a frontline in national defense. He and Frank Cilluffo discuss how adversaries exploit cyber vulnerabilities to slow military response, and why deterrence requires more than just rhetoric. They unpack the case for a dedicated Cyber Force, the suprising way Chris thinks it should be structured, and the challenges of coordinating across government and industry. With prepositioned threats like Volt Typhoon in the headlines, the stakes are higher than ever. Main Topics Covered How fuel logistics shape U.S. military readiness in the Pacific Why adversaries target civilian infrastructure like water and power systems What defines a “cyber attack” under rules of engagement Gaps in deterrence, response, and public signaling The case for a U.S. Cyber Force modeled after the Coast Guard Challenges of coordination across agencies and private sector providers Key Quotes “I could degrade the Navy's ability to run around in the Pacific by just limiting the ability to move fuel on the west coast of the United States.” — Chris Cleary “If [China’s cyber forces] are in Littleton, Massachusetts, they're everywhere.” — Chris Cleary “I would argue a cyber force of the future looks more like a Coast Guard than a Navy.”— Chris Cleary “I am a true believer that cyber is a legitimate means and methods of warfare. And we are going to have to professionalize in it.” — Chris Cleary “All the zero trust in the world is not going to stop—a China, a Russia, a sophisticated organization—from targeting you.” — Chris Cleary Relevant Links and Resources 60 Minutes on China's Cyber Infiltation: Guest Bio Christopher Cleary is Vice President of Global Cyber Practice at ManTech. He previously served as the Department of the Navy’s Principal Cyber Advisor, where he led the implementation of the DoD Cyber Strategy across the Navy and Marine Corps. Prior to that, he was the Navy’s Chief Information Security Officer and Director of Cybersecurity within the Department of the Navy CIO’s office. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38644970

Cyber Force, ROI, and the Case for Reform with Ed Cardon & Josh Stiefel 10/14/2025

Cyber Force, ROI, and the Case for Reform with Ed Cardon & Josh Stiefel Should the U.S. have a dedicated Cyber Force? In this episode, General Ed Cardon and Josh Stiefel examine persistent gaps in the nation’s cyber posture, from undefined mission boundaries to unclear return on billions in cyber spending. They explore the organizational tradeoffs, workforce realities, and coordination challenges that have stalled progress, despite years of warnings. With host Frank Cilluffo, they unpack what it would take to move beyond patchwork solutions. Main Topics Covered The failure of past “wake-up calls” to drive meaningful cyber reform Gaps in command, control, and mission clarity across defensive cyber operations The case for a dedicated Cyber Force and what it would need to solve on day one Why workforce development—not just recruitment—is central to cyber readiness The role of metrics and return-on-investment in cyber spending The importance of establishing clear operational roles between NSA, CNMF, DC3, DCDC Key Quotes: “How many of these have we been through, these quote, unquote, watershed moments that were going to change everything? … How cataclysmic does an incident have to be to get us to actually move one way or the other? - Josh Stiefel “From 2020 to 2025, if you take all the budgets together, we've spent $29.9 billion on cyber operations. That's as much as two Ford-class aircraft carriers. Do we have the equivalent combat capability in cyberspace as two Ford-class carriers? I'd argue no.” - Josh Stiefel “[Cyber Com] just is not where it needs to be. It's doing great work, but not at the scale and breadth that we know we're going to need. – Ed Cardon “In my experience, we tend to study [decisions like standing up a Cyber Force] for a couple of years before we implement it. We don't have that kind of time.” – Ed Cardon “Each one [of the typhoons] is a really bad day. Collectively, it’s the perfect storm. And the fact that we at least publicly haven’t made it a much bigger set of issues is going to send a signal to all of our adversaries that this is okay.” – Frank Cilluffo Relevant Links and Resources CSIS Cyber Force Commission: Guest Bios: Joshua Stiefel is the former Professional Staff Member on the House Armed Services Committee, where he oversaw cyber and IT policy, operations, and procurement. He previously served as Senior Cyber Policy Advisor at the Department of the Treasury, leading sector-wide cybersecurity initiatives and authoring its first vulnerabilities study. A former DoD intelligence officer who deployed with Special Operations Forces in Iraq, he now serves in the U.S. Navy Reserve. He is a Term Member of the Council on Foreign Relations and holds degrees from Harvard and Lehigh. Lt. Gen. Edward Cardon (Ret.) served 36 years in the U.S. Army, including as Commanding General of Army Cyber Command, where he built it into a world-class force with 41 cyber mission teams. He later directed the Army Office of Business Transformation, helping establish Army Futures Command. His career also included leading the 2nd Infantry Division in South Korea and multiple combat deployments. Today, he is a Senior Counselor at The Cohen Group and advises defense and technology organizations. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38578690

Inside In-Q-Tel: Investing in America’s Cyber Future with Katie Gray 10/07/2025

Inside In-Q-Tel: Investing in America’s Cyber Future with Katie Gray Katie Gray, a senior partner at In-Q-Tel, joins host Frank Cilluffo to pull back the curtain on the venture firm’s role in advancing U.S. national security through tech innovation. As head of In-Q-Tel’s cyber investment practice, Gray offers rare insight into the organization’s dual-use investment model, its evolving priorities, and the technologies it believes will define the next 25 years. They discuss how In-Q-Tel identifies emerging threats, evaluates startups, and bridges the gap between cutting-edge technology and urgent government needs. Topics include AI, quantum, cyber-physical security, and the vulnerabilities shaping today’s threat landscape. The conversation also highlights In-Q-Tel’s unique role as both strategic investor and national security partner. Main Topics Covered In-Q-Tel’s origin, mission, and evolution beyond the intelligence community How In-Q-Tel identifies promising startups and matches them with agency needs The shifting threat landscape in cyber, including Volt Typhoon and AI-driven attacks Investment priorities in space, supply chain security, and operational technology The dual-use tech model and building resilience at machine speed A case study: VulnCheck and its impact across multiple government agencies Key Quotes "We are dramatically under invested as a nation in our cyber defenses… as we look to the future conflict, we're so vulnerable from a cybersecurity standpoint. " – Katie Gray "[For] every dollar that In-Q-Tel invests in a company, there’s $40 that are invested from the private sector." – Katie Gray "One of the things we do look for is to try and fund dual-use technology that has strong commercial [and] government market." – Katie Gray “We're going to be in a world where 80-90% of the code that is being written is being written by AI systems. – Katie Gray "We can’t be responding to [AI-driven cyber attacks] at human speed. We have to be responding to that at machine speed." – Katie Gray Relevant Links and Resources https://www.iqt.org/mission Guest Bio Katie Gray is a senior partner at In-Q-Tel, where she leads the organization’s cyber investment practice and supports mission-driven innovation across the U.S. national security landscape. She previously spent more than a decade in software product management, leading development for mobile devices at Palm, HP, and Plastic Logic. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38496590

How Scammers Exploit Trust and FOMO: Kicking Off Cybersecurity Awareness Month with Lisa Plaggemier 09/30/2025

How Scammers Exploit Trust and FOMO: Kicking Off Cybersecurity Awareness Month with Lisa Plaggemier Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance, joins host Frank Cilluffo to discuss how public education can combat online scams, fraud, and cyber threats. With billions of campaign impressions and only a nine-person team, the Alliance focuses on motivating behavior change through creative, jargon-free outreach. Plaggemier explains how scams like pig butchering are orchestrated by organized crime and even nation-state actors—and why the U.S. needs a coordinated national response. The episode highlights the growing need for cross-sector data sharing, targeted messaging for seniors, and a “scam czar” to unite fragmented efforts. As Cybersecurity Awareness Month kicks off, the conversation underscores how individual actions and shared responsibility can help close critical gaps in digital safety. Main Topics Covered • The mission of the National Cybersecurity Alliance and its consumer-focused campaigns • Core Cybersecurity Awareness Month themes: MFA, passwords, updates, and scams • Reaching overlooked populations through creative outreach like Kubikle and safe-word campaigns • The scale and structure of online scams like pig butchering and their ties to nation-state actors • The call for a national “scam czar” to coordinate public-private response • Challenges in cross-sector data sharing and the limits of current fraud response models • Upcoming efforts to reach K-12 audiences and improve campaign impact across age groups Key Quotes “We are a tiny nonprofit of nine people and we reach billions of people every October.” — Lisa Plaggemier “I can hack away at our banks and probably not come away with any cash. [But] I can hack away at individual customers of the bank and come away with millions of dollars, and there's no ISAC for my mom.” — Lisa Plaggemier “I do not think it would be a bad idea if we had a scam czar at this point because the adversary is so well organized.” — Lisa Plaggemier “Older folks are targeted less often, but when they fall victim, the dollar amounts are very high. They have their whole life savings at stake.” — Lisa Plaggemier “We've got in a lot of organizations, fraud teams that don't talk to security teams that don't talk to trust and safety teams. And so if you're still siloed in your organization, I think the call to action here is that that all needs to be seen as one.” — Lisa Plaggemier Relevant Links and Resources Guest Bio Lisa Plaggemier is Executive Director of the National Cybersecurity Alliance, where she leads efforts to make cybersecurity practical and accessible. She describes herself as “on a crusade to eliminate stock photos of hackers in hoodies,” underscoring her focus on real-world education over clichés. A former Ford Motor Company marketing executive, she now serves on the U.S. Secret Service Cyber Investigations Advisory Board and is based in Austin, Texas. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38409665

To the Point: The Under the Radar Risk of Letting Counter-Drone Authorities Expire with Matt Hayden 09/29/2025

Inside CISA Cuts, ODNI Shifts, and Spyware Threats with Federal News Network's Justin Doubleday 09/23/2025

Inside CISA Cuts, ODNI Shifts, and Spyware Threats with Federal News Network's Justin Doubleday What happens when the federal cyber workforce shrinks just as threats are multiplying? In this episode, Federal News Network’s Justin Doubleday joins host Frank Cilluffo to unpack the turbulence facing government agencies. They examine the mass departures at CISA, the controversial firings under DHS’s Cyber Talent Management System, and the looming risks of dismantling ODNI’s cyber intelligence hub. Doubleday also shares a chilling story of how El Chapo’s cartel used spyware and hacked city cameras to compromise FBI operations in Mexico—underscoring the new reality of ubiquitous surveillance. The conversation closes with a look at the Pentagon’s long-awaited CMMC rollout, Treasury’s “Do Not Pay” database, and the broader challenge of protecting both privacy and security in a digital age. Main Topics Covered Why CISA lost a third of its workforce and what that means for U.S. cyber defense How probationary firings under DHS’s Cyber Talent Management System shook trust in federal hiring The implications of ODNI shutting down its cyber intelligence integration center amid deep budget cuts Proposals in Congress to speed up security clearances and retain cleared talent longer A chilling account of how El Chapo’s cartel hacked FBI operations using spyware and city surveillance What the rollout of DoD’s CMMC rules will mean for defense contractors and future cyber regulations How Treasury’s “Do Not Pay” database ties into fraud prevention, privacy concerns, and the future of digital identity Key Quotes “A lot of [the departed federal cyber workforce is] on the books until October 1st and so we're kind of waiting to see exactly how many folks left and where the dust kind of settles as we get into the fall.” – Justin Doubleday “The probationary firings certainly cast a little bit of a negative light on the idea of joining the Cyber Talent Management System, because… you could be fired with a snap of a finger.” – Justin Doubleday “Commercial spyware is much more easily accessible for a range of groups and individuals. And it's almost impossible to detect when spyware has gotten onto a phone of an individual, even for a cyber expert.” – Justin Doubleday “I think there's concern that [with ODNI shutting down CTIIC] you're now going to go back to a situation where you have disparate views kind of bubbling up from across the intelligence community and you don't have that single source of truth at the top that's helping to sort things out for leaders.” – Justin Doubleday “As it goes with technology and cybersecurity, things are often nice to have until they're necessary.” – Justin Doubleday Relevant Links and Resources Cyber pay in government is as fragmented as ever CISA at a crossroads amid workforce cuts, pause, partnerships Security clearance reforms advancing in 2026 defense bill How a hacker for El Chapo illustrates existential counterintelligence threats Grand odyssey of CMMC nearing implementation OMB directs agencies to address Do Not Pay data gaps Guest Bio Justin Doubleday is a reporter for Federal News Network covering cybersecurity, intelligence, and technology policy. He tracks how federal agencies and lawmakers address evolving digital threats, insider risks, and the intersection of policy, procurement, and national security. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38326930

Why State and Local Cyber Grants Matter with New Jersey's Michael Geraghty and Arizona's Ryan Murray 09/16/2025

Why State and Local Cyber Grants Matter with New Jersey's Michael Geraghty and Arizona's Ryan Murray Congress faces a looming deadline to renew the State and Local Cybersecurity Grant Program (SLCGP), a federal initiative that helps states and municipalities defend against cyberattacks. In this episode, Frank Cilluffo speaks with New Jersey CISO Michael Geraghty and Arizona CISO Ryan Murray about how these grants are making a measurable difference on the ground. They detail how investments are protecting communities from ransomware, building out shared services, and training the next generation of cyber talent. The conversation underscores the urgency of continued funding to sustain trust, prevent losses, and strengthen the interconnected fabric of U.S. cyber defense. Main Topics Covered Explain why renewing the State and Local Cybersecurity Grant Program (SLCGP) is urgent. Show how federal grants reduce ransomware risk and generate measurable ROI. Use Arizona’s student-led SOCs to highlight workforce development and shared services. Describe New Jersey’s statewide approach to defending municipalities. Weigh the stakes of eroding trust and services if funding lapses. Explore the broader “one team, one fight” vision linking local, state, and federal defense. Key Quotes: “In the last year, that [endpoint detection] program stopped 179 ransomware attacks…for a $5 million investment, potential loss avoidance is about $45 million.” - Michael Geraghty “We're using some of those funds to hire interns as part of our workforce development effort. So we're deploying student-led regional security operations centers in partnership with our community colleges across the entire state [of Arizona].” – Ryan Murray “We’re all interconnected, right. Our cities connect to our county governments, connect to our state governments, and we connect to our federal partners. But unfortunately, our defenses have these seams, they have these gaps where we’re not so integrated in our defenses and our information sharing.” – Ryan Murray “There is no one organization that is going to be able to defend themselves against nation state actors, cyber terrorist organizations, transnational criminal groups, and even the hacktivists or low level hackers. But when we team up together through a strategy that again maximizes our resources, that’s when we become that much stronger.” - Michael Geraghty “One team, one fight, easier said than done. I think we all know that, but it’s challenging.” – Frank Cilluffo Relevant Links and Resources Guest Bios: Ryan Murray serves as Chief Information Security Officer for the State of Arizona. He previously served as CISO for the Arizona Department of Revenue and has nearly 20 years of IT and security experience. Michael Geraghty is New Jersey’s State Chief Information Security Officer and Director of the NJ Cybersecurity and Communications Integration Cell (NJCCIC). He has held senior cybersecurity roles in both the public and private sectors, including the New Jersey State Police and Prudential Financial /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38239785

Countering Ransomware, CISA 2015, and Active Cyber Defense with Cynthia Kaiser 09/09/2025

Countering Ransomware, CISA 2015, and Active Cyber Defense with Cynthia Kaiser Overview Cybersecurity threats are growing more complex as ransomware gangs, nation-states, and criminal networks converge. In this episode, Frank Cilluffo speaks with Cynthia Kaiser, senior vice president at Halcyon and former deputy assistant director for cyber at the FBI. They discuss the looming risk if Congress fails to reauthorize the Cybersecurity Information Sharing Act of 2015, the evolution of ransomware as both a business model and geopolitical weapon, and how industry must play a bigger role in active defense. Kaiser also explains the indiscriminate reach of Chinese espionage campaigns and the urgent need to define national red lines in cyberspace. Together, they outline why collaboration, innovation, and trust are essential to future cyber resilience. Main Topics Covered Halcyon Ransomware Research Center launch FBI lessons from major takedowns Cybersecurity Information Sharing Act stakes Ransomware and nation-state espionage Active defense and industry roles Balancing disclosure and attribution FBI of tomorrow and AI Red lines in cyberspace Key Quotes “If CISA 2015 lapses, companies may be less inclined or may be less able to share information with the government… And then America would be in the dark.” – Cynthia Kaiser (~07:37) “There's not one action that's going to stop Putin from cybering… And industry has such a critical role.” – Cynthia Kaiser (~11:04) “As a mom… the Chinese government now has information about who [kids] called, where they were, how long the call was… It really shows that the Chinese government is indiscriminate.” – Cynthia Kaiser (~22:45) “[Ransomware is] an ecosystem of businesses… And so broadening and being able to conduct more of these proactive active defense operations against criminal groups would have a really great effect.” – Cynthia Kaiser (~16:02) “[Washington] should really just be asking ‘What are our red lines today, and have we already gone over them?’” – Cynthia Kaiser (~32:16) Relevant Links and Resources Fortune op-ed: Guest Bio Cynthia Kaiser is the Senior Vice President of Halcyon’s Ransomware Research Center and former Deputy Assistant Director of the FBI’s Cyber Division. She led cyber policy, intelligence, and engagement efforts at the Bureau and played a key role in disrupting major ransomware groups like LockBit and Qakbot. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38145625

Sen. Gary Peters Sounds the Alarm on CISA 2015 Renewal, Cyber Budget Cuts, and Local Defense Gaps 09/02/2025

Sen. Gary Peters Sounds the Alarm on CISA 2015 Renewal, Cyber Budget Cuts, and Local Defense Gaps Congress is back from August recess with just weeks to act on vital national issues. One key deadline: reauthorizing the 2015 law that shields companies when they share threat intelligence with the federal government. In this episode, Senator Gary Peters (D-MI) joins host Frank Cilluffo to explain why renewing CISA 2015 is essential to national security, how one senator is holding up progress, and what listeners can do about it. The conversation also covers Peters’ push to cut red tape for cyber professionals, shore up state and local defenses, and close critical workforce gaps before it’s too late. Main Topics Covered Urgent need to renew CISA 2015 liability protections Misinformation and confusion around CISA’s mission Importance of cyber grant funding for state and local governments Regulatory burdens facing cyber professionals and the need for harmonization Federal cyber workforce recruitment and retention Key Quotes “We only have a few weeks and [CISA 2015] will expire, and that will be catastrophic for our ability to protect against all the bad guys that are out there.” – Sen. Gary Peters “Trust is everything. And if you don't have [CISA 2015], we go back to the environment we had before where there was a lack of trust… once you lose trust, it's really hard to get it back.” – Sen. Gary Peters “Sometimes our cyber professionals spend 40, 50, 60% of their time doing paperwork and checking boxes. That makes no sense.” – Sen. Gary Peters “You actually end up saving money by investing in this kind of protection [state and local cyber grants]. And at a time when we're running record deficits that are going to increase, we've got to be thinking about being smart… and actually bringing down the cost of what would happen with a cyber attack.” – Sen. Gary Peters “If we don't protect our weakest links, it doesn't matter how good you are at the top—you’re going to have some serious problems.” – Sen. Gary Peters Relevant Links and Resources Guest Bio Sen. Gary Peters is Ranking Member of the Senate Homeland Security and Governmental Affairs Committee and a nationally recognized leader on cybersecurity policy. A Navy Reserve veteran and former financial executive, he has shaped major legislation on homeland security, cybersecurity, and critical infrastructure—with more bills signed into law than any other senator in a recent session. He also serves on the Appropriations, Armed Services, and Commerce Committees. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38060295

Can Congress Keep Up with AI? Sarah Beth Jansen & Austin Carson on Policy and Innovation 08/26/2025

Can Congress Keep Up with AI? Sarah Beth Jansen & Austin Carson on Policy and Innovation In this episode of Cyber Focus, host Frank Cilluffo moderates a timely and wide-ranging conversation on the future of AI policy and governance with Sarah Beth Jansen, a senior fellow at the McCrary Institute and longtime DC policy expert, and Austin Carson, founder of SeedAI and former legislative director for Rep. Mike McCaul. The discussion covers the Trump administration’s AI Action Plan, sector-specific regulatory approaches, and how Congress can play a constructive role without stifling innovation. Both guests emphasize the importance of local experimentation, procurement reform, and broad stakeholder engagement. With AI poised to shape everything from national security to everyday business operations, the episode underscores the urgent need to develop trustworthy, inclusive, and forward-looking frameworks that can scale with the technology. Main Topics Covered: The White House's AI Action Plan and why it marks a pivotal policy moment The case for sector-specific approaches to AI regulation The role of Congress in shaping balanced, innovation-friendly guardrails The importance of state-level initiatives like Utah’s AI sandbox Federal procurement as a lever for responsible AI adoption Hopes and fears around AI governance and public trust Key Quotes: “We've been using AI or machine learning in our products for over a decade and that's almost a surprise to some members of Congress who haven't really dug into [AI] yet.” — Sarah Beth Jansen “AI policy is everything policy now… every single member on the Hill could find something constructive to do involving artificial intelligence in their committee. On one hand, AI is frankly an excuse to find crack back open issues that you may want to crack back open. On the other hand, there is kind of like this infinite fractal space of where AI is going to touch the economy [and] going to touch scientific discovery.” — Austin Carson “Before the federal government can come in and say these are what the standards should be… you need to have the ability for there to be input from a variety of different sources.” — Sarah Beth Jansen “My biggest fear is that AI will be developed and regulated and considered by a group of extraordinarily small number of people in the bay, and in D.C., and in New York instead of people around the country. — Austin Carson “[Congress] shouldn't be over prescriptive in any legislation they do... because we all know that Congress unfortunately does not pass legislation very quickly. And I think for them to be relevant they need to not be so specific that they just take them themselves out of the game.” — Sarah Beth Jansen Relevant Links and Resources: Guest Bios: Sarah Beth Jansen is Senior Director of Government Affairs & Policy Counsel at The Franklin Square Group. She’s a senior fellow at the McCrary Institute and a seasoned Washington policy expert specializing in cybersecurity, surveillance, and IT policy. She has served in senior staff roles on both the Senate Judiciary Committee and the Senate Homeland Security and Governmental Affairs Committee. She holds degrees from Auburn University and the University of Alabama. Austin Carson is the founder of SeedAI, a nonprofit working to expand public-sector understanding and engagement with artificial intelligence. He previously led government affairs at NVIDIA and served as legislative director for Rep. Mike McCaul when he chaired the House Homeland Security Committee. His work now focuses on facilitating AI literacy and policymaking across sectors and communities. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/37946980

Ports, Cranes, and Zero Trust: Defending U.S. OT — w/ Booz Allen’s Brad Medairy & Dave Forbes 08/19/2025

Ports, Cranes, and Zero Trust: Defending U.S. OT — w/ Booz Allen’s Brad Medairy & Dave Forbes In this episode of Cyber Focus, Frank Cilluffo is joined by Brad Medairy, Executive Vice President at Booz Allen Hamilton, and Dave Forbes, who leads Cyber Physical Defense for the firm. Together, they unpack their joint report with the McCrary Institute, Anchored in Zero Trust, examining the cybersecurity vulnerabilities of U.S. ports. The conversation explores China’s cyber activities, the significance of Volt Typhoon, and the risks posed by Chinese-made cranes operating at American ports. They highlight how economic and national security intersect at ports, the unique challenges of operational technology (OT), and why zero trust must become more than a buzzword. The discussion also looks ahead at how critical infrastructure sectors can harden defenses, reduce tech debt, and build resilience against persistent adversaries. Main Topics Covered China-linked cyber threats to U.S. ports. Risks from Chinese-made cranes; ports as a “one connected battle space.” OT basics: know your assets, segment networks, lock down vendor access. Zero Trust for OT: assume breach, pilot fast, scale what works. Why port disruptions matter: major economic ripple effects; plan and drill. What’s next: adversarial AI and stronger public-private collaboration. Key Quotes “Our adversary doesn't see the United States infrastructure environment as a Department of Defense, [or] as a global economy, [or] as a Department of Transportation. They see one connected battle space with a great number of… seams that they want to exploit.” – Dave Forbes “There's no real intelligence value in terms of what [China was] doing [with Volt Typhoon]. They were pre-staging capabilities in the US critical infrastructure. And the only real explanation is to achieve some sort of potential future kinetic effect.” – Brad Medairy “It doesn't need to be a devastating attack. It needs to be a disruption. It needs to be a distraction. It needs to be something that we're worried about… throwing things off balance on our economy and national security posture. – Dave Forbes “Our adversaries don't look at our nation in isolation… They look at our nation as one holistic battle space... So if we flip that… I'm not sure any of us can solve this problem alone, but together we're stronger. – Brad Medairy “[W]e’ve been able to remediate [Volt Typhoon] in certain cases… That was just step one. This is going to be forever… it’s going to be a game of cat and mouse for years to come.” – Brad Medairy Relevant Links and Resources Guest Bios Brad Medairy is an Executive Vice President at Booz Allen, where he leads the firm’s cyber practice. He is also a Senior Fellow at the McCrary Institute for Cyber and Critical Infrastructure Security, co-leading research efforts on China and cyber threats. Dave Forbes leads Cyber Physical Defense at Booz Allen and was a primary contributor to the Anchored in Zero Trust report. His work focuses on bridging physical and cyber domains to strengthen critical infrastructure protection. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/37879940

Black Hat 2025: CISA’s Playbook for Defending Critical Systems with Chris Butera and Bob Costello 08/12/2025

Black Hat 2025: CISA’s Playbook for Defending Critical Systems with Chris Butera and Bob Costello In this special Cyber Focus episode recorded at Black Hat 2025, host Frank Cilluffo sits down with two senior leaders from the Cybersecurity and Infrastructure Security Agency (CISA): Chris Butera, a more than decade-long CISA veteran currently serving as Acting Director of the Cybersecurity Division, and Bob Costello, the agency’s Chief Information Officer. They discuss how CISA is adapting its mission in the face of evolving threats, budget pressures, and leadership changes, while maintaining a rapid operational tempo. Topics include the agency’s fast-turn vulnerability response through the Known Exploited Vulnerabilities (KEV) catalog, expansion and quality focus of the Common Vulnerabilities and Exposures (CVE) program, and the push to strengthen operational technology (OT) security. The conversation also explores resilience strategies like CISA’s new eviction tool, deepening public-private operational collaboration, securing supply chains, and the importance of reauthorizing the Cybersecurity and Information Sharing Act. Main Topics Covered CISA’s mission, workforce, and adapting to leadership and budget changes Rapid vulnerability response and the Known Exploited Vulnerabilities (KEV) catalog Threat landscape, including nation-state actors and OT security Operational collaboration with industry, JCDC, and new IT platforms CVE program growth and automation for vulnerability management Resilience strategies, eviction tool, and micro-segmentation Supply chain security and Secure by Demand guidance SLTT cybersecurity grants and field support Importance of reauthorizing the Cybersecurity and Information Sharing Act (2015) Key Quotes: “I'm really honored to work with some of the most experienced cyber professionals I think that exists anywhere in the world… We're seeing people step up into new roles, leadership positions, work on new technical projects that maybe they weren't before. And we're just hitting grand slams every day.” – Bob Costello “[I ask organizations] ‘How can you continue your mission without access to some of your critical systems? Whether these are your billing systems, your IT systems, your even just access to the Internet.’ And I think a lot of organizations don't have those kind of plans in place or can't function in those cases.” – Chris Butera “One of the things that we are trying to do every single day is remove some of those OT systems from the Internet. That is a very critical step that we think that there are very few business cases where you should have an OT system connected directly to the Internet.” – Chris Butera “We absolutely support reauthorization of [CISA 2015 authorities]… collaboration is what we're all about. We talk about cyber being a team sport and this helps make all the teams play a lot better together.” – Bob Costello “I think we all need to think about [supply chains] a lot differently. And it's across the board, whether it's open source, closed source, or hardware, everything is kind of linked together, and often we don't know where those linkages are.” – Bob Costello Relevant Links and Resources: Guest Bios: Chris Butera is Associate Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), where he oversees operational efforts to protect the nation’s critical infrastructure from cyber threats. Bob Costello is Chief Information Officer at CISA, leading the agency’s enterprise IT systems, collaboration platforms, and secure information-sharing initiatives with public and private sector partners. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/37762345

Hacktivism, Quantum Threats, and the Future of OT Security with Forescout CEO Barry Mainz 08/05/2025

Hacktivism, Quantum Threats, and the Future of OT Security with Forescout CEO Barry Mainz Forescout CEO Barry Mainz joins host Frank Cilluffo to unpack the evolving cybersecurity threat landscape—from nation-state hacktivism to post-quantum vulnerabilities. Mainz highlights how adversaries are leveraging crowdsourced expertise and agentic AI to target critical infrastructure, especially operational technology (OT) systems in sectors like water, energy, and healthcare. The conversation explores Forescout's research on hacktivist proxy groups, the growing danger posed by embedded and aging devices, and the urgency of preparing for post-quantum cryptographic threats. Mainz emphasizes the need for visibility, containment, and cultural alignment between IT and OT security teams to build genuine resilience in both the public and private sectors. Main Topics Covered: • Hacktivist proxy campaigns and nation-state coordination • Vulnerabilities in critical infrastructure, especially water and energy • Embedded devices and the rise of OT-targeted malware • The looming impact of quantum computing and agentic AI on encryption • Cultural and structural barriers between IT and OT security teams • Practical steps toward building resilience and post-quantum readiness Key Quotes: “Nation state bad actors were using multiple hacktivism groups like an open source… crowdsourced to solve problems… It’s not 10 people sitting in a room somewhere, it could be up to several thousand.” – Barry Mainz “You can’t secure stuff you don’t see. So it’s really about… asset visibility.” – Barry Mainz “If your cyber vendor doesn’t have quantum-safe technology built in, it’s a problem.” – Barry Mainz “The culture is ‘Hey, I'm in OT, stay out of my business. I'm in IT, stay out of my business.’ And I think this lack of ‘Hey, let's go and take an approach together’ is missing.” – Barry Mainz “Every one of the times we've engaged with a large corporation and they had an issue, it was costing them way more than if they would have just bought the [necessary technology protections] up front.” – Barry Mainz Relevant Links and Resources: Guest Bio: Barry Mainz is the Chief Executive Officer of Forescout Technologies, where he leads the company’s mission to secure the world’s most critical assets across IT, OT, IoT, and medical device environments. Appointed CEO in early 2023, Mainz brought more than 25 years of executive leadership experience across infrastructure software and cybersecurity, including roles as CEO of MobileIron and President of Wind River Systems, a division of Intel. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/37669970

Power, Security, and the Infrastructure of Tomorrow with Power Podcast Host Aaron Larson 07/29/2025

Power, Security, and the Infrastructure of Tomorrow with Power Podcast Host Aaron Larson In this special crossover edition of Cyber Focus and the Power Podcast, host Frank Cilluffo sits down with Aaron Larson to explore the evolving intersection of energy innovation and cybersecurity. From breakthroughs in small modular reactors and geothermal technologies to the power demands of AI and electric vehicles, they examine how the U.S. grid is being reshaped by both opportunity and threat. Larson draws on his background in nuclear power and conversations with top industry leaders to highlight the promise of emerging energy sources—and the urgent need to bake in security from the start. Together, they underscore the stakes of keeping U.S. energy infrastructure resilient in the face of growing cyber threats and global competition. Main Topics Covered: The transformation of the U.S. power grid from centralized plants to distributed energy resources The impact of AI, data centers, and EVs on electricity demand Innovations in nuclear energy, including SMRs, fusion, and microreactors State-level leadership in clean energy development and workforce transition The need for stronger cybersecurity awareness and integration across the energy sector Strategic competition with China in advanced energy technologies Key Quotes: "We can't [be AI dominant] if we're not energy dominant. The two are inextricably interwoven." — Frank Cilluffo "The nuclear industry will never compromise on safety... because they know any accident at one facility is an accident at all facilities" — Aaron Larson "Volt Typhoon... literally did the cyber equivalent of preparation of the battlefield, where they own that infrastructure and can turn it on or off to meet their needs." — Frank Cilluffo "People know [Cybersecurity] is important...They just don't always think it's their responsibility." — Aaron Larson Guest Bio: Aaron Larson is the Executive Editor of POWER magazine, a team he joined in 2013. Aaron has a bachelor’s degree in nuclear engineering technology and a master’s degree, specializing in finance. He spent 13 years in the U.S. Navy nuclear power program, advancing to Chief Petty Officer. He has worked at commercial nuclear, biomass, and coal-fired power plants, functioning in operations, maintenance, safety, financial, and management capacities. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/37578840

Inside the UK’s Cyber Strategy: Richard Horne on Resilience, Risk, and AI 07/22/2025

Inside the UK’s Cyber Strategy: Richard Horne on Resilience, Risk, and AI Richard Horne, CEO of the United Kingdom’s National Cyber Security Centre (NCSC), joins host Frank Cilluffo to explore how the UK is strengthening cyber resilience across critical infrastructure, private industry, and international partnerships. Drawing from his experience in both government and the private sector, Horne outlines NCSC’s approach to tackling advanced threats, closing resilience gaps, and collaborating with allies on systemic cyber defense. The conversation spans ransomware, AI, supply chain risk, quantum cryptography, and how organizations—large and small—can better prepare for disruption. Horne emphasizes the growing complexity of the digital threat landscape and urges a pragmatic, contest-oriented mindset to keep pace. Main Topics Covered: The mission and structure of the UK’s National Cyber Security Centre (NCSC) Cyber resilience through exposure, defenses, and consequence management Gaps in critical infrastructure protection and supply chain vulnerabilities Use of AI and automation in both defense and attack International collaboration and the importance of Five Eyes partnerships Quantum computing and the need to prepare cryptography for post-quantum threats Key Quotes: “AI is almost like… when we moved from wooden [tennis] rackets to composite rackets. Was that an advantage? It was an advantage to both sides. [...] If you stick with a wooden racket, then ultimately you're going to be overcome.” — Richard Horne “We see many cyber attacks exploiting zero-day vulnerabilities that frankly shouldn't be there. And the quality of code that we have in our hardware, software… is a big issue.” — Richard Horne “In the world we're in, we all need to recognize we have a responsibility for cyber security for ourselves and for others.” — Richard Horne “The relationship with the U.S. and the Five Eyes really does underpin especially our understanding of the most advanced threat.” — Richard Horne “You'll often see sort of ransomware attacks against some small company you've never heard of and then potential front page impact the next day.” — Richard Horne Related Links: Guest Bio: Richard Horne has served as CEO of the UK’s National Cyber Security Centre since October 2024. Prior to that, he was a Cyber Security Partner at PwC UK, where he advised global leaders on cyber risk strategy and led responses to major incidents—including the 2021 ransomware attack on Ireland’s health service. He previously led cyber risk management at Barclays and played a key role in developing the UK’s first national cyber security plan during a stint with the Cabinet Office. Richard holds a PhD in Mathematics and has represented the UK in cybersecurity forums at the OECD, European Commission, and ISO. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/37482640

NSA vs. Zero-Days: Kristina Walter on Speed, Scale, and Stopping Cyber Threats 07/15/2025

NSA vs. Zero-Days: Kristina Walter on Speed, Scale, and Stopping Cyber Threats Kristina Walter, Director of the NSA’s Cybersecurity Collaboration Center, joins Frank Cilluffo to explain how the NSA is building trusted partnerships with private industry to counter advanced cyber threats. Walter shares how collaborative work with defense contractors and tech providers has helped uncover zero-day vulnerabilities, block billions of malicious domains, and expose Chinese operations like Volt Typhoon. She also discusses the role of AI in cyber defense, the race to prepare for quantum computing, and why resilience—not perfection—is the new benchmark for critical infrastructure protection. Main Topics Covered Origins and mission of the Cybersecurity Collaboration Center Building trust and scaling public-private partnerships Tracking Chinese cyber campaigns and zero-day vulnerabilities NSA’s protective DNS service and pre-ransomware defense AI’s role in threat detection and emerging attack surfaces Post-quantum cryptography and upgrading national systems Workforce development and government-industry collaboration Key Quotes “That service has about 1200 companies enrolled in it today. And it's blocked 4 billion malicious domains… 500 million of them are NSA unique domains.” – Kristina Walter “You can't surge trust in a crisis. We have found that having that established relationship meant that when something did go wrong for some of these companies, they knew who to turn to, and how to work with us, and how we would protect the information they gave us”. – Kristina Walter “We found it in about two weeks of the start of exploitation and were able to get out the hunting and the detections while the patch was being worked so that we could do it all together and try to remediate the threat.” – Kristina Walter “Our focus was… how do we work with interagency partners and industry to expose this trade craft of living off the land… and really unleash the cybersecurity community in the United States to find it and eradicate it on the US Government's behalf.” – Kristina Walter “When we talk about a cryptologically relevant quantum computer, it's really [a question of] when, not if… So what we're really focused on is how do we upgrade all of the cryptographic inventory of the United States and national security systems to be quantum resistant.” – Kristina Walter Relevant Links and Resources Guest Bio Kristina Walter is Director of the NSA’s Cybersecurity Collaboration Center, where she leads efforts to partner with private industry in defense of U.S. national security systems. A founding member of the center, Walter brings deep experience from her work in both operational cybersecurity and workforce development at NSA. She also oversees the NSA’s AI Security Center, advancing the secure development of artificial intelligence technologies while safeguarding U.S. innovation from foreign adversaries. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/37363370

Hacking the Harvest: Jonathan Braley on Ransomware, GPS Disruption, and Securing U.S. Agriculture 07/08/2025

Hacking the Harvest: Jonathan Braley on Ransomware, GPS Disruption, and Securing U.S. Agriculture In this episode of Cyber Focus, Frank Cilluffo sits down with Jonathan Braley, Director of the Food and Agriculture Information Sharing and Analysis Center (Food and Ag-ISAC), to explore the growing cybersecurity threats facing the U.S. food and agriculture sector. They examine the integration of operational technology (OT), the rise in ransomware attacks on farms and food producers, and the fragile nature of supply chain cybersecurity. Braley highlights why even small farms are increasingly targeted and how awareness, threat intelligence sharing, and proactive cyber defense strategies are essential. The discussion also touches on the geopolitical dimensions of agricultural cybersecurity, with examples from Ukraine, Israel, and China. Main Topics Covered: • Why cybersecurity threats matter in the agriculture and food production sector • The risks posed by operational technology (OT) and GPS disruption in precision agriculture • The impact of ransomware attacks on small farms and supply chain resilience • Emerging cyber threats tied to foreign adversaries, disinformation, and intellectual property theft • New technologies in agriculture: AI tools, drones, and autonomous farming systems • The importance of cyber threat intelligence sharing and public-private collaboration in agriculture Key Quotes: “Historically we all have this picture of a farm in our heads with the manual tractors and people out on the fields. But there's a lot of technology now baked into the food and agriculture sector.” – Jonathan Braley “If we’re relying on our precision agriculture without a backup plan, when [GPS] goes down, it's not going to be a good situation for us.” – Jonathan Braley “Anywhere along that [supply] line, one of those companies has a cyber incident—it's going to impact everybody.” – Jonathan Braley “The ransomware group seemed to have an understanding of the nature of food and ag, and they hit them when it was most impactful [during peak planting and harvesting season].” – Jonathan Braley “The more we can share with each other [across government and industry], I think we have a better chance of protecting ourselves.” – Jonathan Braley Relevant Links and Resources: • Food and Ag-ISAC: • Guest Bio: Jonathan Braley is the Director of the Food and Ag-ISAC, a key hub for cybersecurity information sharing across the food and agriculture sector. He also serves as Director of Threat Intelligence at the IT-ISAC, where he supports some of the world’s leading technology companies. Braley’s work focuses on improving cyber resilience in agriculture, helping farms, suppliers, and food producers detect and defend against ransomware, OT threats, and supply chain vulnerabilities. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/36973875

Cyber Warfare, Workforce, and Fixing the System: Top House Chairmen on the Digital Threat 07/01/2025

Iran, Ceasefires, and Cyber Threats: A Briefing with General Frank McKenzie (Ret.) 06/24/2025

Iran, Ceasefires, and Cyber Threats: A Briefing with General Frank McKenzie (Ret.) In this urgent episode of Cyber Focus recorded June 24, 2025, host Frank Cilluffo speaks with retired General Frank McKenzie, former Commander of U.S. Central Command and Executive Director of the Global and National Security Institute at the University of South Florida. The discussion focuses on the unfolding crisis between Iran and Israel, recent U.S. military strikes on Iranian nuclear sites, and the fragile ceasefire now in place. McKenzie offers expert insight into the strategic weakness of Iran, the state of its proxy forces, and the growing threat of Iranian cyberattacks. They also examine how Russia and China are positioning themselves amid the turmoil, the state of U.S. missile defense systems, and what Americans should watch for when it comes to national and homeland security. Main Topics Covered: Iran’s weakened military and the strategic calculus behind the current ceasefire U.S. bunker-busting strikes and implications for Iran’s nuclear program The future of Iran’s proxy forces and risks of terrorism and radicalization China and Russia’s interests in the Middle East crisis Iran’s cyber threat posture and U.S. digital vulnerabilities Space-based missile defense and the future of homeland security strategy Key Quotes: “Iran badly needs a ceasefire. They need to stop the bombardment because they're losing.” — General Frank McKenzie (Ret.) “The fact of the matter is Iran has had poor luck operating in the United States… they're not adept at operating in this environment.” — General Frank McKenzie (Ret.) “I think self radicalization is probably more of a threat… than a highly organized Iranian attack in the United States or through one of their proxies. But you can't rule it out.” — General Frank McKenzie (Ret.) “They do have the ability to attack us here with cyber… they will go where we're weakest.” — General Frank McKenzie (Ret.) “If we want to defend the United States against attacks like this from intercontinental ballistic missiles, we're going to have to be prepared to put systems on orbit, persistent systems on orbit.” — General Frank McKenzie (Ret.) Relevant Links and Resources: Guest Bio: General Frank McKenzie (Ret.) is the Executive Director of the Global and National Security Institute at the University of South Florida and former Commander of U.S. Central Command (CENTCOM). A retired U.S. Marine Corps General, McKenzie brings decades of experience in Middle East operations, nuclear deterrence, and national security strategy. He is a leading voice on cybersecurity, defense policy, and military readiness in the face of global threats. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/37139740

To the Point: Iran’s Cyber Threat After Israel’s Strikes 06/20/2025

“We Are in a State of Digital Warfare”: Chairman Rick Crawford on the Cyber Frontlines 06/17/2025

“We Are in a State of Digital Warfare”: Chairman Rick Crawford on the Cyber Frontlines In this episode of Cyber Focus, host Frank Cilluffo sits down with Congressman Rick Crawford, Chairman of the House Permanent Select Committee on Intelligence. They explore the evolving cyber threat landscape—from Chinese infiltration of U.S. supply chains to the rise of paramilitary cartels leveraging advanced digital tools. Crawford shares his perspective on offensive cyber capabilities, domestic counterintelligence reform, and efforts to close legislative blind spots through inter-committee collaboration. The conversation also covers critical infrastructure vulnerabilities, agricultural data security, and the strategic role of open-source intelligence in modern national security. Main Topics Covered: China’s cyber-enabled influence operations in the Western Hemisphere The evolution of cartels into cyber-capable paramilitary organizations Counterintelligence gaps within the U.S. and the need for stronger domestic protections Hardware vulnerabilities in supply chains, agriculture, and freight logistics Debate over splitting NSA and U.S. Cyber Command leadership (“dual-hat” issue) Legislative focus on reauthorizing CISA and addressing liability protections for reporting The national security importance of open-source intelligence (OSINT) Key Quotes: “We are living in a state of digital warfare… As long as we continue to be in a defensive posture, this will continue to be a pervasive problem.” —Chairman Rick Crawford “[The cartels] have evolved into essentially a paramilitary organization… this is not the 1980s and they are very much a sophisticated adversary.” —Chairman Rick Crawford “It's [China’s] ability to seed critical infrastructure elements…that gives them a foray into our supply chain. That makes us very, very vulnerable.” —Chairman Rick Crawford “[Open source intelligence] comprises about 25% of the President's Daily Brief. That’s significant… but it doesn’t have the appropriate level of attention paid to it.” —Chairman Rick Crawford "We either need to be all in [on Cyber Command] as a combatant command and then stand it up and authorize it the way it should be, fund it appropriately and organize it appropriately, or we need to say we think the NSA can do this and make this sort of a subsidiary of the NSA." —Chairman Rick Crawford Relevant Links and Resources: · Learn more about Congressman Rick Crawford: · House Permanent Select Committee on Intelligence: Guest Bio: Rep. Rick Crawford represents Arkansas’s First Congressional District and serves as Chairman of the House Permanent Select Committee on Intelligence. A former Army EOD technician, Crawford brings a national security lens to issues ranging from intelligence oversight and supply chain security to cyber threats in agriculture. He also serves on the Transportation and Infrastructure Committee and the Agriculture Committee, positioning him uniquely to address cybersecurity across critical infrastructure sectors. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/37024685

Splitting Commands, Building Capabilities: DefenseScoop’s Mark Pomerleau on the DoD's Cyber Future 06/10/2025

Splitting Commands, Building Capabilities: DefenseScoop’s Mark Pomerleau on the DoD's Cyber Future In this episode of Cyber Focus, host Frank Cilluffo sits down with Mark Pomerleau, senior reporter for DefenseScoop, to discuss the evolving landscape of U.S. cyber operations and military doctrine. Pomerleau unpacks the ongoing debate over splitting NSA and U.S. Cyber Command, the rising role of offensive cyber capabilities, and what “Cybercom 2.0” might look like in practice. He also explores the integration of cyber, electronic warfare, and space as part of a new operational triad, and shares lessons learned from Ukraine that are reshaping U.S. strategy. Together, they examine whether U.S. deterrence efforts are keeping pace with adversaries—and what needs to change to meet tomorrow’s threats. Main Topics Covered: The origins and implications of the NSA-Cyber Command dual-hat debate Tactical cyber at the edge: how services are enabling cyber in battlefield operations The emerging cyber-electronic warfare-space triad Cybercom 2.0 and the effort to modernize doctrine, authorities, and force generation The limits of cyber deterrence and the need for a more assertive posture Key Quotes: “As a Title 50 intelligence organization, your goal is to not get caught… using that same infrastructure for military operations… can undermine that [intelligence] mission. And so Cyber Command has been working to really build up its own infrastructure, its own tools.” — Mark Pomerleau “The modern triad… really includes space, special operations forces and cyber. And the notion is that all of these together will be greater than the sum of their parts and be able to provide some really unique mission packages and capabilities for commanders.” — Mark Pomerleau “One of the big lessons that the Department of Defense came away with is that cyber does have a role to play in future conflict, but it's not the role that they necessarily thought it was a few years ago. And that cyber by itself likely isn't going to have the effect that they… initially thought it was.” — Mark Pomerleau “EW is going to be a huge enabler going forward… The faster commanders realize how to harness that and maneuver within that space, combine it with other effects like cyber and RF… we're really going to see that take off.” — Mark Pomerleau “Ultimately, those that are integrating [cyber and EW] into their warfighting strategy, doctrine, and practice are the ones that are going to dominate.” — Frank Cilluffo Relevant Links and Resources: Guest Bio: Mark Pomerleau is a senior reporter for DefenseScoop, covering information warfare, cyber, electronic warfare, information operations, intelligence, and battlefield networks. With over a decade of experience, he is widely regarded as one of the most authoritative voices reporting on military cyber and EW strategy. His reporting regularly shapes the national conversation around U.S. cyber policy and defense modernization. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/36926440

Space Is the Battlefield: Deterrence, Hypersonics, and China’s Threat with ULA CEO Tory Bruno 06/03/2025

Space Is the Battlefield: Deterrence, Hypersonics, and China’s Threat with ULA CEO Tory Bruno In this episode of Cyber Focus, host Frank Cilluffo sits down with Tory Bruno, President and CEO of United Launch Alliance (ULA), which is responsible for more than 90% of U.S. national security space launches. Bruno discusses the escalating threat landscape in space, the urgency of a layered missile defense architecture known as the "Golden Dome," and how adversaries like China may initiate future conflicts in orbit before any shots are fired on Earth. The conversation also explores the technological and policy components of space deterrence, Bruno’s insights from decades of leadership in strategic defense, and the role of directed energy in countering hypersonics. Main Topics Covered: ULA’s role in national security and heavy-lift launch capability The increasing likelihood that future conflicts with China will begin in space The case for a layered missile defense system, including THAAD and NGI Vulnerabilities in U.S. space infrastructure and economic dependence on orbit-based systems Directed energy as a solution to maneuvering hypersonic threats Policy priorities for the incoming administration Key Quotes: “A conflict like that on Earth will begin in space because China will see it as a means of leveling the playing field.” – Tory Bruno “[Space is now] a utility for our economy, everything and our society. Not having space would be like not having water, not having highways, not having transportation.” – Tory Bruno “[Space] isn’t a force multiplier. It is now absolutely essential for basic military operations.” – Tory Bruno “North Korea, Iran, Syria… there’s about a dozen countries that we now need to be concerned about. They would not necessarily be able to mount the volume of an attack that a China could. But… they might have some similar [counterspace] capabilities that in the past would have been really beyond their reach.” – Tory Bruno “Golden Dome is way overdue… When you’ve got a dozen countries that have a capability to put either a conventional or, God forbid, a weapon of mass destruction on your kids’ school, then only having a retaliatory deterrent is insufficient.” – Tory Bruno Relevant Links and Resources: Guest Bio: Tory Bruno is President and CEO of United Launch Alliance (ULA), where he leads the country’s most experienced and reliable launch provider. Prior to ULA, he held senior roles at Lockheed Martin, including as Vice President of the THAAD missile program. With decades of experience in missile defense, strategic deterrence, and space systems, Bruno is a leading voice on the intersection of aerospace technology and national security. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/36833330

OT Under Threat: Dragos' Robert M. Lee on Navigating Cyber-Physical Risks 05/27/2025

OT Under Threat: Dragos' Robert M. Lee on Navigating Cyber-Physical Risks Originally Released September 11, 2024 In this episode of Cyber Focus we’re revisiting the conversation Frank Cilluffo had last September with Robert M. Lee. Rob is the CEO and co-founder of Dragos, a leading firm in industrial control systems (ICS) and operational technology (OT) cybersecurity. Rob unpacks the real-world consequences of cyber-enabled threats to physical infrastructure, including attacks on water systems, energy grids, and manufacturing sites. He shares insights into advanced malware like PipeDream and Frosty Goop, explains the growing risk of scalable OT attacks, and highlights adversaries’ shifting tactics — from state-backed intrusions to criminal exploitation. The conversation also covers lessons from Ukraine, implications of Volt Typhoon, and the importance of visibility, public-private collaboration, and outcome-focused regulation in defending critical infrastructure. Main Topics Covered: What operational technology (OT) is — and how it differs from IT Why cyber-enabled threats to physical infrastructure are escalating Real-world case studies: Ukraine grid attacks, Saudi petrochemical facility, and U.S. water systems Dragos' findings on ICS malware: PipeDream, Frosty Goop, and Modbus TCP exploits Emerging adversary trends including Volt Typhoon and the shift to scalable, repeatable OT malware The state of public-private collaboration and challenges facing OT cybersecurity in the U.S. and globally Lessons from Singapore’s regulatory approach and what operators can do today Key Quotes: "[Operational technology] is all the stuff you have in IT, plus physics." – Robert M. Lee "These are cyber enabled attacks that can have physical consequences." – Frank Cilluffo "[PipeDream] is the first time we've seen ICS or OT malware that is repeatable, reusable, and scalable across industries. It works in everything from a servo motor on an unmanned aerial vehicle to a gas turbine." – Robert M. Lee "There was an attack in 2017 where an adversary broke into a petrochemical facility in Saudi Arabia explicitly to cause an event at a facility that would have killed people if they were successful." – Robert M. Lee "Right now in the operations technology community, we deal with low frequency, high consequence attacks. IT deals with high frequency, low consequence attacks. And if we start to see scale, we're going to start to see medium to then high frequency, high consequence attacks. We're not ready." – Robert M. Lee Relevant Links and Resources: Guest Bio: Rob Lee is the CEO and co-founder of Dragos, a cybersecurity company focused on protecting industrial control systems (ICS) and operational technology (OT). With a background in military and intelligence, Rob has worked at the National Security Agency (NSA) and U.S. Cyber Command. He has been instrumental in raising awareness about the vulnerabilities in critical infrastructure and the need for better OT cybersecurity. Rob is widely recognized as a leader in the field, advising government agencies and industry leaders on protecting essential services from cyberattacks. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/36729730

When Fraud Meets Cyber: The Retail Sector’s Expanding Risk Landscape with NRF’s Christian Beckner 05/20/2025

When Fraud Meets Cyber: The Retail Sector’s Expanding Risk Landscape with NRF’s Christian Beckner In this episode of the Cyber Focus podcast, recorded on April 30 at the RSA Conference in San Francisco, host Frank Cilluffo sits down with Christian Beckner, Vice President of Retail Technology and Cybersecurity at the National Retail Federation. Beckner provides a wide-ranging look at how cybersecurity, fraud, and emerging technologies are reshaping the retail landscape. They discuss how threats have evolved over the past decade, the growing impact of third-party risk, and the rise of fraud tactics such as account takeovers and gift card abuse. Beckner also outlines NRF’s policy work on CIRCIA, the SEC cyber disclosure rule, and the organization’s efforts to build stronger cross-sector collaboration. The conversation offers both a strategic overview and practical insight into one of the nation’s most targeted and complex sectors. Main Topics Covered: The role of NRF and its focus on retail cybersecurity How threats to the sector have evolved over the past 7 years Growing concerns around third-party and vendor risk The surge in fraud, including account takeover and gift card abuse NRF’s development of a fraud taxonomy for the industry How AI is shaping both threats and defenses NRF’s cyber policy priorities and hopes for increased CISA engagement Long-term risks and opportunities for strengthening retail cybersecurity Key Quotes: “Retail is a huge part of the economy. It’s something that touches every person every day, and that’s what makes it such an important piece of the overall cybersecurity landscape.” — Christian Beckner “We’re seeing an increase in account takeover fraud, gift card fraud, return fraud… It’s often hard to draw the line between what’s a fraud issue and what’s a cyber issue.” — Christian Beckner “We’re building a taxonomy for fraud. And that’s critical, because right now, we’re all speaking different languages when we talk about these incidents.” — Christian Beckner Relevant Links and Resources: Guest Bio: Christian Beckner is Vice President of Retail Technology and Cybersecurity at the National Retail Federation and Executive Director of NRF’s Center for Digital Risk & Innovation. He leads the association’s efforts on cybersecurity, fraud prevention, and emerging technologies. Before joining NRF, Beckner was Deputy Director of the Center for Cyber and Homeland Security at George Washington University and served in senior roles on the Senate Homeland Security and Governmental Affairs Committee. He holds degrees from Stanford University and Georgetown University. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/36580275

The One-Way Street of Digital Transformation: OT Cybersecurity with Nozomi's Edgard Capdevielle 05/13/2025

The One-Way Street of Digital Transformation: OT Cybersecurity with Nozomi's Edgard Capdevielle In this special RSA Conference edition of Cyber Focus, host Frank Cilluffo sits down with Edgard Capdevielle, President and CEO of Nozomi Networks, to unpack the evolving landscape of operational technology (OT) cybersecurity. Together, they explore how digital transformation and the convergence of IT and OT are reshaping the threat environment for critical infrastructure. Capdevielle outlines the three major phases of the OT security market, reflects on the role of AI and legacy systems, and explains why visibility remains foundational to cybersecurity. The conversation also highlights the growing risk from nation-state actors, the breakdown of air gap assumptions, and the tangible steps owner-operators must take to build resilience. Main Topics Covered: Defining the three phases of OT cybersecurity market maturity The impact of digital transformation and IT/OT convergence Why visibility remains the top concern for infrastructure operators The role of AI in passive detection and firmware profiling Nation-state threats, air gap fallacies, and Volt Typhoon’s implications Practical steps for operators to improve risk visibility and resilience Key Quotes: “Digital transformation is a one-way street. We’re only going to automate more — automate everything — and IT and OT are only going to converge more.” — Edgard Capdevielle “You cannot protect what you can’t see. So having a layer of visibility is number one.” — Edgard Capdevielle “Air gapping has been our number one enemy because it’s not real… It’s brought a level of comfort that is not good for us.” — Edgard Capdevielle Relevant Links and Resources: Guest Bio: Edgard Capdevielle is President and CEO of Nozomi Networks, a global leader in OT and IoT cybersecurity. He has a background in computer science and more than two decades of experience in cybersecurity and enterprise technology. Prior to joining Nozomi in 2016, he held leadership roles at Imperva and EMC (including post-acquisition work with Data Domain) and has served as an investor and advisor to several successful startups in the security space. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/36550275

Cyber Focus

TOPICS