Cyber Focus: Cybersecurity, National Security, and Critical Infrastructure

As cyber threats evolve faster than policy, Cyber Focus delivers executive-level briefings on cybersecurity, national security, and critical infrastructure. From the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, host Frank Cilluffo speaks with senior leaders across government, industry, and the intelligence community about ransomware, state-sponsored threats, AI, and the systems we all rely on—energy, water, telecom, and supply chains. Each episode focuses on real-world risk tradeoffs and practical steps organizations can take to strengthen resilience.

Transatlantic Reset: Private Sector Diplomacy & Digital Trust with Sébastien Garnault 03/24/2026

Transatlantic Reset: Private Sector Diplomacy & Digital Trust with Sébastien Garnault Overview Transatlantic cyber cooperation is being tested by political strain, regulatory divergence, and competing ideas about sovereignty, trust, and market access. In this episode of Cyber Focus, Sébastien Garnault argues that if the United States and Europe want to keep working together on security, they need to move quickly to make that cooperation practical, especially in critical infrastructure and digital markets. Speaking from a French private-sector perspective, Garnault makes the case that governments alone may not be able to repair or sustain that cooperation at the speed the moment requires. He points instead to private-sector partnerships, shared market incentives, and clearer language around security standards as possible ways to keep the transatlantic relationship workable even when public-sector trust is under pressure. The conversation also explores how Europe and the United States differ on clean versus trusted technology stacks, how threat perceptions shape national requirements, and how privacy, AI, and data localization debates can either strengthen or complicate cooperation. The conversation was recorded on February 11, 2026. Main Topics Covered Private-Sector Cooperation as a Strategic Bridge: Why Garnault believes business-to-business cooperation may move faster than government-to-government diplomacy when trust is strained. Clean Stack vs. Trusted Stack: How U.S. national-security thinking and EU market-standard thinking create different paths for defining who can participate in secure digital markets. Threat Perception and Market Access: How geography, history, and national priorities shape security requirements across Europe and affect access to critical infrastructure markets. Trust, Sovereignty, and the Transatlantic Reset: Why Garnault sees damaged trust as a real obstacle, and why he argues for a reset rather than a rupture in U.S.-European cyber cooperation. Privacy, AI, and Data Localization: How French and European views on privacy, regulation, and AI governance differ from those in the United States, and why those differences matter for security and interoperability. Key Quotes “Maybe what we’ve done in the last decade and what we will do in the next decade don’t belong from government but belongs to us.” — Sébastien Garnault “We can do a reset; we cannot afford a reboot.” — Sébastien Garnault “The damages that have been done in our trust, mutual trust, are very deep. So we need to fix it quickly.” — Sébastien Garnault "The best way for us to cooperate with our allies is to use the market because the market is less political than national security." — Sébastien Garnault “From my standpoint, the glue that binds us together is much greater than anything that can tear us apart.” — Frank Cilluffo Links/Resources CyberTaskForce: Paris Cyber Summit: Guest Bio Sébastien Garnault is the founder of the CyberTaskForce and president of the Paris Cyber Summit. He joined Cyber Focus while in Washington leading a French delegation meeting with U.S. policymakers, industry leaders, and other decision-makers, and spoke in a private-sector capacity rather than on behalf of the French government. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/40594720

Keeping the Lights On in the AI Era with DOE’s Alex Fitzsimmons 03/17/2026

Keeping the Lights On in the AI Era with DOE’s Alex Fitzsimmons Electricity demand is surging—and DOE’s Alex Fitzsimmons argues that the country’s ability to “keep the lights on” is now inseparable from how fast we can expand energy infrastructure, how we manage affordability, and how seriously we treat security. In this conversation with Frank Cilluffo, Fitzsimmons, the Acting Under Secretary of Energy and Director of the Office of Cybersecurity, Energy Security, and Emergency Response (CESER), frames “energy dominance” as a practical governing problem: meet rapid load growth (including from AI and data centers), avoid reliability shortfalls, and do it in a way that doesn’t push unacceptable costs onto everyday Americans. Main Topics Covered AI- and data center-driven demand growth Affordability and “ratepayer protection” Resource adequacy and reliability risk OT security and critical infrastructure stakes Supply chain risk and security vs speed Key Quotes “Privacy, data breaches, all of these things are important. They matter. They matter. But OT matters more. Keeping the lights on matters more.” — Alex Fitzsimmons “These tech companies recognize that for their technology to be politically and economically viable, that the American people cannot be shouldered with the burden of new data centers.” — Alex Fitzsimmons “We were set to lose 100 gigawatts of reliable dispatchable generation by 2030, at the same time that we may need to build 100 gigawatts of generation and associated infrastructure to win the AI race.” — Alex Fitzsimmons “We have to [build supply] securely. So we can't sacrifice security for speed.” — Alex Fitzsimmons “[AI-FORTS] is focused on 3 things: secure the energy system from AI, secure it with AI, and secure the AI itself.” — Alex Fitzsimmons Relevant Links and Resources NERC; RTOs and ISOs (mentioned in the episode; link not provided) Guest Bio Alex Fitzsimmons serves in the Trump Administration as the Acting Under Secretary of Energy at the U.S. Department of Energy (DOE), where he spearheads DOE’s energy dominance mission and oversees a broad portfolio of offices advancing affordable, reliable, and secure energy for the American people. He also serves as Director of DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), leading efforts to safeguard the nation’s energy infrastructure against evolving cyber and physical threats and strengthen resilience across critical energy systems. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/40498100

Deterrence and the New Cyber Strategy with White House National Cyber Director Sean Cairncross 03/12/2026

Deterrence and the New Cyber Strategy with White House National Cyber Director Sean Cairncross Cyber deterrence has long lagged behind the threat. In this special episode of Cyber Focus recorded on March 11, 2026, White House National Cyber Director Sean Cairncross argues that the United States can no longer afford a posture built mainly around resilience and response while adversaries, criminal groups, and state-backed proxies operate at low cost and low risk. He presents President Trump’s new National Cyber Strategy as an effort to change that calculus by aligning government policy, offensive and defensive capabilities, industry partnership, and international coordination around a more forward-leaning approach. The conversation walks through the strategy’s six pillars, from shaping adversary behavior and streamlining regulation to modernizing federal systems, securing critical infrastructure, protecting U.S. technological advantage, and expanding the cyber workforce. Cairncross emphasizes a core theme throughout: private companies should not be left to fend for themselves against foreign intelligence services and military-linked actors, and government must do more to impose cost, remove friction, and support practical security outcomes. Main Topics Covered Cyber deterrence and imposing costs on adversaries Public-private partnership and smarter regulation Federal modernization and procurement reform Critical infrastructure resilience AI, post-quantum policy, and cyber workforce development Key Quotes “Resiliency is great, but resiliency…implies that you're taking hits.” — Sean Cairncross “There is a lot that can be done to deny [bad cyber actors] the benefits of their activity, to make life harder for them online and to deny them safe haven.” — Sean Cairncross “I think if you get hit by a foreign adversary, for the USG to turn around and point a finger at you is essentially shifting blame… It's not going to succeed unless both sides of that coin are working together and being collaborative.” — Sean Cairncross “We can work on procurement speed. We can work on technological innovation and adopting that technology much more quickly than we have.” — Sean Cairncross “This [low-cost, high-reward incentive structure for malicious cyber actors] has been allowed to go too far and get too far out of whack ... and we need to reset that.” — Sean Cairncross Relevant Links and Resources Guest Bio Sean Cairncross is the White House National Cyber Director, serving as the principal adviser to the president on cyber policy matters. Before taking this role, he served in the Trump White House as deputy assistant to the president and senior adviser to the chief of staff. He also served as CEO of the Millennium Challenge Corporation and has held senior leadership roles in politics, government, and strategic consulting. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/40414260

The Cyber Dimension of the Iran Conflict with Cynthia Kaiser & Mark Montgomery 03/10/2026

The Cyber Dimension of the Iran Conflict with Cynthia Kaiser & Mark Montgomery Cyber is now woven into modern conflict, alongside conventional military force. In this episode, Frank Cilluffo examines how that shift shapes the threat from Iran—especially the risk of cyber retaliation aimed at U.S. critical infrastructure, U.S. businesses, and public confidence. Rear Admiral (Ret.) Mark Montgomery of the Foundation for Defense of Democracies brings a strategic and military lens to the discussion, explaining how cyber is being built into conflict planning alongside kinetic operations. Cynthia Kaiser, a former FBI cyber leader now with Halcyon, brings an operational view of how Iranian cyber activity can create disruption, spread fear, and produce real effects even without the sophistication of China or Russia. Main Topics Covered Cyber as an integrated warfighting tool Iran’s cyber posture and likely retaliation paths Critical infrastructure and OT vulnerabilities Disruption, fear, and information effects Gaps in U.S. civilian cyber defense Key Quotes “They're not at the level of capability as Russia and China, but that's almost irrelevant. They've got a drive-by shooting capability.” — Frank Cilluffo “We're seeing cyber integrated at the front end of planning. It's not cyber only or cyber as an afterthought, but it's cyber as an integrated element.” — Mark Montgomery “The vast majority of our critical infrastructure doesn't have a shield.”— Mark Montgomery “[Iran is] really one of the world's most malicious and capable cyber actors. They're not necessarily as good as China or Russia, but they don't need to be to have an effect.” — Cynthia Kaiser “The point’s the fear. The point’s the chaos. And the point is the internal messaging for their own people—to say we did something in retaliation.” — Cynthia Kaiser Relevant Links and Resources Guest Bio Mark Montgomery is a senior fellow at the Foundation for Defense of Democracies and former executive director of the Cyberspace Solarium Commission. He brings deep experience in cyber strategy, defense policy, and national security planning. Cynthia Kaiser is a senior cyber executive at Halcyon and a former FBI leader with extensive experience in cyber investigations and ransomware response. She brings an operational perspective on Iranian cyber activity, disruption campaigns, and cyber risk to critical infrastructure. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/40384740

The Regulatory Shift: How CIRCIA and NIST are Redefining Cyber Defense with Sara Friedman 03/03/2026

The Regulatory Shift: How CIRCIA and NIST are Redefining Cyber Defense with Sara Friedman Cyber incident reporting is about to become mandatory for much of critical infrastructure—and the details are where the fight is. On February 26th, Frank Cilluffo spoke with Inside Cybersecurity managing editor Sara Friedman about CIRCIA’s proposed reporting rules, what industry says is overbroad, and why the 72-hour clock is hard in the real world. They also dig into overlap with other federal requirements, CISA’s capacity to execute the rulemaking, and what “getting it right” means for public-private trust. The conversation then pivots to NIST, AI agent standards, and how Washington is balancing innovation, security, and competitiveness. Main Topics Covered What CIRCIA is designed to do. Who’s covered and what counts as reportable. The practical challenge of determining incident facts within 72 hours. Duplication concerns across rules, including SEC cyber disclosure timelines. Whether CISA has the staffing and leadership capacity to deliver. NIST’s role in AI agent standards and broader cyber “rules of the road.” Key Quotes “CISA was supposed to have voluntary partnerships… And with this new role, CISA is moving into more of a regulator role.” —Sara Friedman “This rulemaking, when it was put out, it's over 400 pages. There's a lot in there.” — Sara Friedman “House Homeland Security Chairman Andrew Garbarino threatened to, if the rulemaking does not meet congressional intent…to potentially roll this back.” — Sara Friedman “When there's a large attack on critical infrastructure, it just seems to wake up lawmakers in some ways that they need to be able to do something.” —Sara Friedman “They've shed about a third of their workforce…One of the questions is, does CISA have the capacity that they need for this rulemaking and to do it effectively? —Sara Friedman Relevant Links and Resources CIRCIA town halls scheduled for March: When the CIRCIA NPRM was published: RSA 2024 panel on the rulemaking: NIST launches AI Agent Standards initiative: NIST AI security request for information: NIST work on an AI profile for the Cybersecurity Framework: Guest Bio Sara Friedman is the managing editor of Inside Cybersecurity and has covered federal cybersecurity policy for years, including CIRCIA, NIST standards, and related rulemakings. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/40297565

Deepfakes & Laptop Farms: How Nation-States Infiltrate the Defense Supply Chain with Luke McNamara 02/24/2026

Deepfakes & Laptop Farms: How Nation-States Infiltrate the Defense Supply Chain with Luke McNamara Cyber threats against the Defense Industrial Base (DIB) don’t stop at the battlefield—they extend into suppliers, perimeter devices, and even hiring pipelines. Luke McNamara of Google’s Threat Intelligence Group joins Frank Cilluffo to unpack Mandiant’s report Beyond the Battlefield: Threats to the Defense Intelligence Base and the patterns it flags across today’s threat landscape. They discuss how the war in Ukraine is shaping targeting priorities, why China’s cyber espionage increasingly begins at the network edge, and how “fast follower” exploit cycles compress patch timelines. McNamara also explains the North Korean IT worker problem, where remote hiring fraud can create both revenue and potential access pathways. The takeaway for mid-sized defense suppliers is practical: harden identity, reduce perimeter exposure, and assume meaningful risk often starts outside traditional corporate visibility. Main Topics Covered Why manufacturing remains a top target and a warning sign for broader supply-chain risk How the war in Ukraine is influencing cyber targeting tied to drones and UAS ecosystems China’s focus on edge-device compromise (VPNs, routers, email gateways) and why it matters The “fast follower” dynamic that turns one vulnerability into many intrusions North Korean IT worker operations, remote hiring fraud, and AI-enabled deception The highest-leverage defensive priorities for DIB organizations, especially identity and MFA Key Quotes “Manufacturing is always the most targeted sector going back to 2020. And I think that’s a larger canary in the coal mine.” — Luke McNamara “It’s not just some of these top-tier Chinese APT actors and their ability to leverage these as a zero-day, but the ability for secondary groups, once some of the details leak around a particular vulnerability, to start weaponizing it themselves.” — Luke McNamara “If I had to narrow it down to one category to put more resources to, I would say identity…hardening around the identity piece is certainly key.” — Luke McNamara "Organizations that are more aware of [the North Korean IT worker infiltration], where the security teams have met with their HR folks, their recruiters, helped inform them about the nature of these threats, I think they're a little bit better secured." — Luke McNamara "It sounds more like a movie than reality, but it's happening." — Frank Cilluffo Relevant Links and Resources Guest Bio Luke McNamara is a Deputy Chief Analyst at Google Cloud’s Mandiant Intelligence and part of Google’s Threat Intelligence Group, focused on cyber threat trends and emerging risks. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/40215155

Botnets, Edge Devices, and AI: Inside Forescout’s Threat Findings with Daniel dos Santos 02/17/2026

Botnets, Edge Devices, and AI: Inside Forescout’s Threat Findings with Daniel dos Santos A new wave of cyberattacks is being routed through everyday devices—and defenders can’t rely on old assumptions about geography or “known bad” infrastructure. Daniel dos Santos, VP at Vedere Labs (Forescout), walks through findings from their 2025 Threat Roundup, drawn from a global network of hundreds of honeypots and decoy systems. The conversation focuses on why web-facing systems and edge devices have become prime targets, how attackers hide inside cloud and ISP-managed networks, and what defenders can do earlier in the kill chain. Dos Santos also explains why many exploited vulnerabilities never appear on CISA’s KEV list—and how security teams should think about patching and risk anyway. Main Topics How honeypots reveal attacker intent across IT, IoT, and OT environments. Why attacks increasingly come from ISP-managed networks and consumer devices. Cloud and “benign” services used to blend in and evade traditional filters. Why distributed botnets weaken country-based blocking for defenders. The rise of web-facing exploitation and the shift away from stolen passwords. Edge devices, OT exposure, and why “discovery” dominates post-breach activity. Key Quotes “We have hundreds [of honeypots] throughout the world. Some of them are simulations… Some of them are real devices… we expose them with the intention of seeing them attacked.” — Daniel dos Santos “Home routers, but also home IP cameras or doorbells or solar inverters or…whatever it is that you have in your house that might be exposed to the internet and might be vulnerable can be these days recruited into a botnet.” — Daniel dos Santos “Attackers…have figured out that when you find a zero-day in a popular router or a popular firewall or a popular VPN appliance, you can really go against thousands and thousands of organizations.” — Daniel dos Santos “With one zero-day or one critical exploit, you can compromise thousands of organizations today.” — Daniel dos Santos “But what we do see in the signals that we see there and what we present in the report is that there is a whole world of vulnerabilities being exploited.” — Daniel dos Santos Relevant Links and Resources About the Guest: Daniel dos Santos is the VP of Research at Forescout Research — Vedere Labs, where he leads a team of researchers that identifies new vulnerabilities and monitors active threats. He holds a PhD in computer science, has published over 35 peer-reviewed papers, has found or disclosed hundreds of CVEs — and is a frequent speaker at security conferences. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/40138890

Storms, Cyber, and the Fight to Keep the Lights On with Scott Aaronson 02/10/2026

Storms, Cyber, and the Fight to Keep the Lights On with Scott Aaronson Grid resilience has become a test of whether the U.S. can keep essential systems running through disruption—and recover fast when they don’t. In this episode, Frank Cilluffo talks with Scott Aaronson about how the electric power sector plans for and responds to an “all-hazards” landscape, from major storms to cyber and physical attacks. Aaronson explains why the grid is a “network of networks” with a huge attack surface but few true single points of failure, and how mutual assistance became a national-scale capability. They also dig into interdependencies across “lifeline” sectors, the practical reality of IT/OT differences, and why surging demand—from AI and data centers to EVs and reshoring—raises urgent reliability and supply chain questions. Main Topics Covered Why electricity is consumed the moment it’s produced—and why balance matters. How mutual assistance evolved from bilateral help to national-scale response. Lessons from severe weather events, including what makes ice storms uniquely hard. The IT vs. OT gap, and why operational tech changes the cyber playbook. Interdependencies: why adversaries can hit electricity by targeting other sectors. Rising demand and the push to rebuild domestic manufacturing capacity for grid equipment. Key Quotes “Electricity is the only commodity that is consumed at the moment it is produced.” – Scott Aaronson “[Power companies] are competitive in some ways, but we are completely non-competitive when it comes to security, when it comes to resilience, when it comes to response and recovery.” – Scott Aaronson “I don’t really care if it is a storm or a pandemic or a cyber or physical attack or the zombie apocalypse… The impact is what matters.” – Scott Aaronson “The adversary is not attacking the electric sector. They are attacking the United States.” – Scott Aaronson “The first 72 are on you… Have food, have water, have a plan, be prepared. The cavalry is coming.” – Scott Aaronson “Regulations are great, but they are a foundational level of security… if you mandate… a 10-foot fence… the adversary brings a 12-foot ladder.” – Scott Aaronson Relevant Links and Resources About the Guest Scott Aaronson is Senior Vice President for Energy Security and Industry Operations at Edison Electric Institute (EEI) and Secretary of the Electricity Subsector Coordinating Council (ESCC), serving as a key industry-government liaison on power-sector security and preparedness. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/40060240

How Apple's iPhone Supply Chain Built China into a Manufacturing Superpower with Patrick McGee 02/03/2026

How Apple's iPhone Supply Chain Built China into a Manufacturing Superpower with Patrick McGee Supply chains are essential infrastructure—and the iPhone’s supply chain sits at the center of U.S.–China competition. As Washington reassesses economic security, this episode explores what it looks like when market incentives collide with geopolitical reality. Frank Cilluffo speaks with Patrick McGee, author of Apple in China, about his reporting on Apple’s deep manufacturing reliance on China—and what that reveals about leverage, resilience, and risk. They explore how industrial capacity is built through repetition, why diversification is harder than headlines suggest, and how concentrated production creates choke points that can ripple far beyond consumer tech. The result is a clear, practical case study in why supply chains matter for critical infrastructure, national security, and long-term competition. Main Topics Covered How “learning by doing” powered China’s rise in high-end electronics manufacturing The “epic transfer of technology” behind Apple’s scale and China’s supply-chain competence Xi Jinping’s post-2013 pressure campaign and Apple’s strategic recalibration in China Why supply-chain diversification is slower than headlines suggest, especially in India The “red supply chain” and how Apple suppliers became capability multipliers Taiwan/TSMC as a single-point-of-failure risk—and the AI chip-export debate it echoes Key Quotes “China isn't dependent on Apple in the way that Apple is inarguably dependent on China. My big worry in a certain sense is that the student has become the master.” — Patrick McGee “If you just take the $55 billion that they invested in 2015 alone, which was 22% of revenue … and just go from let's say the birth of the iPhone 2007–2025, you're talking about a trillion dollars that Apple's invested in China.” — Patrick McGee “None of those phones are really being made in India, they're just being assembled there. The joke that one manufacturing design engineer told me was that the phones are assembled in China, disassembled in China and sent to India for reassembly.” — Patrick McGee “Our narrative is essentially that Apple exploits Chinese workers. In a certain sense, that's the only narrative about Apple in China we've had in the past two decades. And I flip that on its head…[China is] getting more out of the relationship. It's a story about China exploiting Apple. — Patrick McGee “I think there still is a mindset that China is an imitator, not an innovator. I think we should recognize that… is not the case.” — Frank Cilluffo Relevant Links and Resources Guest Bio Patrick McGee is a Financial Times journalist and the author of Apple in China, covering geopolitics, technology, and global supply chains. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/39982030

AI, Critical Infrastructure, and Cascading Failures with Madison Horn 01/27/2026

AI, Critical Infrastructure, and Cascading Failures with Madison Horn Madison Horn joins host Frank Cilluffo to explain why AI-driven cyber risk may be quieter, faster, and harder to spot in 2026. She breaks down “cascading failures” in critical infrastructure—and how a disruption in one sector can quickly ripple into others. The conversation zeroes in on AI agents, especially their ability to create new user accounts, get access to systems, and hide inside everyday routine activity. Horn also warns that AI supply chain weaknesses could spread faster than traditional zero-days. Main Topics Covered Why AI-enabled attacks may look like normal business activity. Cascading failures across water, power, telecom, and healthcare systems. AI agents creating identities and operating with “human-like” access. Why “AI supply chain” risk could eclipse zero-day exploits. “Slow and steady” AI adoption for critical infrastructure operators. Why quantum planning should happen alongside today’s AI rollouts. Key Quotes “Within critical infrastructure… water needs electricity, electricity needs telcos, and healthcare needs all three.” —Madison Horn “Hackers are lazy. And I mean that not to be offensive, but if you can reach your objective, reaching the lowest hanging fruit, then you're going to.” —Madison Horn “Attacks are not going to look as restricting and as loud. I think it's going to look just like business as normal until we see [impacts] in the physical world." — Madison Horn “What I worry about is people assuming and trusting that an AI tool is doing what it's supposed to and not necessarily understanding or being able to detect that it's doing something malicious." — Madison Horn “I just don't want quantum to get lost into the AI conversation.” — Madison Horn Relevant Links and Resources Madison Horn’s 2026 predictions (Nextgov) About the Guest Madison Horn is the national security and critical infrastructure chief advisor at World Wide Technology, with 15+ years leading cyber strategy and incident response in high-consequence, regulated environments. She previously held senior roles at Siemens Energy, PwC, and Accenture Security, and founded Roserock Advisory Group focused on cybersecurity and geopolitics. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/39898085

Cyber Leadership, Workforce Morale, and the House Email Breach with Nextgov's David DiMolfetta 01/20/2026

Cyber Leadership, Workforce Morale, and the House Email Breach with Nextgov's David DiMolfetta CISA leadership, NSA/Cyber Command staffing, and offensive cyber operations are colliding early in 2026. Frank Cilluffo and reporter David DiMolfetta unpack Sean Plankey’s renomination for CISA Director, and what a prolonged leadership vacuum can mean for agency direction and momentum. They then turn to Lt. Gen. Rudd’s confirmation hearing and the evolving debate over the Title 10/Title 50 “dual hat.” The conversation also examines morale and workforce pressures inside NSA, including reported staffing reductions. It closes with “Absolute Resolve,” what public discussion of cyber “effects” might signal for deterrence, and a China-linked House staff email breach that frames what Molfetta is watching next. Main Topics Covered What Sean Plankey’s CISA renomination signals about cyber leadership priorities. Why “core mission” talk at CISA still depends on who’s in charge. Lt. Gen. Rudd’s hearing, and how the dual-hat debate is evolving. NSA morale and workforce cuts, and what that means for capability. “Absolute Resolve,” cyber effects, and the deterrence value of public signaling. House staff email targeting, Salt Typhoon questions, and the midterms-AI threat mix. Key Quotes “Cisa's work does not stop. That said, if you don't have a permanent leader in place, you don't have a guy to set direction, and things can't really go anywhere.” — David DiMolfetta “When you don't have people at their desks [because of workforce reductions], that means they may not be tracking adversaries, they may not be doing that work to cultivate relationships with sources on a kind of human intelligence style level. — David DiMolfetta “[In Venezuela] lights went off, but they also went back on.” — David DiMolfetta “Authority, accountability, and resources — I found those to be the three criteria to get things done in D.C.” — Frank Cilluffo Relevant Links and Resources Guest Bio: David DiMolfetta covers cybersecurity for Nextgov. Previously, he researched The Cybersecurity 202 and The Technology 202 newsletters at The Washington Post and covered AI, cybersecurity and technology policy for S&P Global Market Intelligence. He holds a BBA from The George Washington University and an MS from Georgetown University. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/39798350

The Hammer and the Anvil: Offensive Cyber Strategy with Chris Inglis 01/13/2026

The Hammer and the Anvil: Offensive Cyber Strategy with Chris Inglis Chris Inglis joins Frank Cilluffo to break down what offensive cyber strategy should look like in an era of strategic competition. Drawing from the McCrary Institute’s new report on U.S. cyber policy, Inglis argues that resilience and consequences are not competing theories—they have to work together. He explains why “defend forward” and persistent engagement reshaped authorities and expectations after 2018, including how NSPM-13 changed delegation for operations. The conversation also tackles the messy seam between Title 10 and Title 50 in cyberspace, and why integration—not exquisite tools—will decide whether cyber power is truly strategic. Main Topics Covered Why offense and resilience must operate as one integrated cyber strategy Cyber deterrence as changing an adversary’s decision calculus, not perfection How NSPM-13 helped shift delegation and operational tempo in 2018 What “defend forward” means in plain terms—and why it’s defensive Blurring of Title 10 and Title 50 in cyberspace—and why that matters The warning: the U.S. is behind on integrating cyber with power Key Quotes “My view is that the discussion of whether it’s going to be a focus on defense kind of inherent resilience or a focus on imposing consequences is a false choice.” — Chris Inglis “But when you get to cyberspace, it turns out that the Title 50, which is trying to get information from cyberspace, and the Title 10, which is trying to actually achieve effects in cyberspace, are about 90% the same.” — Chris Inglis “[With defend forward] We’re not going to wait onshore for [malicious cyber activity] to arrive and then kind of cede the initiative to adversaries.” — Chris Inglis “What keeps me awake at night? We don’t have time. We’re way behind the curve.” — Chris Inglis Relevant Links and Resources McCrary Institute report — Guest Bio Chris Inglis is the former U.S. National Cyber Director and former NSA Deputy Director, with decades of experience in national security and cyber policy. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/39718775

Are We Ready for 2026? Top Cyber Predictions on Policy, Tech, and Threats 01/06/2026

Are We Ready for 2026? Top Cyber Predictions on Policy, Tech, and Threats Cyber Focus kicks off 2026 (and its 100th new episode) with rapid-fire predictions from McCrary Institute senior fellows. They flag big policy inflection points—especially whether Congress can reauthorize “CISA 2015,” sustain information-sharing protections, and keep state and local cybersecurity funding on track. Tech-wise, the group focuses on AI’s accelerating integration, the “speed” divide between defenders and adversaries, and emerging pressures across connectivity and infrastructure. On threats, they warn about deepfake-driven social engineering, ransomware that’s getting faster and more accessible, “typhoon” intrusions, and the compounding risk of encryption and security tech debt. Main Topics Covered CISA 2015 reauthorization, information sharing, and state/local cyber funding priorities. Cyber offense and deterrence: shaping adversary behavior by imposing real costs. AI everywhere: faster attacks, faster defense, and higher infrastructure stakes. Convergence and connectivity: data centers, wireless, subsea cables, satellite, and scale. Deepfake social engineering and shrinking ransomware dwell times in 2026. “Typhoon” intrusions, critical infrastructure exposure, and major-event targeting pressure. Key Quotes "What I believe is going to overtake identity just in general is deep fake social engineering. And that means the calls that look like your CEO that tell you to get on an urgent call right now... I think I'd click on that if I didn't know better. And a lot of us in the security realm would." — Cynthia Kaiser "We're actually getting the broader dividing line between haves and have nots... If you can't move fast, you're going to need to find someone who can... If you're someone that can't receive new information and immediately improve your defensive posture, you're probably a have not." — Matt Hayden "We're seeing and hearing that the US government is interested in taking the fight to the adversaries... shaping the adversary's behavior is important because it slows them down, it imposes costs on them, and perhaps it could lead to deterrence." — Christopher Roberti "I started with China and I'm going to end with China... making sure again, we don't take our eye off the ball that wow, there may be reasons to make deals economically with China. We have to treat them as a potential adversary." — Bob Kolasky "At the end of the day, I look at as the typhoon epidemic—Salt, Vault... What is the next typhoon we're going to uncover in 2026 that's going to be driving our cybersecurity defense measures?" — Bill Evanina Relevant Links and Resources https://mccraryinstitute.com/directory/senior-fellows/ /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/39627500

AI-Orchestrated Cyber Espionage and the Future of Cyber Defense with CISA’s Nick Andersen 12/18/2025

AI-Orchestrated Cyber Espionage and the Future of Cyber Defense with CISA’s Nick Andersen AI is speeding up cyber operations and shrinking the window for defenders to respond. Nick Andersen, who leads CISA’s Cybersecurity Division, explains why Anthropic’s recent report caught attention: it described what Anthropic called the first publicly reported AI-orchestrated cyber espionage campaign, in which threat actors misused its Claude models to automate and scale parts of an intrusion. Andersen and Frank Cilluffo unpack what that signal means for resilience, from model safeguards to the infrastructure and people surrounding them. They apply secure-by-design thinking to frontier AI, stress risk ownership for adopters—especially in OT—and warn against silver-bullet claims. The conversation closes on what it takes to build capacity, including KEV-driven prioritization and CISA’s Scholarship for Service pipeline. Main Topics Covered Why AI changes cyber defense through speed, scale, and attacker efficiency. What the “Anthropic/Claude” case signals about resilience for AI providers. Secure-by-design expectations for AI systems and the infrastructure around them. OT adoption: governance, data flows, and safety-first decision-making. Workforce and talent pipelines, including CISA’s Scholarship for Service interns. Practical prioritization: vulnerabilities, KEV, and remediation at operational pace. Key Quotes: “If we don't engage now in having a resilience conversation around our artificial intelligence companies, we're going to see a lot more of what, what happened with Claude, in this case.” – Nick Andersen “The core principles regarding what we're focused on as cyber defenders don't necessarily change here, but the speed through which I think we can expect known vulnerabilities to be weaponized and exploited in the wild now that's going to change for us." – Nick Andersen “There is no silver bullet. Anybody who has a sales pitch they're receiving that says that this AI solution is going to solve all of your problems... they should immediately become exceedingly skeptical and start asking an awful lot of questions." – Nick Andersen “OT operators are going to have some really tough conversations coming up about what control are they willing to give away... We know within the OT environment safety and security has to come first." – Nick Andersen “Our adversary has a pretty clear-eyed view of what they're trying to achieve. And it is both the opportunities for, you know, discord and societal panic.” – Nick Andersen Relevant Links and Resources Guest Bio: Nick Andersen serves as Executive Assistant Director for CISA’s Cybersecurity Division, where he leads national efforts to defend against major cyber threats and improve the resilience of U.S. critical infrastructure. He previously held senior cyber leadership roles at the White House, the Department of Energy, and in intelligence roles for the Coast Guard and Navy. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/39460545

Revisiting Offensive Cyber Discussion with Adm. Mike Rogers (Ret.) 12/16/2025

Revisiting Offensive Cyber Discussion with Adm. Mike Rogers (Ret.) In this re-releases episode of Cyber Focus, host Frank Cilluffo sits down with Admiral Mike Rogers (Ret.), former Commander of U.S. Cyber Command and Director of the National Security Agency. Rogers shares insights from his leadership across two administrations, discussing offensive cyber operations, the evolution of Cyber Command, and pressing national security challenges. The conversation spans from undersea cable vulnerabilities to public-private integration, the future of quantum and AI, and the enduring need for clarity in cyber policy. A decorated Auburn alum, Rogers reflects on lessons learned, historical inflection points, and what must change for the U.S. to stay ahead in the cyber domain. Main Topics Covered: Shifting to a proactive cyber posture: persistent engagement and defend forward The evolving role of Cyber Command and comparisons to SOCOM Vulnerabilities in undersea cable infrastructure and space-like situational awareness Lessons from Ukraine on real-time public-private integration Strategic implications of AI and quantum technologies Key Quotes: "I believe that what [offensive cyber actions] we ought to authorize is not just going after infrastructure but directly going after capability within those nations that are generating these effects against us." — Adm. Mike Rogers "If you're going to deter an entity, they have to have some level of awareness of both [your] capability and intent." — Adm. Mike Rogers "If you had asked me five years ago when I left Cyber Command, would a foreign entity, in this case a nation-state, upload destructive malware into critical U.S. infrastructure in a time of peace?... I would have said to you… there's a low probability. Boy, I got that wrong." — Adm. Mike Rogers "I think it requires a little precision in how we discuss these matters. Because not all hacks are the same, not all hackers are the same, not all intentions are the same, not all capabilities are the same. [Not] everything is an 'attack'." — Frank Cilluffo "I'm not interested in collaboration; I'm interested in integration. I'm interested in a real-time situational awareness between government and the private sector." — Adm. Mike Rogers Relevant Links and Resources: U.S. Cyber Command – Mission and Vision NSA – About the Agency Cyberspace Solarium Commission Final Report Guest Bio: Adm. Mike Rogers (Ret.) served as the Director of the National Security Agency and Commander of U.S. Cyber Command from 2014 to 2018. A four-star admiral with a distinguished 37-year career in the U.S. Navy, he helped shape modern cyber strategy at the highest levels of government. Since retiring from active duty, he has advised Fortune 500 companies, startups, and global institutions on cyber, intelligence, and national security issues. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/39387945

The Hidden Backbone of the Internet: Subsea Cable Security with Alex Botting 12/09/2025

The Hidden Backbone of the Internet: Subsea Cable Security with Alex Botting Undersea cables quietly carry almost all global internet traffic yet rarely feature in security debates. This episode explains how subsea infrastructure underpins the global economy, data flows, and modern military operations while facing frequent “accidental” disruptions and growing geopolitical risk. Listeners hear why chokepoints, island dependencies, and hotspots from the Red Sea to the Taiwan Strait keep national security officials up at night. The conversation also explores how redundancy, smarter investigations, and faster permitting can harden this hidden backbone against both negligence and sabotage. Frank and Alex close by looking at AI, quantum, fiber sensing, and satellite backups as the next frontier for cable resilience and deterrence. Main Topics Covered Subsea cables as the physical backbone of global internet and finance. How outages happen, from ship anchors to suspected sabotage. Strategic chokepoints, island dependencies, and contested regions like the Red Sea. Building resilience through redundancy, permitting reform, and trusted infrastructure partners. New monitoring tools: fiber sensing, AI, and quantum for cable security. How governments and industry share intelligence and fund resilient capacity. Key Quotes: “Subsea cables carry the vast majority of Internet traffic around the world… Estimates vary from 95 to 99% of Intercontinental data traffic. So when you think about the Internet, subsea cables are the basis of the Internet.” “Redundancy is our biggest defense… We have 100 cables coming into the US and therefore it makes it very hard to do anything meaningful in a short time frame to actually impact it. "Do I think our adversaries would want to do this [tap cables]? Yes... Do I think they can do it? Possibly. Do I think the juice is worth the squeeze? No, I don't." “There were more cable cuts in the Taiwan Strait in January of this year than either 2024 or 2023 in total. That is a sharp uplift at a time when we know that hostility in that part of the world is rising. I would be shocked if none of those incidents were knowingly done.” “The entire Starlink... global capacity is equivalent to [only a few] subsea cable[s]... So when you talk about truly replacing [subsea cables], it's not there." Relevant Links and Resources Guest Bio: Alex Botting is the Senior Director of Global Security & Technology Strategy at Venable. His career has focused on shaping policies at the intersection of security, technology & telecoms in more than 50 countries and multilateral organizations around the world. In November he testified before the House Homeland Security Committee about threats to the subsea cable infrastructure. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/39338105

The Army’s “No Fail” Cyber Mission with Brandon Pugh 12/02/2025

The Army’s “No Fail” Cyber Mission with Brandon Pugh Army Principal Cyber Advisor Brandon Pugh joins Frank Cilluffo to address a stark reality: if critical infrastructure fails, the Army cannot mobilize. To meet this “no fail” mission, Pugh explains how the service is aggressively merging cyber with electronic warfare and cutting red tape to field new technology in days rather than years. They also discuss the Army’s unique edge in this digital fight—Reservists who bring high-level private sector expertise directly to the battlefield. The conversation also explores how AI and operational technology are reshaping the Army’s cyber battlefield and threat landscape. Main Topics Covered • How Congress created the principal cyber advisor role and defined its authorities. • Army cyber’s four focus areas: AI, defense critical infrastructure, acquisition, and workforce. • Integrating cyber, electronic warfare, RF, and information operations into Army warfighting doctrine. • Defending defense critical infrastructure and preparing for Volt Typhoon-style cyber disruptions. • Leveraging AI for continuous monitoring, faster detection, and protection of sensitive Army data. • Reforming cyber acquisition through FUZE prototypes, VC-style partnerships, and Guard and Reserve expertise. Key Quotes “Cyber is not an isolated capability. It's not something that just rests at Fort Gordon or Fort Meade.” – Brandon Pugh “If an adversary goes after one of our military bases and we can't mobilize people, tanks, equipment in a time of conflict, that is a major concern… we can't accept the fact that cyber could be the barrier to our ability to do other military tasks.” – Brandon Pugh “It's a national security imperative to leverage AI. We know adversaries are going to leverage AI or exploit our AI regardless of what we do here. We could put barriers in terms of aggressive regulation which some have proposed in the past or seek to slow it down. All that's going to do is help our adversaries.” – Brandon Pugh “We have some individuals that show up their reserve weekend in $300,000-$400,000 vehicles because they are the experts in what they do as civilians. They have signed up and taken the oath because they want to serve this country. That is the talent we have in the Reserve and Guard that we need to continue to expand.” – Brandon Pugh “We don't have to go through a multi-year acquisition cycle, spend millions of dollars where we've seen 3D printed drones for mere dollars in some cases being leveraged [in Ukraine]… We need some of these capabilities in a matter of days or weeks, not years." – Brandon Pugh Relevant Links and Resources • • Guest Bio Brandon Pugh is the Principal Cyber Advisor to the Secretary of the Army, advising the Secretary and Army Chief of Staff on cyber readiness, budget, capabilities, and strategy. He previously served as a director at the R Street Institute and continues to serve in the U.S. Army Reserve as a national security law professor, having earlier been a paratrooper and international law officer. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/39221995

Inside State Cyber Defense: Whole-of-State Security with Alabama's Daniel Urquhart and Chad Smith 11/18/2025

Inside State Cyber Defense: Whole-of-State Security with Alabama's Daniel Urquhart and Chad Smith State and local governments are stepping up to defend critical services against fast-evolving cyber threats. In this episode of Cyber Focus, Alabama’s top IT leaders show how they’re staying ahead of the curve. They explain how a hybrid, highly decentralized environment forces them to lean on shared standards, SLCGP funding, and whole-of-state partnerships. Along the way, they unpack a recent incident that came dangerously close to crisis and what it revealed about tools, visibility, and trust. They also look ahead to AI-enabled attacks, deepfakes, and “distortion,” and why automation and better intel will shape Alabama’s next moves. Watch to see what other states, utilities, and local leaders can learn from Alabama’s playbook. Main Topics: How Alabama OIT governs technology across roughly 140 executive agencies in a mostly decentralized environment. Using SLCGP funds, shared contracts, and enterprise tools to lift up smaller municipalities that lack resources. Rethinking threat intelligence by pairing MS-ISAC and CISA feeds with deep knowledge of state business processes. Lessons from a major cyber incident, including incident-response retainers, tooling gaps, and the value of open communication. Building whole-of-state partnerships with CISA, FBI, utilities, National Guard, and the McCrary Institute through exercises and real incidents. Preparing for AI-enabled cyberattacks through automation, platform integration, and continuous upskilling for Alabama’s cyber workforce. Key Quotes: “Cybersecurity is a team sport. It’s not just one person. We’re trying to build the community.” — Daniel Urquhart “There’s a huge concern that I have as we think about the amount of threats that are going to come at us from an AI enabled cyber attack. It is going to be so broad and so unlike anything that we’ve seen today.” — Chad Smith “I think we have to be willing to talk about [a recent cyber incident] so that people can learn from it, but also so that people know, hey, they're actually doing something and things are happening in a way that we can respect.”— Chad Smith “We try to do a lot of education and team building and building that cohesive whole estate approach by setting up technology demos and articulating the why.” — Daniel Urquhart “We’ve done a really good job the last couple of years working with the FBI, Secret Service, National Guard. Those types of partnerships can make us stronger as a state.” — Daniel Urquhart Relevant Links and Resources · · Guest Bios: Daniel Urquhart is the Secretary of the Alabama Office of Information Technology. OIT is responsible for the strategic planning, governance, and resource utilization of all IT for the State of Alabama. Before joining OIT, he served as CIO for the Alabama Law Enforcement Agency, where he worked with industry partners to build a state-of-the-art criminal justice network. Chadwick Smith serves as the Chief Information Security Officer for Alabama’s Office of Information Technology (OIT). Mr. Smith has worked in the technology industry for over twenty-five years. Prior to joining OIT, Chad worked in the insurance, banking, and data communications industries. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/39080350

The Hidden Dangers in Your Supply Chain with SecurityScorecard's Aleksandr Yampolskiy 11/11/2025

The Hidden Dangers in Your Supply Chain with SecurityScorecard's Aleksandr Yampolskiy SecurityScorecard CEO Aleksandr Yampolskiy joins Cyber Focus to warn that third-party risk is now the dominant cybersecurity epidemic. With just 150 companies responsible for 90% of the global attack surface, a single compromise can ripple across sectors and continents. He and host Frank Cilluffo explore the cascading risks of software dependencies, fourth- and fifth-party exposure, and the challenges of shadow IT and shadow AI. Yampolskiy outlines where companies fall short on governance and calls for outcome-driven oversight, not just busywork. They also discuss how AI can be both a vulnerability vector and a force multiplier for defense. Main Topics Covered • Third-party breaches now account for 65% of cyber incidents globally • Only 150 companies comprise 90% of the global attack surface • The risks of shadow IT and “shadow AI” leaking sensitive data • Systemic vulnerabilities in critical infrastructure like U.S. ports and healthcare • Limitations of compliance-driven approaches without continuous risk measurement • The need for clear governance, outcome-oriented metrics, and board-level engagement Key Quotes “65% of data breaches today happen through use of a third party. Hackers go after one weak link.” — Aleksandr Yampolskiy “150 companies’ products comprise 90% of a global attack surface. So if one of those companies gets compromised, all of a sudden, you can compromise almost everybody.” — Aleksandr Yampolskiy “You can be fully compliant with all the regulations, but not secure. Or you could be really secure but not compliant.” — Aleksandr Yampolskiy “An employee takes [the] general ledger or... some sensitive corporate information, uploads it to ChatGPT—or worse, to [a model] in China—gets a beautiful response, looks like a champion... but then you just leaked sensitive information from a company and nobody knows about it.” — Aleksandr Yampolskiy “Our ability to network has far outpaced our ability to protect networks.” — Frank Cilluffo Relevant Links and Resources • Guest Bio Aleksandr Yampolskiy is the Co-Founder and CEO of SecurityScorecard, a global leader in cybersecurity ratings and risk management. A former CISO and CTO, he has led the company since 2014 in helping tens of thousands of organizations—including half of the Fortune 100—measure and strengthen their cyber resilience. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38981810

CVE at a Crossroads: Global Standards, Local Failures, and What Comes Next with Nick Leiserson 11/04/2025

CVE at a Crossroads: Global Standards, Local Failures, and What Comes Next with Nick Leiserson Cybersecurity veteran joins Cyber Focus this week to break down critical governance gaps in the Common Vulnerabilities and Exposures (CVE) system and what’s at stake if they’re not fixed. He and host Frank Cilluffo explore the risks of global fragmentation, the lingering fallout from the F5 breach, and why policy tools like Executive Order 14028 remain stalled. Leiserson warns that the U.S. court system faces an under-the-radar cyber crisis, and shares specific, actionable funding priorities Congress should tackle now. From software supply chain failures to operational coordination gaps, the episode provides a sharp look at what’s missing in the federal cybersecurity response—and what can still be done to fix it. Main Topics Covered · Why CVE is the global “lingua franca” for vulnerabilities—and what happens if it fails · How a near-shutdown exposed CVE’s fragile funding and governance model · The F5 breach and what it reveals about persistent risks in the software supply chain · Missed opportunities in EO 14028 and regulatory inertia in implementation · Why the U.S. court system breach is a cybersecurity crisis hiding in plain sight · Urgent spending needs: water system grants, K-12 cybersecurity, and court system defense Key Quotes “CVE... It’s the universal language that we can all look at and understand what we’re talking about. And today in 2025, we totally take that for granted.” “The worst case is fragmentation. The second worst is [when] government comes in and says, we're going to supplant the expertise that's been built up over 25 years” —Nick Leiserson “[Some ask] ‘Didn’t we put a bunch of policy in place to stop SolarWinds?’ The answer is we did. If you look at Executive Order 14028… it came out in the immediate aftermath of SolarWinds, and it has not been implemented.” —Nick Leiserson “This is just one of those things that’s vaguely terrifying, and it takes a lot to terrify me after 15 years in this space. But as best we can tell from public reporting, either there’s been one continuous breach since 2020, or at least similar types of actors are continually being able to get into the federal court system.” —Nick Leiserson “[F5 is] one of these bits of technologies that most people would not immediately wake up and say that's essential to our economy, our national security, our public safety. But it is.” —Frank Cilluffo Relevant Links and Resources Guest Bio Nick Leiserson is Senior Vice President for Policy at the Institute for Security and Technology. He was a founding member of the Office of the National Cyber Director, where he led national cyber policy development and helped launch the National Cybersecurity Strategy Implementation Plan. Previously, he served as Chief of Staff to Rep. Jim Langevin and helped enact dozens of recommendations from the Cyberspace Solarium Commission. A longtime strategist on Capitol Hill and in the White House, Leiserson is known for translating complex tech policy into action on issues ranging from regulatory harmonization to software liability. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38910220

Code Red: Breaking Down China’s Cyber Offensive—Volt, Salt, and Flax Typhoon 10/28/2025

Code Red: Breaking Down China’s Cyber Offensive—Volt, Salt, and Flax Typhoon What do Volt Typhoon, Salt Typhoon, and Flax Typhoon reveal about China's cyber playbook? This episode of Cyber Focus breaks down a new McCrary Institute report on China’s advanced persistent threat campaigns—and what they mean for U.S. national security. Frank Cilluffo sits down with Mark Montgomery, Brad Medairy, and Bill Evanina to explain how China is embedding itself in American infrastructure, telecom, and data systems. They warn that Beijing is laying the groundwork for future conflict and that the U.S. response has been dangerously slow. The guests call for stronger deterrence, better public awareness, and a renewed focus on the economic toll of cyber theft. Main Topics Covered China’s long-term cyber threat strategy Volt Typhoon and infrastructure targeting Salt Typhoon and telecom espionage Flax Typhoon and persistent access Gaps in U.S. cyber deterrence Economic costs of IP theft Relevant Links and Resources Key Quotes: "Each year we can say the threat has grown. And I would say the leading driver of that growth in the cyber threat environment in the United States is China." — Mark Montgomery "China is using cyberspace to project power. And as a nation, I think that we need to recognize this threat." — Brad Medairy (~05:50) "Until people believe that [China’s cyber actions] matters to them, we're not going to get the kind of actions we need." — Mark Montgomery “China[‘s] … offensive cyber tradecraft is going to be AI enabled. They're going to be able to deliver effects and capabilities at pace that we never imagined. — Brad Medairy “I think the Chinese want not only us, but they want the world to know that they're inside… Xi wants… the world to know that he can do this.” — Bill Evanina “We have to expeditiously get into place where we could harden ourselves so the railroad could work, the ports work, the electricity grids work. We're not ready. We're nowhere near ready.” — Bill Evanina Guest Bios: RADM Mark Montgomery (Ret.) is Senior Director of the Center on Cyber and Technology Innovation and a Senior Fellow at the Foundation for Defense of Democracies. He also serves as Executive Director of Cybersolarium.org, a nonprofit advancing the recommendations of the Cyberspace Solarium Commission, which he led from 2019 to 2021. Previously, he was Policy Director for the Senate Armed Services Committee under Senator John McCain, following a 32-year career as a nuclear-trained surface warfare officer in the U.S. Navy, retiring as a Rear Admiral in 2017. Bill Evanina is the Founder and CEO of the Evanina Group, where he advises corporate boards and CEOs on strategic risk, counterintelligence, and national security threats. He served as the first Senate-confirmed Director of the National Counterintelligence and Security Center (NCSC), leading U.S. government efforts to defend against espionage and foreign influence. A 24-year FBI veteran, Evanina held senior roles in both counterintelligence and counterterrorism and previously led the CIA’s Counterespionage Group. He also chairs national and international security boards and is an instructor at the University of Chicago. Brad Medairy is an Executive Vice President at Booz Allen Hamilton, where he leads the firm’s cybersecurity business and supports national-level clients including the FBI, DHS, DOD, U.S. Cyber Command, and the Intelligence Community. He focuses on protecting critical infrastructure, securing emerging technologies, and defending against advanced cyber threats. Medairy leads multidisciplinary teams that integrate AI, cloud, and cyber operations to deliver full-spectrum solutions. He has been recognized as a Top 50 Cybersecurity Leader and Cyber Executive of the Year, and holds degrees from UMBC and Johns Hopkins University. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38811490

Fuel, Force, and the Frontlines: Critical Infrastructure in Conflict with Chris Cleary 10/21/2025

Fuel, Force, and the Frontlines: Critical Infrastructure in Conflict with Chris Cleary What if the easiest way to disrupt U.S. military operations isn’t with missiles—but by targeting fuel logistics? In this episode, Chris Cleary explains how civilian infrastructure has become a frontline in national defense. He and Frank Cilluffo discuss how adversaries exploit cyber vulnerabilities to slow military response, and why deterrence requires more than just rhetoric. They unpack the case for a dedicated Cyber Force, the suprising way Chris thinks it should be structured, and the challenges of coordinating across government and industry. With prepositioned threats like Volt Typhoon in the headlines, the stakes are higher than ever. Main Topics Covered How fuel logistics shape U.S. military readiness in the Pacific Why adversaries target civilian infrastructure like water and power systems What defines a “cyber attack” under rules of engagement Gaps in deterrence, response, and public signaling The case for a U.S. Cyber Force modeled after the Coast Guard Challenges of coordination across agencies and private sector providers Key Quotes “I could degrade the Navy's ability to run around in the Pacific by just limiting the ability to move fuel on the west coast of the United States.” — Chris Cleary “If [China’s cyber forces] are in Littleton, Massachusetts, they're everywhere.” — Chris Cleary “I would argue a cyber force of the future looks more like a Coast Guard than a Navy.”— Chris Cleary “I am a true believer that cyber is a legitimate means and methods of warfare. And we are going to have to professionalize in it.” — Chris Cleary “All the zero trust in the world is not going to stop—a China, a Russia, a sophisticated organization—from targeting you.” — Chris Cleary Relevant Links and Resources 60 Minutes on China's Cyber Infiltation: Guest Bio Christopher Cleary is Vice President of Global Cyber Practice at ManTech. He previously served as the Department of the Navy’s Principal Cyber Advisor, where he led the implementation of the DoD Cyber Strategy across the Navy and Marine Corps. Prior to that, he was the Navy’s Chief Information Security Officer and Director of Cybersecurity within the Department of the Navy CIO’s office. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38644970

Cyber Force, ROI, and the Case for Reform with Ed Cardon & Josh Stiefel 10/14/2025

Cyber Force, ROI, and the Case for Reform with Ed Cardon & Josh Stiefel Should the U.S. have a dedicated Cyber Force? In this episode, General Ed Cardon and Josh Stiefel examine persistent gaps in the nation’s cyber posture, from undefined mission boundaries to unclear return on billions in cyber spending. They explore the organizational tradeoffs, workforce realities, and coordination challenges that have stalled progress, despite years of warnings. With host Frank Cilluffo, they unpack what it would take to move beyond patchwork solutions. Main Topics Covered The failure of past “wake-up calls” to drive meaningful cyber reform Gaps in command, control, and mission clarity across defensive cyber operations The case for a dedicated Cyber Force and what it would need to solve on day one Why workforce development—not just recruitment—is central to cyber readiness The role of metrics and return-on-investment in cyber spending The importance of establishing clear operational roles between NSA, CNMF, DC3, DCDC Key Quotes: “How many of these have we been through, these quote, unquote, watershed moments that were going to change everything? … How cataclysmic does an incident have to be to get us to actually move one way or the other? - Josh Stiefel “From 2020 to 2025, if you take all the budgets together, we've spent $29.9 billion on cyber operations. That's as much as two Ford-class aircraft carriers. Do we have the equivalent combat capability in cyberspace as two Ford-class carriers? I'd argue no.” - Josh Stiefel “[Cyber Com] just is not where it needs to be. It's doing great work, but not at the scale and breadth that we know we're going to need. – Ed Cardon “In my experience, we tend to study [decisions like standing up a Cyber Force] for a couple of years before we implement it. We don't have that kind of time.” – Ed Cardon “Each one [of the typhoons] is a really bad day. Collectively, it’s the perfect storm. And the fact that we at least publicly haven’t made it a much bigger set of issues is going to send a signal to all of our adversaries that this is okay.” – Frank Cilluffo Relevant Links and Resources CSIS Cyber Force Commission: Guest Bios: Joshua Stiefel is the former Professional Staff Member on the House Armed Services Committee, where he oversaw cyber and IT policy, operations, and procurement. He previously served as Senior Cyber Policy Advisor at the Department of the Treasury, leading sector-wide cybersecurity initiatives and authoring its first vulnerabilities study. A former DoD intelligence officer who deployed with Special Operations Forces in Iraq, he now serves in the U.S. Navy Reserve. He is a Term Member of the Council on Foreign Relations and holds degrees from Harvard and Lehigh. Lt. Gen. Edward Cardon (Ret.) served 36 years in the U.S. Army, including as Commanding General of Army Cyber Command, where he built it into a world-class force with 41 cyber mission teams. He later directed the Army Office of Business Transformation, helping establish Army Futures Command. His career also included leading the 2nd Infantry Division in South Korea and multiple combat deployments. Today, he is a Senior Counselor at The Cohen Group and advises defense and technology organizations. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38578690

Inside In-Q-Tel: Investing in America’s Cyber Future with Katie Gray 10/07/2025

Inside In-Q-Tel: Investing in America’s Cyber Future with Katie Gray Katie Gray, a senior partner at In-Q-Tel, joins host Frank Cilluffo to pull back the curtain on the venture firm’s role in advancing U.S. national security through tech innovation. As head of In-Q-Tel’s cyber investment practice, Gray offers rare insight into the organization’s dual-use investment model, its evolving priorities, and the technologies it believes will define the next 25 years. They discuss how In-Q-Tel identifies emerging threats, evaluates startups, and bridges the gap between cutting-edge technology and urgent government needs. Topics include AI, quantum, cyber-physical security, and the vulnerabilities shaping today’s threat landscape. The conversation also highlights In-Q-Tel’s unique role as both strategic investor and national security partner. Main Topics Covered In-Q-Tel’s origin, mission, and evolution beyond the intelligence community How In-Q-Tel identifies promising startups and matches them with agency needs The shifting threat landscape in cyber, including Volt Typhoon and AI-driven attacks Investment priorities in space, supply chain security, and operational technology The dual-use tech model and building resilience at machine speed A case study: VulnCheck and its impact across multiple government agencies Key Quotes "We are dramatically under invested as a nation in our cyber defenses… as we look to the future conflict, we're so vulnerable from a cybersecurity standpoint. " – Katie Gray "[For] every dollar that In-Q-Tel invests in a company, there’s $40 that are invested from the private sector." – Katie Gray "One of the things we do look for is to try and fund dual-use technology that has strong commercial [and] government market." – Katie Gray “We're going to be in a world where 80-90% of the code that is being written is being written by AI systems. – Katie Gray "We can’t be responding to [AI-driven cyber attacks] at human speed. We have to be responding to that at machine speed." – Katie Gray Relevant Links and Resources https://www.iqt.org/mission Guest Bio Katie Gray is a senior partner at In-Q-Tel, where she leads the organization’s cyber investment practice and supports mission-driven innovation across the U.S. national security landscape. She previously spent more than a decade in software product management, leading development for mobile devices at Palm, HP, and Plastic Logic. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38496590

How Scammers Exploit Trust and FOMO: Kicking Off Cybersecurity Awareness Month with Lisa Plaggemier 09/30/2025

How Scammers Exploit Trust and FOMO: Kicking Off Cybersecurity Awareness Month with Lisa Plaggemier Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance, joins host Frank Cilluffo to discuss how public education can combat online scams, fraud, and cyber threats. With billions of campaign impressions and only a nine-person team, the Alliance focuses on motivating behavior change through creative, jargon-free outreach. Plaggemier explains how scams like pig butchering are orchestrated by organized crime and even nation-state actors—and why the U.S. needs a coordinated national response. The episode highlights the growing need for cross-sector data sharing, targeted messaging for seniors, and a “scam czar” to unite fragmented efforts. As Cybersecurity Awareness Month kicks off, the conversation underscores how individual actions and shared responsibility can help close critical gaps in digital safety. Main Topics Covered • The mission of the National Cybersecurity Alliance and its consumer-focused campaigns • Core Cybersecurity Awareness Month themes: MFA, passwords, updates, and scams • Reaching overlooked populations through creative outreach like Kubikle and safe-word campaigns • The scale and structure of online scams like pig butchering and their ties to nation-state actors • The call for a national “scam czar” to coordinate public-private response • Challenges in cross-sector data sharing and the limits of current fraud response models • Upcoming efforts to reach K-12 audiences and improve campaign impact across age groups Key Quotes “We are a tiny nonprofit of nine people and we reach billions of people every October.” — Lisa Plaggemier “I can hack away at our banks and probably not come away with any cash. [But] I can hack away at individual customers of the bank and come away with millions of dollars, and there's no ISAC for my mom.” — Lisa Plaggemier “I do not think it would be a bad idea if we had a scam czar at this point because the adversary is so well organized.” — Lisa Plaggemier “Older folks are targeted less often, but when they fall victim, the dollar amounts are very high. They have their whole life savings at stake.” — Lisa Plaggemier “We've got in a lot of organizations, fraud teams that don't talk to security teams that don't talk to trust and safety teams. And so if you're still siloed in your organization, I think the call to action here is that that all needs to be seen as one.” — Lisa Plaggemier Relevant Links and Resources Guest Bio Lisa Plaggemier is Executive Director of the National Cybersecurity Alliance, where she leads efforts to make cybersecurity practical and accessible. She describes herself as “on a crusade to eliminate stock photos of hackers in hoodies,” underscoring her focus on real-world education over clichés. A former Ford Motor Company marketing executive, she now serves on the U.S. Secret Service Cyber Investigations Advisory Board and is based in Austin, Texas. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38409665

To the Point: The Under the Radar Risk of Letting Counter-Drone Authorities Expire with Matt Hayden 09/29/2025

Inside CISA Cuts, ODNI Shifts, and Spyware Threats with Federal News Network's Justin Doubleday 09/23/2025

Inside CISA Cuts, ODNI Shifts, and Spyware Threats with Federal News Network's Justin Doubleday What happens when the federal cyber workforce shrinks just as threats are multiplying? In this episode, Federal News Network’s Justin Doubleday joins host Frank Cilluffo to unpack the turbulence facing government agencies. They examine the mass departures at CISA, the controversial firings under DHS’s Cyber Talent Management System, and the looming risks of dismantling ODNI’s cyber intelligence hub. Doubleday also shares a chilling story of how El Chapo’s cartel used spyware and hacked city cameras to compromise FBI operations in Mexico—underscoring the new reality of ubiquitous surveillance. The conversation closes with a look at the Pentagon’s long-awaited CMMC rollout, Treasury’s “Do Not Pay” database, and the broader challenge of protecting both privacy and security in a digital age. Main Topics Covered Why CISA lost a third of its workforce and what that means for U.S. cyber defense How probationary firings under DHS’s Cyber Talent Management System shook trust in federal hiring The implications of ODNI shutting down its cyber intelligence integration center amid deep budget cuts Proposals in Congress to speed up security clearances and retain cleared talent longer A chilling account of how El Chapo’s cartel hacked FBI operations using spyware and city surveillance What the rollout of DoD’s CMMC rules will mean for defense contractors and future cyber regulations How Treasury’s “Do Not Pay” database ties into fraud prevention, privacy concerns, and the future of digital identity Key Quotes “A lot of [the departed federal cyber workforce is] on the books until October 1st and so we're kind of waiting to see exactly how many folks left and where the dust kind of settles as we get into the fall.” – Justin Doubleday “The probationary firings certainly cast a little bit of a negative light on the idea of joining the Cyber Talent Management System, because… you could be fired with a snap of a finger.” – Justin Doubleday “Commercial spyware is much more easily accessible for a range of groups and individuals. And it's almost impossible to detect when spyware has gotten onto a phone of an individual, even for a cyber expert.” – Justin Doubleday “I think there's concern that [with ODNI shutting down CTIIC] you're now going to go back to a situation where you have disparate views kind of bubbling up from across the intelligence community and you don't have that single source of truth at the top that's helping to sort things out for leaders.” – Justin Doubleday “As it goes with technology and cybersecurity, things are often nice to have until they're necessary.” – Justin Doubleday Relevant Links and Resources Cyber pay in government is as fragmented as ever CISA at a crossroads amid workforce cuts, pause, partnerships Security clearance reforms advancing in 2026 defense bill How a hacker for El Chapo illustrates existential counterintelligence threats Grand odyssey of CMMC nearing implementation OMB directs agencies to address Do Not Pay data gaps Guest Bio Justin Doubleday is a reporter for Federal News Network covering cybersecurity, intelligence, and technology policy. He tracks how federal agencies and lawmakers address evolving digital threats, insider risks, and the intersection of policy, procurement, and national security. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38326930

Why State and Local Cyber Grants Matter with New Jersey's Michael Geraghty and Arizona's Ryan Murray 09/16/2025

Why State and Local Cyber Grants Matter with New Jersey's Michael Geraghty and Arizona's Ryan Murray Congress faces a looming deadline to renew the State and Local Cybersecurity Grant Program (SLCGP), a federal initiative that helps states and municipalities defend against cyberattacks. In this episode, Frank Cilluffo speaks with New Jersey CISO Michael Geraghty and Arizona CISO Ryan Murray about how these grants are making a measurable difference on the ground. They detail how investments are protecting communities from ransomware, building out shared services, and training the next generation of cyber talent. The conversation underscores the urgency of continued funding to sustain trust, prevent losses, and strengthen the interconnected fabric of U.S. cyber defense. Main Topics Covered Explain why renewing the State and Local Cybersecurity Grant Program (SLCGP) is urgent. Show how federal grants reduce ransomware risk and generate measurable ROI. Use Arizona’s student-led SOCs to highlight workforce development and shared services. Describe New Jersey’s statewide approach to defending municipalities. Weigh the stakes of eroding trust and services if funding lapses. Explore the broader “one team, one fight” vision linking local, state, and federal defense. Key Quotes: “In the last year, that [endpoint detection] program stopped 179 ransomware attacks…for a $5 million investment, potential loss avoidance is about $45 million.” - Michael Geraghty “We're using some of those funds to hire interns as part of our workforce development effort. So we're deploying student-led regional security operations centers in partnership with our community colleges across the entire state [of Arizona].” – Ryan Murray “We’re all interconnected, right. Our cities connect to our county governments, connect to our state governments, and we connect to our federal partners. But unfortunately, our defenses have these seams, they have these gaps where we’re not so integrated in our defenses and our information sharing.” – Ryan Murray “There is no one organization that is going to be able to defend themselves against nation state actors, cyber terrorist organizations, transnational criminal groups, and even the hacktivists or low level hackers. But when we team up together through a strategy that again maximizes our resources, that’s when we become that much stronger.” - Michael Geraghty “One team, one fight, easier said than done. I think we all know that, but it’s challenging.” – Frank Cilluffo Relevant Links and Resources Guest Bios: Ryan Murray serves as Chief Information Security Officer for the State of Arizona. He previously served as CISO for the Arizona Department of Revenue and has nearly 20 years of IT and security experience. Michael Geraghty is New Jersey’s State Chief Information Security Officer and Director of the NJ Cybersecurity and Communications Integration Cell (NJCCIC). He has held senior cybersecurity roles in both the public and private sectors, including the New Jersey State Police and Prudential Financial /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38239785

Countering Ransomware, CISA 2015, and Active Cyber Defense with Cynthia Kaiser 09/09/2025

Countering Ransomware, CISA 2015, and Active Cyber Defense with Cynthia Kaiser Overview Cybersecurity threats are growing more complex as ransomware gangs, nation-states, and criminal networks converge. In this episode, Frank Cilluffo speaks with Cynthia Kaiser, senior vice president at Halcyon and former deputy assistant director for cyber at the FBI. They discuss the looming risk if Congress fails to reauthorize the Cybersecurity Information Sharing Act of 2015, the evolution of ransomware as both a business model and geopolitical weapon, and how industry must play a bigger role in active defense. Kaiser also explains the indiscriminate reach of Chinese espionage campaigns and the urgent need to define national red lines in cyberspace. Together, they outline why collaboration, innovation, and trust are essential to future cyber resilience. Main Topics Covered Halcyon Ransomware Research Center launch FBI lessons from major takedowns Cybersecurity Information Sharing Act stakes Ransomware and nation-state espionage Active defense and industry roles Balancing disclosure and attribution FBI of tomorrow and AI Red lines in cyberspace Key Quotes “If CISA 2015 lapses, companies may be less inclined or may be less able to share information with the government… And then America would be in the dark.” – Cynthia Kaiser (~07:37) “There's not one action that's going to stop Putin from cybering… And industry has such a critical role.” – Cynthia Kaiser (~11:04) “As a mom… the Chinese government now has information about who [kids] called, where they were, how long the call was… It really shows that the Chinese government is indiscriminate.” – Cynthia Kaiser (~22:45) “[Ransomware is] an ecosystem of businesses… And so broadening and being able to conduct more of these proactive active defense operations against criminal groups would have a really great effect.” – Cynthia Kaiser (~16:02) “[Washington] should really just be asking ‘What are our red lines today, and have we already gone over them?’” – Cynthia Kaiser (~32:16) Relevant Links and Resources Fortune op-ed: Guest Bio Cynthia Kaiser is the Senior Vice President of Halcyon’s Ransomware Research Center and former Deputy Assistant Director of the FBI’s Cyber Division. She led cyber policy, intelligence, and engagement efforts at the Bureau and played a key role in disrupting major ransomware groups like LockBit and Qakbot. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38145625

Sen. Gary Peters Sounds the Alarm on CISA 2015 Renewal, Cyber Budget Cuts, and Local Defense Gaps 09/02/2025

Sen. Gary Peters Sounds the Alarm on CISA 2015 Renewal, Cyber Budget Cuts, and Local Defense Gaps Congress is back from August recess with just weeks to act on vital national issues. One key deadline: reauthorizing the 2015 law that shields companies when they share threat intelligence with the federal government. In this episode, Senator Gary Peters (D-MI) joins host Frank Cilluffo to explain why renewing CISA 2015 is essential to national security, how one senator is holding up progress, and what listeners can do about it. The conversation also covers Peters’ push to cut red tape for cyber professionals, shore up state and local defenses, and close critical workforce gaps before it’s too late. Main Topics Covered Urgent need to renew CISA 2015 liability protections Misinformation and confusion around CISA’s mission Importance of cyber grant funding for state and local governments Regulatory burdens facing cyber professionals and the need for harmonization Federal cyber workforce recruitment and retention Key Quotes “We only have a few weeks and [CISA 2015] will expire, and that will be catastrophic for our ability to protect against all the bad guys that are out there.” – Sen. Gary Peters “Trust is everything. And if you don't have [CISA 2015], we go back to the environment we had before where there was a lack of trust… once you lose trust, it's really hard to get it back.” – Sen. Gary Peters “Sometimes our cyber professionals spend 40, 50, 60% of their time doing paperwork and checking boxes. That makes no sense.” – Sen. Gary Peters “You actually end up saving money by investing in this kind of protection [state and local cyber grants]. And at a time when we're running record deficits that are going to increase, we've got to be thinking about being smart… and actually bringing down the cost of what would happen with a cyber attack.” – Sen. Gary Peters “If we don't protect our weakest links, it doesn't matter how good you are at the top—you’re going to have some serious problems.” – Sen. Gary Peters Relevant Links and Resources Guest Bio Sen. Gary Peters is Ranking Member of the Senate Homeland Security and Governmental Affairs Committee and a nationally recognized leader on cybersecurity policy. A Navy Reserve veteran and former financial executive, he has shaped major legislation on homeland security, cybersecurity, and critical infrastructure—with more bills signed into law than any other senator in a recent session. He also serves on the Appropriations, Armed Services, and Commerce Committees. /episode/index/show/259c9a54-bf3b-46b9-84e1-e114ffa39095/id/38060295

Cyber Focus: Cybersecurity, National Security, and Critical Infrastructure

TOPICS