Cyber Focus: Cybersecurity, National Security, and Critical Infrastructure

Frank Cilluffo / McCrary Institute
  • 5.0 (18)
  • GOVERNMENT
  • UPDATED WEEKLY

As cyber threats evolve faster than policy, Cyber Focus delivers executive-level briefings on cybersecurity, national security, and critical infrastructure. From the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, host Frank Cilluffo speaks with senior leaders across government, industry, and the intelligence community about ransomware, state-sponsored threats, AI, and the systems we all rely on—energy, water, telecom, and supply chains. Each episode focuses on real-world risk tradeoffs and practical steps organizations can take to strengthen resilience.

  1. The Regulatory Shift: How CIRCIA and NIST are Redefining Cyber Defense with Sara Friedman

    1D AGO · VIDEO

    The Regulatory Shift: How CIRCIA and NIST are Redefining Cyber Defense with Sara Friedman

    Cyber incident reporting is about to become mandatory for much of critical infrastructure—and the details are where the fight is. On February 26th, Frank Cilluffo spoke with Inside Cybersecurity managing editor Sara Friedman about CIRCIA's proposed reporting rules, what industry says is overbroad, and why the 72-hour clock is hard in the real world. They also dig into overlap with other federal requirements, CISA's capacity to execute the rulemaking, and what "getting it right" means for public-private trust. The conversation then pivots to NIST, AI agent standards, and how Washington is balancing innovation, security, and competitiveness. Main Topics Covered What CIRCIA is designed to do. Who's covered and what counts as reportable. The practical challenge of determining incident facts within 72 hours. Duplication concerns across rules, including SEC cyber disclosure timelines. Whether CISA has the staffing and leadership capacity to deliver. NIST's role in AI agent standards and broader cyber "rules of the road." Key Quotes "CISA was supposed to have voluntary partnerships… And with this new role, CISA is moving into more of a regulator role." —Sara Friedman "This rulemaking, when it was put out, it's over 400 pages. There's a lot in there." — Sara Friedman "House Homeland Security Chairman Andrew Garbarino threatened to, if the rulemaking does not meet congressional intent…to potentially roll this back." — Sara Friedman "When there's a large attack on critical infrastructure, it just seems to wake up lawmakers in some ways that they need to be able to do something." —Sara Friedman "They've shed about a third of their workforce…One of the questions is, does CISA have the capacity that they need for this rulemaking and to do it effectively? —Sara Friedman Relevant Links and Resources CIRCIA town halls scheduled for March: https://insidecybersecurity.com/share/17759 When the CIRCIA NPRM was published: https://insidecybersecurity.com/share/15688 RSA 2024 panel on the rulemaking: https://insidecybersecurity.com/share/15832 NIST launches AI Agent Standards initiative: https://insidecybersecurity.com/share/17775 NIST AI security request for information: https://insidecybersecurity.com/share/17654 NIST work on an AI profile for the Cybersecurity Framework: https://insidecybersecurity.com/daily-news/stakeholders-weigh-ai-considerations-cybersecurity-nist-workshop-draft-framework-profile Guest Bio Sara Friedman is the managing editor of Inside Cybersecurity and has covered federal cybersecurity policy for years, including CIRCIA, NIST standards, and related rulemakings.

    26 min
  2. Deepfakes & Laptop Farms: How Nation-States Infiltrate the Defense Supply Chain with Luke McNamara

    FEB 24 · VIDEO

    Deepfakes & Laptop Farms: How Nation-States Infiltrate the Defense Supply Chain with Luke McNamara

    Cyber threats against the Defense Industrial Base (DIB) don't stop at the battlefield—they extend into suppliers, perimeter devices, and even hiring pipelines. Luke McNamara of Google's Threat Intelligence Group joins Frank Cilluffo to unpack Mandiant's report Beyond the Battlefield: Threats to the Defense Intelligence Base and the patterns it flags across today's threat landscape. They discuss how the war in Ukraine is shaping targeting priorities, why China's cyber espionage increasingly begins at the network edge, and how "fast follower" exploit cycles compress patch timelines. McNamara also explains the North Korean IT worker problem, where remote hiring fraud can create both revenue and potential access pathways. The takeaway for mid-sized defense suppliers is practical: harden identity, reduce perimeter exposure, and assume meaningful risk often starts outside traditional corporate visibility. Main Topics Covered Why manufacturing remains a top target and a warning sign for broader supply-chain risk How the war in Ukraine is influencing cyber targeting tied to drones and UAS ecosystems China's focus on edge-device compromise (VPNs, routers, email gateways) and why it matters The "fast follower" dynamic that turns one vulnerability into many intrusions North Korean IT worker operations, remote hiring fraud, and AI-enabled deception The highest-leverage defensive priorities for DIB organizations, especially identity and MFA Key Quotes "Manufacturing is always the most targeted sector going back to 2020. And I think that's a larger canary in the coal mine." ­­— Luke McNamara "It's not just some of these top-tier Chinese APT actors and their ability to leverage these as a zero-day, but the ability for secondary groups, once some of the details leak around a particular vulnerability, to start weaponizing it themselves." — Luke McNamara "If I had to narrow it down to one category to put more resources to, I would say identity…hardening around the identity piece is certainly key." — Luke McNamara "Organizations that are more aware of [the North Korean IT worker infiltration], where the security teams have met with their HR folks, their recruiters, helped inform them about the nature of these threats, I think they're a little bit better secured." — Luke McNamara "It sounds more like a movie than reality, but it's happening." — Frank Cilluffo Relevant Links and Resources Mandiant report — Beyond the Battlefield: Threats to the Defense Intelligence Base Mandiant podcast — Defenders Advantage Guest Bio Luke McNamara is a Deputy Chief Analyst at Google Cloud's Mandiant Intelligence and part of Google's Threat Intelligence Group, focused on cyber threat trends and emerging risks.

    26 min
  3. Botnets, Edge Devices, and AI: Inside Forescout's Threat Findings with Daniel dos Santos

    FEB 17 · VIDEO

    Botnets, Edge Devices, and AI: Inside Forescout's Threat Findings with Daniel dos Santos

    A new wave of cyberattacks is being routed through everyday devices—and defenders can't rely on old assumptions about geography or "known bad" infrastructure. Daniel dos Santos, VP at Vedere Labs (Forescout), walks through findings from their 2025 Threat Roundup, drawn from a global network of hundreds of honeypots and decoy systems. The conversation focuses on why web-facing systems and edge devices have become prime targets, how attackers hide inside cloud and ISP-managed networks, and what defenders can do earlier in the kill chain. Dos Santos also explains why many exploited vulnerabilities never appear on CISA's KEV list—and how security teams should think about patching and risk anyway. Main Topics How honeypots reveal attacker intent across IT, IoT, and OT environments. Why attacks increasingly come from ISP-managed networks and consumer devices. Cloud and "benign" services used to blend in and evade traditional filters. Why distributed botnets weaken country-based blocking for defenders. The rise of web-facing exploitation and the shift away from stolen passwords. Edge devices, OT exposure, and why "discovery" dominates post-breach activity. Key Quotes "We have hundreds [of honeypots] throughout the world. Some of them are simulations… Some of them are real devices… we expose them with the intention of seeing them attacked." — Daniel dos Santos "Home routers, but also home IP cameras or doorbells or solar inverters or…whatever it is that you have in your house that might be exposed to the internet and might be vulnerable can be these days recruited into a botnet." — Daniel dos Santos "Attackers…have figured out that when you find a zero-day in a popular router or a popular firewall or a popular VPN appliance, you can really go against thousands and thousands of organizations." — Daniel dos Santos "With one zero-day or one critical exploit, you can compromise thousands of organizations today." — Daniel dos Santos "But what we do see in the signals that we see there and what we present in the report is that there is a whole world of vulnerabilities being exploited." — Daniel dos Santos Relevant Links and Resources https://www.forescout.com/research-labs/2025-threat-roundup/ https://www.forescout.com/blog/anatomy-of-a-hacktivist-attack-russian-aligned-group-targets-otics/ About the Guest: Daniel dos Santos is the VP of Research at Forescout Research — Vedere Labs, where he leads a team of researchers that identifies new vulnerabilities and monitors active threats. He holds a PhD in computer science, has published over 35 peer-reviewed papers, has found or disclosed hundreds of CVEs — and is a frequent speaker at security conferences.

    33 min
  4. Storms, Cyber, and the Fight to Keep the Lights On with Scott Aaronson

    FEB 10 · VIDEO

    Storms, Cyber, and the Fight to Keep the Lights On with Scott Aaronson

    Grid resilience has become a test of whether the U.S. can keep essential systems running through disruption—and recover fast when they don't. In this episode, Frank Cilluffo talks with Scott Aaronson about how the electric power sector plans for and responds to an "all-hazards" landscape, from major storms to cyber and physical attacks. Aaronson explains why the grid is a "network of networks" with a huge attack surface but few true single points of failure, and how mutual assistance became a national-scale capability. They also dig into interdependencies across "lifeline" sectors, the practical reality of IT/OT differences, and why surging demand—from AI and data centers to EVs and reshoring—raises urgent reliability and supply chain questions. Main Topics Covered Why electricity is consumed the moment it's produced—and why balance matters. How mutual assistance evolved from bilateral help to national-scale response. Lessons from severe weather events, including what makes ice storms uniquely hard. The IT vs. OT gap, and why operational tech changes the cyber playbook. Interdependencies: why adversaries can hit electricity by targeting other sectors. Rising demand and the push to rebuild domestic manufacturing capacity for grid equipment. Key Quotes "Electricity is the only commodity that is consumed at the moment it is produced." – Scott Aaronson "[Power companies] are competitive in some ways, but we are completely non-competitive when it comes to security, when it comes to resilience, when it comes to response and recovery." – Scott Aaronson "I don't really care if it is a storm or a pandemic or a cyber or physical attack or the zombie apocalypse… The impact is what matters." – Scott Aaronson "The adversary is not attacking the electric sector. They are attacking the United States." – Scott Aaronson "The first 72 are on you… Have food, have water, have a plan, be prepared. The cavalry is coming." – Scott Aaronson "Regulations are great, but they are a foundational level of security… if you mandate… a 10-foot fence… the adversary brings a 12-foot ladder." – Scott Aaronson Relevant Links and Resources Edison Electric Institute (EEI) Electricity Subsector Coordinating Council (ESCC) CRISP (Cyber Risk Information Sharing Program) STEP (Spare Transformer Equipment Program) ESF-12 (Emergency Support Function 12 – Energy) About the Guest Scott Aaronson is Senior Vice President for Energy Security and Industry Operations at Edison Electric Institute (EEI) and Secretary of the Electricity Subsector Coordinating Council (ESCC), serving as a key industry-government liaison on power-sector security and preparedness.

    45 min
  5. How Apple's iPhone Supply Chain Built China into a Manufacturing Superpower with Patrick McGee

    FEB 3 · VIDEO

    How Apple's iPhone Supply Chain Built China into a Manufacturing Superpower with Patrick McGee

    Supply chains are essential infrastructure—and the iPhone's supply chain sits at the center of U.S.–China competition. As Washington reassesses economic security, this episode explores what it looks like when market incentives collide with geopolitical reality. Frank Cilluffo speaks with Patrick McGee, author of Apple in China, about his reporting on Apple's deep manufacturing reliance on China—and what that reveals about leverage, resilience, and risk. They explore how industrial capacity is built through repetition, why diversification is harder than headlines suggest, and how concentrated production creates choke points that can ripple far beyond consumer tech. The result is a clear, practical case study in why supply chains matter for critical infrastructure, national security, and long-term competition. Main Topics Covered How "learning by doing" powered China's rise in high-end electronics manufacturing The "epic transfer of technology" behind Apple's scale and China's supply-chain competence Xi Jinping's post-2013 pressure campaign and Apple's strategic recalibration in China Why supply-chain diversification is slower than headlines suggest, especially in India The "red supply chain" and how Apple suppliers became capability multipliers Taiwan/TSMC as a single-point-of-failure risk—and the AI chip-export debate it echoes Key Quotes "China isn't dependent on Apple in the way that Apple is inarguably dependent on China. My big worry in a certain sense is that the student has become the master." — Patrick McGee "If you just take the $55 billion that they invested in 2015 alone, which was 22% of revenue … and just go from let's say the birth of the iPhone 2007–2025, you're talking about a trillion dollars that Apple's invested in China." — Patrick McGee "None of those phones are really being made in India, they're just being assembled there. The joke that one manufacturing design engineer told me was that the phones are assembled in China, disassembled in China and sent to India for reassembly." — Patrick McGee "Our narrative is essentially that Apple exploits Chinese workers. In a certain sense, that's the only narrative about Apple in China we've had in the past two decades. And I flip that on its head…[China is] getting more out of the relationship. It's a story about China exploiting Apple. — Patrick McGee "I think there still is a mindset that China is an imitator, not an innovator. I think we should recognize that… is not the case." — Frank Cilluffo Relevant Links and Resources Apple in China (Patrick McGee's book) McCrary Institute' Code Red report on "Typhoon" threat actors (Vault/Salt/Flax) Anthropic's Dario Amodei's essay: "The Adolescence of Technology" Guest Bio Patrick McGee is a Financial Times journalist and the author of Apple in China, covering geopolitics, technology, and global supply chains.

    42 min
  6. AI, Critical Infrastructure, and Cascading Failures with Madison Horn

    JAN 27 · VIDEO

    AI, Critical Infrastructure, and Cascading Failures with Madison Horn

    Madison Horn joins host Frank Cilluffo to explain why AI-driven cyber risk may be quieter, faster, and harder to spot in 2026. She breaks down "cascading failures" in critical infrastructure—and how a disruption in one sector can quickly ripple into others. The conversation zeroes in on AI agents, especially their ability to create new user accounts, get access to systems, and hide inside everyday routine activity. Horn also warns that AI supply chain weaknesses could spread faster than traditional zero-days.   Main Topics Covered  Why AI-enabled attacks may look like normal business activity.  Cascading failures across water, power, telecom, and healthcare systems.  AI agents creating identities and operating with "human-like" access.  Why "AI supply chain" risk could eclipse zero-day exploits.  "Slow and steady" AI adoption for critical infrastructure operators.  Why quantum planning should happen alongside today's AI rollouts.   Key Quotes "Within critical infrastructure… water needs electricity, electricity needs telcos, and healthcare needs all three." —Madison Horn "Hackers are lazy. And I mean that not to be offensive, but if you can reach your objective, reaching the lowest hanging fruit, then you're going to." —Madison Horn "Attacks are not going to look as restricting and as loud. I think it's going to look just like business as normal until we see [impacts] in the physical world." — Madison Horn "What I worry about is people assuming and trusting that an AI tool is doing what it's supposed to and not necessarily understanding or being able to detect that it's doing something malicious." — Madison Horn "I just don't want quantum to get lost into the AI conversation." — Madison Horn Relevant Links and Resources Madison Horn's 2026 predictions (Nextgov) About the Guest  Madison Horn is the national security and critical infrastructure chief advisor at World Wide Technology, with 15+ years leading cyber strategy and incident response in high-consequence, regulated environments. She previously held senior roles at Siemens Energy, PwC, and Accenture Security, and founded Roserock Advisory Group focused on cybersecurity and geopolitics.

    39 min
  7. Cyber Leadership, Workforce Morale, and the House Email Breach with Nextgov's David DiMolfetta

    JAN 20 · VIDEO

    Cyber Leadership, Workforce Morale, and the House Email Breach with Nextgov's David DiMolfetta

    CISA leadership, NSA/Cyber Command staffing, and offensive cyber operations are colliding early in 2026. Frank Cilluffo and reporter David DiMolfetta unpack Sean Plankey's renomination for CISA Director, and what a prolonged leadership vacuum can mean for agency direction and momentum. They then turn to Lt. Gen. Rudd's confirmation hearing and the evolving debate over the Title 10/Title 50 "dual hat." The conversation also examines morale and workforce pressures inside NSA, including reported staffing reductions. It closes with "Absolute Resolve," what public discussion of cyber "effects" might signal for deterrence, and a China-linked House staff email breach that frames what Molfetta is watching next.  Main Topics Covered What Sean Plankey's CISA renomination signals about cyber leadership priorities. Why "core mission" talk at CISA still depends on who's in charge. Lt. Gen. Rudd's hearing, and how the dual-hat debate is evolving. NSA morale and workforce cuts, and what that means for capability. "Absolute Resolve," cyber effects, and the deterrence value of public signaling. House staff email targeting, Salt Typhoon questions, and the midterms-AI threat mix. Key Quotes "Cisa's work does not stop. That said, if you don't have a permanent leader in place, you don't have a guy to set direction, and things can't really go anywhere." — David DiMolfetta "When you don't have people at their desks [because of workforce reductions], that means they may not be tracking adversaries, they may not be doing that work to cultivate relationships with sources on a kind of human intelligence style level. — David DiMolfetta "[In Venezuela] lights went off, but they also went back on." — David DiMolfetta "Authority, accountability, and resources — I found those to be the three criteria to get things done in D.C." — Frank Cilluffo Relevant Links and Resources David DiMolfetta's stories at Nextgov.com Guest Bio: David DiMolfetta covers cybersecurity for Nextgov. Previously, he researched The Cybersecurity 202 and The Technology 202 newsletters at The Washington Post and covered AI, cybersecurity and technology policy for S&P Global Market Intelligence. He holds a BBA from The George Washington University and an MS from Georgetown University.

    33 min
  8. The Hammer and the Anvil: Offensive Cyber Strategy with Chris Inglis

    JAN 13 · VIDEO

    The Hammer and the Anvil: Offensive Cyber Strategy with Chris Inglis

    Chris Inglis joins Frank Cilluffo to break down what offensive cyber strategy should look like in an era of strategic competition. Drawing from the McCrary Institute's new report on U.S. cyber policy, Inglis argues that resilience and consequences are not competing theories—they have to work together. He explains why "defend forward" and persistent engagement reshaped authorities and expectations after 2018, including how NSPM-13 changed delegation for operations. The conversation also tackles the messy seam between Title 10 and Title 50 in cyberspace, and why integration—not exquisite tools—will decide whether cyber power is truly strategic. Main Topics Covered Why offense and resilience must operate as one integrated cyber strategy Cyber deterrence as changing an adversary's decision calculus, not perfection How NSPM-13 helped shift delegation and operational tempo in 2018 What "defend forward" means in plain terms—and why it's defensive Blurring of Title 10 and Title 50 in cyberspace—and why that matters The warning: the U.S. is behind on integrating cyber with power Key Quotes "My view is that the discussion of whether it's going to be a focus on defense kind of inherent resilience or a focus on imposing consequences is a false choice." — Chris Inglis "But when you get to cyberspace, it turns out that the Title 50, which is trying to get information from cyberspace, and the Title 10, which is trying to actually achieve effects in cyberspace, are about 90% the same." — Chris Inglis "[With defend forward] We're not going to wait onshore for [malicious cyber activity] to arrive and then kind of cede the initiative to adversaries." — Chris Inglis "What keeps me awake at night? We don't have time. We're way behind the curve." — Chris Inglis Relevant Links and Resources McCrary Institute report — U.S. Cyber Policy: Offense, Deterrence, and Strategic Competition Guest Bio Chris Inglis is the former U.S. National Cyber Director and former NSA Deputy Director, with decades of experience in national security and cyber policy.

    33 min
See All (113)

Trailer

5
out of 5
18 Ratings

About

As cyber threats evolve faster than policy, Cyber Focus delivers executive-level briefings on cybersecurity, national security, and critical infrastructure. From the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, host Frank Cilluffo speaks with senior leaders across government, industry, and the intelligence community about ransomware, state-sponsored threats, AI, and the systems we all rely on—energy, water, telecom, and supply chains. Each episode focuses on real-world risk tradeoffs and practical steps organizations can take to strengthen resilience.

Information

You Might Also Like