Cyber Focus: Cybersecurity, National Security, and Critical Infrastructure

Frank Cilluffo / McCrary Institute

As cyber threats evolve faster than policy, Cyber Focus delivers executive-level briefings on cybersecurity, national security, and critical infrastructure. From the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, host Frank Cilluffo speaks with senior leaders across government, industry, and the intelligence community about ransomware, state-sponsored threats, AI, and the systems we all rely on—energy, water, telecom, and supply chains. Each episode focuses on real-world risk tradeoffs and practical steps organizations can take to strengthen resilience.

  1. Ukraine, Private Sector Power, and Cyber Defense with Greg Rattray

    6H AGO ·  VIDEO

    Ukraine, Private Sector Power, and Cyber Defense with Greg Rattray

    Ukraine's cyber defense has become one of the clearest real-world tests of what resilience actually looks like under sustained attack. In this episode of Cyber Focus, Greg Rattray explains why Ukrainian defenders held up better than many expected, and what their experience reveals about the limits of prevention, the value of shared visibility, and the growing operational role of the private sector. Drawing on his work leading the Cyber Defense Assistance Collaborative, Rattray argues that exposing adversary activity across a more "brightly illuminated cyberspace" helped blunt Russia's offensive advantage. But the larger lesson is not just about threat visibility. It is about recovery, adaptability, and trust: teams under pressure need tools they already know how to use, leaders need to plan for bad days, and governments need to make room for industry to do more than simply wait for direction. Main Topics Covered The "bright room" concept in cyber defense Why resilience matters more than perfect prevention Familiar tools vs. cutting-edge tech in crisis The private sector's front-line role How cyber, EW, and drones are converging Key Quotes: "It's pretty hard to do cyber offense in a bright room, in a dark room, it's a lot easier. But like what we've done here is give the Ukrainians the position that the Russian attacks are trying to occur in a pretty brightly illuminated cyberspace." — Greg Rattray "Kyivstar, [Ukraine's] major telecommunications provider, got leveled in December of 2023. I thought they would be out for weeks. Two days later they were back up and running." — Greg Rattray "The speed at which drones have to change in order to stay survivable and effective; these innovation cycles are weeks, not years." — Greg Rattray "While the NIST cybersecurity framework talks about respond and recover, the amount of energy that goes into resilience is still to my mind, under thought, under exercised, [and] under invested in." — Greg Rattray "The notion that you're going to be targeted has to be part of your risk calculus. And therefore you even with a good team... you cannot guarantee you won't have a bad day." — Greg Rattray Links/Resources Cyber Defense Assistance Collaborative: https://crdfglobal-cdac.org Guest Bio:  Dr. Greg Rattray is Chief Strategy and Risk Officer at Andesite and Executive Director of the Cyber Defense Assistance Collaborative (CDAC), which has facilitated more than $30 million in voluntary cyber defense support to Ukraine. He previously served as J.P. Morgan Chase's Global CISO and Head of Global Cyber Partnerships, and spent 23 years in the U.S. Air Force, including as the National Security Council's Director for Cybersecurity.

    34 min
  2. Transatlantic Reset: Private Sector Diplomacy & Digital Trust with Sébastien Garnault

    MAR 24 ·  VIDEO

    Transatlantic Reset: Private Sector Diplomacy & Digital Trust with Sébastien Garnault

    Overview Transatlantic cyber cooperation is being tested by political strain, regulatory divergence, and competing ideas about sovereignty, trust, and market access. In this episode of Cyber Focus, Sébastien Garnault argues that if the United States and Europe want to keep working together on security, they need to move quickly to make that cooperation practical, especially in critical infrastructure and digital markets. Speaking from a French private-sector perspective, Garnault makes the case that governments alone may not be able to repair or sustain that cooperation at the speed the moment requires. He points instead to private-sector partnerships, shared market incentives, and clearer language around security standards as possible ways to keep the transatlantic relationship workable even when public-sector trust is under pressure. The conversation also explores how Europe and the United States differ on clean versus trusted technology stacks, how threat perceptions shape national requirements, and how privacy, AI, and data localization debates can either strengthen or complicate cooperation. The conversation was recorded on February 11, 2026. Main Topics Covered Private-Sector Cooperation as a Strategic Bridge: Why Garnault believes business-to-business cooperation may move faster than government-to-government diplomacy when trust is strained. Clean Stack vs. Trusted Stack: How U.S. national-security thinking and EU market-standard thinking create different paths for defining who can participate in secure digital markets. Threat Perception and Market Access: How geography, history, and national priorities shape security requirements across Europe and affect access to critical infrastructure markets. Trust, Sovereignty, and the Transatlantic Reset: Why Garnault sees damaged trust as a real obstacle, and why he argues for a reset rather than a rupture in U.S.-European cyber cooperation. Privacy, AI, and Data Localization: How French and European views on privacy, regulation, and AI governance differ from those in the United States, and why those differences matter for security and interoperability. Key Quotes "Maybe what we've done in the last decade and what we will do in the next decade don't belong from government but belongs to us." — Sébastien Garnault "We can do a reset; we cannot afford a reboot." — Sébastien Garnault "The damages that have been done in our trust, mutual trust, are very deep. So we need to fix it quickly." — Sébastien Garnault "The best way for us to cooperate with our allies is to use the market because the market is less political than national security." — Sébastien Garnault "From my standpoint, the glue that binds us together is much greater than anything that can tear us apart." — Frank Cilluffo Links/Resources CyberTaskForce: https://www.cybertaskforce.fr/ Paris Cyber Summit: https://www.paris-cyber-summit.com/ Guest Bio Sébastien Garnault is the founder of the CyberTaskForce and president of the Paris Cyber Summit. He joined Cyber Focus while in Washington leading a French delegation meeting with U.S. policymakers, industry leaders, and other decision-makers, and spoke in a private-sector capacity rather than on behalf of the French government.

    35 min
  3. Keeping the Lights On in the AI Era with DOE's Alex Fitzsimmons

    MAR 17 ·  VIDEO

    Keeping the Lights On in the AI Era with DOE's Alex Fitzsimmons

    Electricity demand is surging—and DOE's Alex Fitzsimmons argues that the country's ability to "keep the lights on" is now inseparable from how fast we can expand energy infrastructure, how we manage affordability, and how seriously we treat security. In this conversation with Frank Cilluffo, Fitzsimmons, the Acting Under Secretary of Energy and Director of the Office of Cybersecurity, Energy Security, and Emergency Response (CESER), frames "energy dominance" as a practical governing problem: meet rapid load growth (including from AI and data centers), avoid reliability shortfalls, and do it in a way that doesn't push unacceptable costs onto everyday Americans. Main Topics Covered AI- and data center-driven demand growth Affordability and "ratepayer protection" Resource adequacy and reliability risk OT security and critical infrastructure stakes Supply chain risk and security vs speed Key Quotes "Privacy, data breaches, all of these things are important. They matter. They matter. But OT matters more. Keeping the lights on matters more." — Alex Fitzsimmons "These tech companies recognize that for their technology to be politically and economically viable, that the American people cannot be shouldered with the burden of new data centers." — Alex Fitzsimmons "We were set to lose 100 gigawatts of reliable dispatchable generation by 2030, at the same time that we may need to build 100 gigawatts of generation and associated infrastructure to win the AI race." — Alex Fitzsimmons "We have to [build supply] securely. So we can't sacrifice security for speed." — Alex Fitzsimmons "[AI-FORTS] is focused on 3 things: secure the energy system from AI, secure it with AI, and secure the AI itself." — Alex Fitzsimmons Relevant Links and Resources DOE's CESER Office DOE's Genesis Mission  DOE 2025 resource adequacy report NERC; RTOs and ISOs (mentioned in the episode; link not provided) Guest Bio Alex Fitzsimmons serves in the Trump Administration as the Acting Under Secretary of Energy at the U.S. Department of Energy (DOE), where he spearheads DOE's energy dominance mission and oversees a broad portfolio of offices advancing affordable, reliable, and secure energy for the American people. He also serves as Director of DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER), leading efforts to safeguard the nation's energy infrastructure against evolving cyber and physical threats and strengthen resilience across critical energy systems.

    38 min
  4. Deterrence and the New Cyber Strategy with White House National Cyber Director Sean Cairncross

    MAR 12 ·  VIDEO

    Deterrence and the New Cyber Strategy with White House National Cyber Director Sean Cairncross

    Cyber deterrence has long lagged behind the threat. In this special episode of Cyber Focus recorded on March 11, 2026, White House National Cyber Director Sean Cairncross argues that the United States can no longer afford a posture built mainly around resilience and response while adversaries, criminal groups, and state-backed proxies operate at low cost and low risk. He presents President Trump's new National Cyber Strategy as an effort to change that calculus by aligning government policy, offensive and defensive capabilities, industry partnership, and international coordination around a more forward-leaning approach. The conversation walks through the strategy's six pillars, from shaping adversary behavior and streamlining regulation to modernizing federal systems, securing critical infrastructure, protecting U.S. technological advantage, and expanding the cyber workforce. Cairncross emphasizes a core theme throughout: private companies should not be left to fend for themselves against foreign intelligence services and military-linked actors, and government must do more to impose cost, remove friction, and support practical security outcomes. Main Topics Covered Cyber deterrence and imposing costs on adversaries Public-private partnership and smarter regulation Federal modernization and procurement reform Critical infrastructure resilience AI, post-quantum policy, and cyber workforce development Key Quotes "Resiliency is great, but resiliency…implies that you're taking hits." — Sean Cairncross "There is a lot that can be done to deny [bad cyber actors] the benefits of their activity, to make life harder for them online and to deny them safe haven." — Sean Cairncross "I think if you get hit by a foreign adversary, for the USG to turn around and point a finger at you is essentially shifting blame… It's not going to succeed unless both sides of that coin are working together and being collaborative." — Sean Cairncross "We can work on procurement speed. We can work on technological innovation and adopting that technology much more quickly than we have." — Sean Cairncross "This [low-cost, high-reward incentive structure for malicious cyber actors] has been allowed to go too far and get too far out of whack ... and we need to reset that." — Sean Cairncross Relevant Links and Resources President Trump's National Cyber Strategy Cybercrime executive order signed the same day as the strategy Post-quantum policy / "PQC" executive order or action under development Guest Bio Sean Cairncross is the White House National Cyber Director, serving as the principal adviser to the president on cyber policy matters. Before taking this role, he served in the Trump White House as deputy assistant to the president and senior adviser to the chief of staff. He also served as CEO of the Millennium Challenge Corporation and has held senior leadership roles in politics, government, and strategic consulting.

    34 min
  5. The Cyber Dimension of the Iran Conflict with Cynthia Kaiser & Mark Montgomery

    MAR 10 ·  VIDEO

    The Cyber Dimension of the Iran Conflict with Cynthia Kaiser & Mark Montgomery

    Cyber is now woven into modern conflict, alongside conventional military force. In this episode, Frank Cilluffo examines how that shift shapes the threat from Iran—especially the risk of cyber retaliation aimed at U.S. critical infrastructure, U.S. businesses, and public confidence. Rear Admiral (Ret.) Mark Montgomery of the Foundation for Defense of Democracies brings a strategic and military lens to the discussion, explaining how cyber is being built into conflict planning alongside kinetic operations. Cynthia Kaiser, a former FBI cyber leader now with Halcyon, brings an operational view of how Iranian cyber activity can create disruption, spread fear, and produce real effects even without the sophistication of China or Russia. Main Topics Covered Cyber as an integrated warfighting tool Iran's cyber posture and likely retaliation paths Critical infrastructure and OT vulnerabilities Disruption, fear, and information effects Gaps in U.S. civilian cyber defense Key Quotes "They're not at the level of capability as Russia and China, but that's almost irrelevant. They've got a drive-by shooting capability." — Frank Cilluffo "We're seeing cyber integrated at the front end of planning. It's not cyber only or cyber as an afterthought, but it's cyber as an integrated element." — Mark Montgomery "The vast majority of our critical infrastructure doesn't have a shield."— Mark Montgomery "[Iran is] really one of the world's most malicious and capable cyber actors. They're not necessarily as good as China or Russia, but they don't need to be to have an effect." — Cynthia Kaiser "The point's the fear. The point's the chaos. And the point is the internal messaging for their own people—to say we did something in retaliation." — Cynthia Kaiser Relevant Links and Resources Foundation for Defense of Democracies Halcyon Ransomware Research Center NSA Cybersecurity Collaboration Center Guest Bio Mark Montgomery is a senior fellow at the Foundation for Defense of Democracies and former executive director of the Cyberspace Solarium Commission. He brings deep experience in cyber strategy, defense policy, and national security planning. Cynthia Kaiser is a senior cyber executive at Halcyon and a former FBI leader with extensive experience in cyber investigations and ransomware response. She brings an operational perspective on Iranian cyber activity, disruption campaigns, and cyber risk to critical infrastructure.

    35 min
  6. The Regulatory Shift: How CIRCIA and NIST are Redefining Cyber Defense with Sara Friedman

    MAR 3 ·  VIDEO

    The Regulatory Shift: How CIRCIA and NIST are Redefining Cyber Defense with Sara Friedman

    Cyber incident reporting is about to become mandatory for much of critical infrastructure—and the details are where the fight is. On February 26th, Frank Cilluffo spoke with Inside Cybersecurity managing editor Sara Friedman about CIRCIA's proposed reporting rules, what industry says is overbroad, and why the 72-hour clock is hard in the real world. They also dig into overlap with other federal requirements, CISA's capacity to execute the rulemaking, and what "getting it right" means for public-private trust. The conversation then pivots to NIST, AI agent standards, and how Washington is balancing innovation, security, and competitiveness. Main Topics Covered What CIRCIA is designed to do. Who's covered and what counts as reportable. The practical challenge of determining incident facts within 72 hours. Duplication concerns across rules, including SEC cyber disclosure timelines. Whether CISA has the staffing and leadership capacity to deliver. NIST's role in AI agent standards and broader cyber "rules of the road." Key Quotes "CISA was supposed to have voluntary partnerships… And with this new role, CISA is moving into more of a regulator role." —Sara Friedman "This rulemaking, when it was put out, it's over 400 pages. There's a lot in there." — Sara Friedman "House Homeland Security Chairman Andrew Garbarino threatened to, if the rulemaking does not meet congressional intent…to potentially roll this back." — Sara Friedman "When there's a large attack on critical infrastructure, it just seems to wake up lawmakers in some ways that they need to be able to do something." —Sara Friedman "They've shed about a third of their workforce…One of the questions is, does CISA have the capacity that they need for this rulemaking and to do it effectively? —Sara Friedman Relevant Links and Resources CIRCIA town halls scheduled for March: https://insidecybersecurity.com/share/17759 When the CIRCIA NPRM was published: https://insidecybersecurity.com/share/15688 RSA 2024 panel on the rulemaking: https://insidecybersecurity.com/share/15832 NIST launches AI Agent Standards initiative: https://insidecybersecurity.com/share/17775 NIST AI security request for information: https://insidecybersecurity.com/share/17654 NIST work on an AI profile for the Cybersecurity Framework: https://insidecybersecurity.com/daily-news/stakeholders-weigh-ai-considerations-cybersecurity-nist-workshop-draft-framework-profile Guest Bio Sara Friedman is the managing editor of Inside Cybersecurity and has covered federal cybersecurity policy for years, including CIRCIA, NIST standards, and related rulemakings.

    26 min
  7. Deepfakes & Laptop Farms: How Nation-States Infiltrate the Defense Supply Chain with Luke McNamara

    FEB 24 ·  VIDEO

    Deepfakes & Laptop Farms: How Nation-States Infiltrate the Defense Supply Chain with Luke McNamara

    Cyber threats against the Defense Industrial Base (DIB) don't stop at the battlefield—they extend into suppliers, perimeter devices, and even hiring pipelines. Luke McNamara of Google's Threat Intelligence Group joins Frank Cilluffo to unpack Mandiant's report Beyond the Battlefield: Threats to the Defense Intelligence Base and the patterns it flags across today's threat landscape. They discuss how the war in Ukraine is shaping targeting priorities, why China's cyber espionage increasingly begins at the network edge, and how "fast follower" exploit cycles compress patch timelines. McNamara also explains the North Korean IT worker problem, where remote hiring fraud can create both revenue and potential access pathways. The takeaway for mid-sized defense suppliers is practical: harden identity, reduce perimeter exposure, and assume meaningful risk often starts outside traditional corporate visibility. Main Topics Covered Why manufacturing remains a top target and a warning sign for broader supply-chain risk How the war in Ukraine is influencing cyber targeting tied to drones and UAS ecosystems China's focus on edge-device compromise (VPNs, routers, email gateways) and why it matters The "fast follower" dynamic that turns one vulnerability into many intrusions North Korean IT worker operations, remote hiring fraud, and AI-enabled deception The highest-leverage defensive priorities for DIB organizations, especially identity and MFA Key Quotes "Manufacturing is always the most targeted sector going back to 2020. And I think that's a larger canary in the coal mine." ­­— Luke McNamara "It's not just some of these top-tier Chinese APT actors and their ability to leverage these as a zero-day, but the ability for secondary groups, once some of the details leak around a particular vulnerability, to start weaponizing it themselves." — Luke McNamara "If I had to narrow it down to one category to put more resources to, I would say identity…hardening around the identity piece is certainly key." — Luke McNamara "Organizations that are more aware of [the North Korean IT worker infiltration], where the security teams have met with their HR folks, their recruiters, helped inform them about the nature of these threats, I think they're a little bit better secured." — Luke McNamara "It sounds more like a movie than reality, but it's happening." — Frank Cilluffo Relevant Links and Resources Mandiant report — Beyond the Battlefield: Threats to the Defense Intelligence Base Mandiant podcast — Defenders Advantage Guest Bio Luke McNamara is a Deputy Chief Analyst at Google Cloud's Mandiant Intelligence and part of Google's Threat Intelligence Group, focused on cyber threat trends and emerging risks.

    26 min
  8. Botnets, Edge Devices, and AI: Inside Forescout's Threat Findings with Daniel dos Santos

    FEB 17 ·  VIDEO

    Botnets, Edge Devices, and AI: Inside Forescout's Threat Findings with Daniel dos Santos

    A new wave of cyberattacks is being routed through everyday devices—and defenders can't rely on old assumptions about geography or "known bad" infrastructure. Daniel dos Santos, VP at Vedere Labs (Forescout), walks through findings from their 2025 Threat Roundup, drawn from a global network of hundreds of honeypots and decoy systems. The conversation focuses on why web-facing systems and edge devices have become prime targets, how attackers hide inside cloud and ISP-managed networks, and what defenders can do earlier in the kill chain. Dos Santos also explains why many exploited vulnerabilities never appear on CISA's KEV list—and how security teams should think about patching and risk anyway. Main Topics How honeypots reveal attacker intent across IT, IoT, and OT environments. Why attacks increasingly come from ISP-managed networks and consumer devices. Cloud and "benign" services used to blend in and evade traditional filters. Why distributed botnets weaken country-based blocking for defenders. The rise of web-facing exploitation and the shift away from stolen passwords. Edge devices, OT exposure, and why "discovery" dominates post-breach activity. Key Quotes "We have hundreds [of honeypots] throughout the world. Some of them are simulations… Some of them are real devices… we expose them with the intention of seeing them attacked." — Daniel dos Santos "Home routers, but also home IP cameras or doorbells or solar inverters or…whatever it is that you have in your house that might be exposed to the internet and might be vulnerable can be these days recruited into a botnet." — Daniel dos Santos "Attackers…have figured out that when you find a zero-day in a popular router or a popular firewall or a popular VPN appliance, you can really go against thousands and thousands of organizations." — Daniel dos Santos "With one zero-day or one critical exploit, you can compromise thousands of organizations today." — Daniel dos Santos "But what we do see in the signals that we see there and what we present in the report is that there is a whole world of vulnerabilities being exploited." — Daniel dos Santos Relevant Links and Resources https://www.forescout.com/research-labs/2025-threat-roundup/ https://www.forescout.com/blog/anatomy-of-a-hacktivist-attack-russian-aligned-group-targets-otics/ About the Guest: Daniel dos Santos is the VP of Research at Forescout Research — Vedere Labs, where he leads a team of researchers that identifies new vulnerabilities and monitors active threats. He holds a PhD in computer science, has published over 35 peer-reviewed papers, has found or disclosed hundreds of CVEs — and is a frequent speaker at security conferences.

    33 min
See All (118)

Trailer

5
out of 5
18 Ratings

About

As cyber threats evolve faster than policy, Cyber Focus delivers executive-level briefings on cybersecurity, national security, and critical infrastructure. From the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, host Frank Cilluffo speaks with senior leaders across government, industry, and the intelligence community about ransomware, state-sponsored threats, AI, and the systems we all rely on—energy, water, telecom, and supply chains. Each episode focuses on real-world risk tradeoffs and practical steps organizations can take to strengthen resilience.

Information

You Might Also Like