Cyber Focus: Cybersecurity, National Security, and Critical Infrastructure

Frank Cilluffo / McCrary Institute
  • 5.0 (18)
  • GOVERNMENT
  • UPDATED WEEKLY

As cyber threats evolve faster than policy, Cyber Focus delivers executive-level briefings on cybersecurity, national security, and critical infrastructure. From the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, host Frank Cilluffo speaks with senior leaders across government, industry, and the intelligence community about ransomware, state-sponsored threats, AI, and the systems we all rely on—energy, water, telecom, and supply chains. Each episode focuses on real-world risk tradeoffs and practical steps organizations can take to strengthen resilience.

  1. What Most People Get Wrong About Secure Messaging with Signal CTO Ehren Kret

    20H AGO ·  VIDEO

    What Most People Get Wrong About Secure Messaging with Signal CTO Ehren Kret

    Most people think secure messaging begins and ends with encryption. Signal CTO Ehren Kret says that is only part of the picture. In this episode of Cyber Focus, host Frank Cilluffo sits down with Kret to discuss what private communication really requires, from protecting message content to limiting what platforms can learn from metadata, identity, group membership and social graphs. Kret explains how Signal's nonprofit model shapes its privacy-first design choices, why endpoint security remains a major challenge, and how AI built into operating systems could create new risks for private communication. The conversation also explores post-quantum encryption, lawful access debates, phishing threats against messaging accounts, and why the future of secure communication depends not only on better technology, but on helping users understand what is and is not truly private. Main Topics Secure messaging misconceptions Metadata and social graphs Endpoint security risks AI and platform privacy Post-quantum encryption Signal's nonprofit model Key Quotes "Disappearing messages, and that's one piece of the puzzle... But a lot of people think that's sort of the end." — Ehren Kret "You should also be looking at does your service provider have access to the message content and is it protected from visibility from them?" — Ehren Kret  "Being able to build a social graph can reveal information, even though you don't necessarily have the message content, it is highly leaky. You can infer from a social graph, you can see who is talking to who, and a lot of times that reveals information about the content of those communications ." — Ehren Kret "Signal...is an anti mass surveillance tool. It's not necessarily an anti targeted surveillance tool because at the end of the day your phone is still an endpoint that can be targeted." — Ehren Kret "Since it's a nonprofit, the primary goal for Signal is to spread the use of end-to-end encrypted for messaging and for communications in general." — Ehren Kret Relevant Links and Resources Signal Foundation Signal: Sealed Sender Signal: Quantum Resistance and the Signal Protocol Cloudflare Post-Quantum Roadmap Google Research on Quantum Vulnerabilities About Ehren Kret Ehren Kret is the Chief Technology Officer at Signal, where he helps lead the development of privacy-preserving communication technology. He previously served as an engineering director at WhatsApp, where he helped scale end-to-end encryption for more than a billion users.

    32 min
  2. How Idaho National Laboratory Is Building the Future of Infrastructure Security with Zach Tudor

    APR 27 ·  VIDEO

    How Idaho National Laboratory Is Building the Future of Infrastructure Security with Zach Tudor

    America is asking more from its critical infrastructure just as adversaries are finding more ways to target it. AI, data centers, electrification, and next-generation energy systems all depend on operational technology—the control systems that keep power, water, transportation, and industry moving. As that backbone grows more connected, the stakes of securing it grow even higher. In this episode of Cyber Focus, Frank Cilluffo speaks with Zach Tudor, Associate Laboratory Director at Idaho National Laboratory, about how INL tests and secures critical infrastructure at scale. Tudor explains why resilience must guide infrastructure defense, what Ukraine and China reveal about the risks facing critical infrastructure, and why cyber-informed engineering is essential as new technologies move into energy, nuclear, wireless, and industrial systems. The conversation also covers AI's role in control environments, the workforce needed to secure future infrastructure, and the challenge of moving faster before a major event forces action. Main Topics Covered INL's critical infrastructure mission Testing infrastructure at scale OT security and resilience AI risks in control systems Cyber-informed engineering Workforce needs for energy security Key Quotes "No infrastructure is impervious to attack." — Zach Tudor "I think we're getting to the point where, if you are delivering power to the nation, then you are a risk professional as well as a power engineer." — Zach Tudor "Resilience for me is not just the preparation for an attack or the response to an attack, but the ability to mitigate the effects of an attack, to respond quickly, and to recover quickly as well." — Zach Tudor "We are a national lab in the public economic and national security interest. And so we'll do what needs to be done. We say that labs do what others can't, won't or shouldn't do." — Zach Tudor "The mindset of an engineer who's thinking about operations is different from the mindset of an IT security person who's protecting databases or privacy or other data." — Zach Tudor Relevant Links and Resources Idaho National Laboratory Department of Energy National Laboratories Cyber-Informed Engineering (CIE) Guest Bio Zach Tudor is Associate Laboratory Director for National and Homeland Security at Idaho National Laboratory, where he leads programs focused on critical infrastructure protection, operational technology security, and national security innovation. He previously served at the Department of Homeland Security's ICS-CERT and is a former U.S. Navy submariner. Tudor has spent decades working at the intersection of cybersecurity, energy systems, and national defense.

    34 min
  3. Hacking Reputation: Disinformation, Trust, and Cyber Crisis Response with Preston Golson

    APR 21 ·  VIDEO

    Hacking Reputation: Disinformation, Trust, and Cyber Crisis Response with Preston Golson

    A cyber incident can damage far more than systems and networks. It can also become a reputational crisis, especially when false or misleading narratives move faster than facts. In this episode of Cyber Focus, Frank Cilluffo speaks with Preston Golson of Brunswick Group about why organizations need to treat reputation as a vulnerability that can be tested, stress-tested, and defended much like any other part of their cyber posture. Drawing on his work in cyber incident response and his earlier career at the CIA, Golson explains how misinformation and disinformation take hold, why many damaging narratives are foreseeable, and how companies can prepare before a crisis hits. The conversation explores red teaming, "prebunking," unified crisis response, and the growing importance of trust, credibility, and AI-generated search results in shaping public perception. For leaders trying to manage cyber risk in a more volatile information environment, this episode offers a practical framework for thinking about reputation, crisis communications, and resilience. Main Topics Covered Reputation as a cyber target Disinformation and viral narratives Red teaming reputational risk Cyber crisis communications Prebunking and digital inoculation Key Quotes "Misinformation is like a forest fire and we live in a forest with combustible conditions … false and misleading narratives can be caught quickly and they can affect a company's license to operate." — Preston Golson   "If you have a dedicated team to look for [reputational risks], you can hack your own reputation, understand where your vulnerabilities are and then reverse engineer defenses and proactive communications … to help build resiliency amongst your audiences." — Preston Golson "We don't play whack a mole. Not every narrative deserves a response. As a matter of fact, some narrative, if you give them a response, it'll give it more oxygen." — Preston Golson "What effective [misinformation] narratives are doing are playing on people's insecurities, [and] people's desire to understand a world that is increasingly complex. It doesn't always make sense." — Preston Golson "Ransomware really did democratize cyber. Everyone's a target from the biggest Fortune 10 down to every mom and pop shop..." — Frank Cilluffo Relevant Links and Resources Brunswick Group Preston Golson's article, "Hacking Reputation" Guest Bio Preston Golson is a director at Brunswick Group, where he works on cyber incident response and related communications challenges. Before joining Brunswick, he spent more than 15 years at the Central Intelligence Agency. In this episode, he draws on that experience to discuss cyber crisis response, disinformation, reputational risk, and how organizations can prepare for false or misleading narratives before they take hold.

    24 min
  4. Cult of the Dead Cow and the Roots of Modern Cyber Ethics with Joe Menn

    APR 13 ·  VIDEO

    Cult of the Dead Cow and the Roots of Modern Cyber Ethics with Joe Menn

    Cybersecurity's history is often told through breaches, crime, and disruption. Joe Menn argues that the story of early hacker culture also offers something constructive: a model for how technical curiosity, ethical reflection, and independent thinking can shape the public good. Drawing from his work on Cult of the Dead Cow, Menn traces how figures once associated with pranks, underground tools, and legal gray zones helped influence vulnerability disclosure, hacktivism, privacy debates, and even the way government and major companies think about security today. But the episode does not stay in the past. Menn connects those earlier lessons to much more current concerns: digital surveillance, the tightening relationship between big tech and government, and the security risks emerging from the rush into AI. The result is a conversation about far more than hacker lore. It is about who gets to shape technology, what values guide that work, and why critical thinking itself may now be part of the infrastructure worth defending. Main Topics Covered The legacy of Cult of the Dead Cow The evolution of hacktivism Ethics and critical thinking in cyber Surveillance, privacy, and state power AI security and concentrated tech influence Key Quotes "I think it's very interesting to me that... any Fortune 100 CISO who's in his mid-50s or older broke the law as a teenager." — Joe Menn "Hackers are by definition, if they're any good, are critical thinkers, because they're taking stuff and saying, well, okay, this is the intended purpose. What else can it do? What else can I make it do?" ­— Joe Menn "Hackers should be big players in legislation and in protecting critical infrastructure, and all these other things because they are critical thinkers and won't just repeat what the conventional wisdom is. You get value from people who are thinking differently. — Joe Menn "[A]t the most recent inauguration, you had Jeff Bezos and Mark Zuckerberg, and I believe Elon Musk standing closer to Trump than his cabinet members. The allegiance of big tech is actually more important than some of the entire branches of government. And their interests are now, by and large, very closely joined." — Joe Menn "[W]henever there's a new exciting technology; people rush into it and then sometime later they figure out about security ... And right now, there's this land rush where all the vulnerabilities are now visible through the wonder of AI. And so, tech debt that was swept under the rug is now become a forest fire." — Joe Menn Relevant Links and Resources  Cult of the Dead Cow Fatal System Error    Citizen Lab About the Guest Joe Menn is a longtime technology reporter and author who has covered cybersecurity, privacy, and related policy issues for decades. In the episode, Frank Cilluffo notes that Menn has written for The Washington Post, Financial Times, Reuters, and the Los Angeles Times, and is the author of two bestselling cybersecurity books, including Cult of the Dead Cow.

    34 min
  5. From Fax Machines to Quantum: Canada's Sami Khoury Reflects on Three Decades in Cyber

    APR 7 ·  VIDEO

    From Fax Machines to Quantum: Canada's Sami Khoury Reflects on Three Decades in Cyber

    Cybersecurity now reaches far beyond government networks and traditional IT systems. In this episode, Sami Khoury explains how the threat environment increasingly touches critical infrastructure, operational technology, undersea cables, and space—and why that shift is pushing governments to work more closely with private industry and trusted international partners. Drawing on more than three decades in Canadian government, Khoury offers a clear view of how Canada has built out its cyber posture, how the Canadian Centre for Cyber Security fits into that mission, and where the threat is evolving fastest. He also reflects on the growing overlap between nation-state activity, cybercrime, and hacktivism; the promise and risk of AI; the long transition toward post-quantum security; and the enduring pull of public service in a field where the stakes keep rising. Main Topics Covered Canada's cyber strategy Critical infrastructure security OT, undersea cables, and space AI and post-quantum risk Public-private and international partnership Key Quotes:  "When cyber came about or when we started paying attention to cyber, it was predominantly an IT issue. But unfortunately, these days it's not just an IT issue and we have to pay attention to OT." — Sami Khoury "We know that cyber, and it might be cliche, cyber knows no border." — Sami Khoury  "We welcome people from different educational background because it's the analytical thinking capacity that we're looking for, not critical thinking skills. It's not necessarily that you're the best coder or that you are the best hardware architect. We want people with the critical thinking skills." — Sami Khoury "The day there's a cryptographically relevant quantum computer that can break today's encryption will not, I presume, will not come with a press release." — Sami Khoury "It's no longer government on government, it's government on private sector, it's mercenaries on private sector, it's mercenaries on government or hacktivist on government. So it's completely asymmetric and it takes a whole team to basically make a difference." — Sami Khoury Relevant Links and Resources Canadian Centre for Cyber Security  Canada's national cyber threat assessment Canada's AI strategy Canada's Post-quantum encryption bulletin Guest Bio: Sami Khoury is the Government of Canada Senior Official for Cyber Security and the former head of the Canadian Centre for Cyber Security. He has spent over 30 years in the Canadian government, primarily within the Communications Security Establishment (CSE), Canada's signals intelligence and cryptologic agency. A veteran of the "Five Eyes" intelligence community, Khoury has been instrumental in shaping Canada's national cyber strategy and fostering deep operational ties with international partners.

    25 min
  6. Ukraine, Private Sector Power, and Cyber Defense with Greg Rattray

    MAR 31 ·  VIDEO

    Ukraine, Private Sector Power, and Cyber Defense with Greg Rattray

    Ukraine's cyber defense has become one of the clearest real-world tests of what resilience actually looks like under sustained attack. In this episode of Cyber Focus, Greg Rattray explains why Ukrainian defenders held up better than many expected, and what their experience reveals about the limits of prevention, the value of shared visibility, and the growing operational role of the private sector. Drawing on his work leading the Cyber Defense Assistance Collaborative, Rattray argues that exposing adversary activity across a more "brightly illuminated cyberspace" helped blunt Russia's offensive advantage. But the larger lesson is not just about threat visibility. It is about recovery, adaptability, and trust: teams under pressure need tools they already know how to use, leaders need to plan for bad days, and governments need to make room for industry to do more than simply wait for direction. Main Topics Covered The "bright room" concept in cyber defense Why resilience matters more than perfect prevention Familiar tools vs. cutting-edge tech in crisis The private sector's front-line role How cyber, EW, and drones are converging Key Quotes: "It's pretty hard to do cyber offense in a bright room, in a dark room, it's a lot easier. But like what we've done here is give the Ukrainians the position that the Russian attacks are trying to occur in a pretty brightly illuminated cyberspace." — Greg Rattray "Kyivstar, [Ukraine's] major telecommunications provider, got leveled in December of 2023. I thought they would be out for weeks. Two days later they were back up and running." — Greg Rattray "The speed at which drones have to change in order to stay survivable and effective; these innovation cycles are weeks, not years." — Greg Rattray "While the NIST cybersecurity framework talks about respond and recover, the amount of energy that goes into resilience is still to my mind, under thought, under exercised, [and] under invested in." — Greg Rattray "The notion that you're going to be targeted has to be part of your risk calculus. And therefore you even with a good team... you cannot guarantee you won't have a bad day." — Greg Rattray Links/Resources Cyber Defense Assistance Collaborative: https://crdfglobal-cdac.org Guest Bio:  Dr. Greg Rattray is Chief Strategy and Risk Officer at Andesite and Executive Director of the Cyber Defense Assistance Collaborative (CDAC), which has facilitated more than $30 million in voluntary cyber defense support to Ukraine. He previously served as J.P. Morgan Chase's Global CISO and Head of Global Cyber Partnerships, and spent 23 years in the U.S. Air Force, including as the National Security Council's Director for Cybersecurity.

    34 min
  7. Transatlantic Reset: Private Sector Diplomacy & Digital Trust with Sébastien Garnault

    MAR 24 ·  VIDEO

    Transatlantic Reset: Private Sector Diplomacy & Digital Trust with Sébastien Garnault

    Overview Transatlantic cyber cooperation is being tested by political strain, regulatory divergence, and competing ideas about sovereignty, trust, and market access. In this episode of Cyber Focus, Sébastien Garnault argues that if the United States and Europe want to keep working together on security, they need to move quickly to make that cooperation practical, especially in critical infrastructure and digital markets. Speaking from a French private-sector perspective, Garnault makes the case that governments alone may not be able to repair or sustain that cooperation at the speed the moment requires. He points instead to private-sector partnerships, shared market incentives, and clearer language around security standards as possible ways to keep the transatlantic relationship workable even when public-sector trust is under pressure. The conversation also explores how Europe and the United States differ on clean versus trusted technology stacks, how threat perceptions shape national requirements, and how privacy, AI, and data localization debates can either strengthen or complicate cooperation. The conversation was recorded on February 11, 2026. Main Topics Covered Private-Sector Cooperation as a Strategic Bridge: Why Garnault believes business-to-business cooperation may move faster than government-to-government diplomacy when trust is strained. Clean Stack vs. Trusted Stack: How U.S. national-security thinking and EU market-standard thinking create different paths for defining who can participate in secure digital markets. Threat Perception and Market Access: How geography, history, and national priorities shape security requirements across Europe and affect access to critical infrastructure markets. Trust, Sovereignty, and the Transatlantic Reset: Why Garnault sees damaged trust as a real obstacle, and why he argues for a reset rather than a rupture in U.S.-European cyber cooperation. Privacy, AI, and Data Localization: How French and European views on privacy, regulation, and AI governance differ from those in the United States, and why those differences matter for security and interoperability. Key Quotes "Maybe what we've done in the last decade and what we will do in the next decade don't belong from government but belongs to us." — Sébastien Garnault "We can do a reset; we cannot afford a reboot." — Sébastien Garnault "The damages that have been done in our trust, mutual trust, are very deep. So we need to fix it quickly." — Sébastien Garnault "The best way for us to cooperate with our allies is to use the market because the market is less political than national security." — Sébastien Garnault "From my standpoint, the glue that binds us together is much greater than anything that can tear us apart." — Frank Cilluffo Links/Resources CyberTaskForce: https://www.cybertaskforce.fr/ Paris Cyber Summit: https://www.paris-cyber-summit.com/ Guest Bio Sébastien Garnault is the founder of the CyberTaskForce and president of the Paris Cyber Summit. He joined Cyber Focus while in Washington leading a French delegation meeting with U.S. policymakers, industry leaders, and other decision-makers, and spoke in a private-sector capacity rather than on behalf of the French government.

    35 min
  8. Keeping the Lights On in the AI Era with DOE's Alex Fitzsimmons

    MAR 17 ·  VIDEO

    Keeping the Lights On in the AI Era with DOE's Alex Fitzsimmons

    Electricity demand is surging—and DOE's Alex Fitzsimmons argues that the country's ability to "keep the lights on" is now inseparable from how fast we can expand energy infrastructure, how we manage affordability, and how seriously we treat security. In this conversation with Frank Cilluffo, Fitzsimmons, the Acting Under Secretary of Energy and Director of the Office of Cybersecurity, Energy Security, and Emergency Response (CESER), frames "energy dominance" as a practical governing problem: meet rapid load growth (including from AI and data centers), avoid reliability shortfalls, and do it in a way that doesn't push unacceptable costs onto everyday Americans. Main Topics Covered AI- and data center-driven demand growth Affordability and "ratepayer protection" Resource adequacy and reliability risk OT security and critical infrastructure stakes Supply chain risk and security vs speed Key Quotes "Privacy, data breaches, all of these things are important. They matter. They matter. But OT matters more. Keeping the lights on matters more." — Alex Fitzsimmons "These tech companies recognize that for their technology to be politically and economically viable, that the American people cannot be shouldered with the burden of new data centers." — Alex Fitzsimmons "We were set to lose 100 gigawatts of reliable dispatchable generation by 2030, at the same time that we may need to build 100 gigawatts of generation and associated infrastructure to win the AI race." — Alex Fitzsimmons "We have to [build supply] securely. So we can't sacrifice security for speed." — Alex Fitzsimmons "[AI-FORTS] is focused on 3 things: secure the energy system from AI, secure it with AI, and secure the AI itself." — Alex Fitzsimmons Relevant Links and Resources DOE's CESER Office DOE's Genesis Mission  DOE 2025 resource adequacy report NERC; RTOs and ISOs (mentioned in the episode; link not provided) Guest Bio Alex Fitzsimmons serves in the Trump Administration as the Acting Under Secretary of Energy at the U.S. Department of Energy (DOE), where he spearheads DOE's energy dominance mission and oversees a broad portfolio of offices advancing affordable, reliable, and secure energy for the American people. He also serves as Director of DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER), leading efforts to safeguard the nation's energy infrastructure against evolving cyber and physical threats and strengthen resilience across critical energy systems.

    38 min
See All (123)

Trailer

5
out of 5
18 Ratings

About

As cyber threats evolve faster than policy, Cyber Focus delivers executive-level briefings on cybersecurity, national security, and critical infrastructure. From the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University, host Frank Cilluffo speaks with senior leaders across government, industry, and the intelligence community about ransomware, state-sponsored threats, AI, and the systems we all rely on—energy, water, telecom, and supply chains. Each episode focuses on real-world risk tradeoffs and practical steps organizations can take to strengthen resilience.

Information

You Might Also Like