Cyber Focus

For this episode of Cyber Focus, host Frank Cilluffo sits down with Eric Geller, a leading cybersecurity journalist who contributes to top outlets like Politico, Wired, and The Record. Together, they unpack Eric's reporting on expectations for changes in AI regulation and cybersecurity under the incoming Trump administration. They also discuss the vulnerabilities within critical infrastructure sectors like agriculture and telecom. Geller offers insights into systemic challenges, the evolving threat environment, and the need for innovation in tackling cybersecurity policy and governance. Main Topics Covered: * Changes in cybersecurity priorities under different U.S. administrations * Insights into major incidents like Salt Typhoon and their implications for telecom security * The Biden administration's AI executive order vs. potential Trump-era policies * Cybersecurity vulnerabilities in agriculture and critical infrastructure * The challenges of implementing software liability and establishing duty-of-care standards Key Quotes: "[Salt Typhoon is] one of the broadest campaigns that the U.S. government has ever seen." - Eric Geller "Congress would have to step in and say, we are declaring software to be a product, which unlocks some legal avenues for further work [on software liability]." - Eric Geller "Trump changed the rules a little bit to make it easier for the military to launch some of these [cyber] attacks. And Biden did not reverse that." - Eric Geller "The tech industry really needs to figure out where it stands on how much regulation it wants." - Eric Geller "All these things could be hacked. And right now, it's almost just a matter of luck that some of them haven't been." - Eric Geller Relevant Links: https://www.wired.com/story/trump-administration-cybersecurity-policy-reversals/ [https://www.wired.com/story/trump-administration-cybersecurity-policy-reversals/] https://www.wired.com/story/donald-trump-ai-safety-regulation/ [https://www.wired.com/story/donald-trump-ai-safety-regulation/] https://therecord.media/government-is-not-ready-for-food-agriculture-cybersecurity-usda [https://therecord.media/government-is-not-ready-for-food-agriculture-cybersecurity-usda] https://therecord.media/cybersecurity-software-liability-standards-white-house-struggle [https://therecord.media/cybersecurity-software-liability-standards-white-house-struggle] Guest Bio: Eric Geller is a seasoned cybersecurity journalist, recognized for his in-depth analysis of pressing cyber issues. He has written for Politico, Wired, The Record, and Cipher Brief, focusing on policy, governance, and the intersection of technology and national security.

In this episode of Cyber Focus, host Frank Cilluffo interviews Mark Green, Chairman of the House Homeland Security Committee. Congressman Green, a combat veteran and healthcare entrepreneur, discusses key cybersecurity challenges, including workforce shortages, bureaucratic inefficiencies, and economic models that incentivize cybercrime. The conversation highlights the importance of initiatives like the Cyber Pivot Act, designed to address critical workforce gaps, and the need for harmonizing regulatory requirements. Green also explores strategies for protecting critical infrastructure, enhancing state-level cybersecurity, and leveraging public-private partnerships to bolster national resilience. Main Topics Covered: * Addressing the cybersecurity workforce gap through the Cyber Pivot Act * Harmonizing federal regulations to reduce bureaucratic inefficiencies * Strengthening cybersecurity for critical infrastructure at all levels of government * Tackling economic incentives that enable cybercrime and vulnerabilities * Advancing public-private partnerships and state-level cybersecurity initiatives Key Quotes: "We have a 500,000 person shortage in cybersecurity jobs in this in this country, empty spaces with nobody to put in them." - Mark Green "If a company is spending more time complying than they are actually securing themselves, then... government is doing harm." - Mark Green "I have a strong belief that we have to as a country own the fact that these businesses can't protect themselves against nation states. And we have an obligation." - Mark Green "At the end of the day, the first to respond and the last to leave in a local incident are still going to be at [the] state level." - Frank Cilluffo "We've got to figure out as a country how to put pressure on people, to enforce laws, to extradite when someone breaks our laws." - Mark Green Relevant Links: https://homeland.house.gov/2024/09/24/chairman-green-introduces-cyber-pivott-act-to-tackle-government-cyber-workforce-shortage-create-pathways-for-10000-new-professionals/ [https://homeland.house.gov/2024/09/24/chairman-green-introduces-cyber-pivott-act-to-tackle-government-cyber-workforce-shortage-create-pathways-for-10000-new-professionals/] Guest Bio: Mark Green is the Chairman of the House Homeland Security Committee, where he spearheads efforts to address cybersecurity, border security, and national resilience. A West Point graduate, Green served as a combat veteran and special operations physician in the Army’s renowned 160th Special Operations Aviation Regiment, known as the Night Stalkers. After his military service, he became a successful entrepreneur in the healthcare sector. Green has brought his leadership skills to Congress, focusing on critical issues like cybersecurity workforce development, regulatory harmonization, and protecting critical infrastructure. He is also the author of We Before Me, a book reflecting his philosophy of putting collective success above individual gain.

Overview: In this episode, host Frank Cilluffo sits down with Cheri Caddy, former Deputy Assistant National Cyber Director at the White House and senior technical advisor at the Department of Energy. They discuss the cybersecurity challenges surrounding connected vehicles, examining how modern cars are effectively "computers on wheels" and the broader implications for privacy, data security, and national security. Cheri highlights the convergence of IT and OT systems in vehicles, the need for cyber-informed engineering, and the importance of regulatory harmonization in addressing these challenges. Main Topics Covered: * Convergence of IT/OT systems in connected vehicles * Cybersecurity and privacy risks of modern cars * Global supply chain implications for vehicle data security * Regulatory harmonization across sectors impacting connected vehicles * Future of automation and autonomous vehicles in the cybersecurity landscape * Managing cybersecurity at an enterprise level for government and corporate vehicle fleets Key Quotes: "Your car has always been something in your environment, but now it's a computer. It's software-defined, and you have to treat it with all of the cyber implications of being a computer." – Cheri Caddy "There's no cyber problem that's a single sector anymore." – Cheri Caddy "Vehicles are giant sensor platforms recording everything. What are the security implications of taking a connected vehicle on to a sensitive facility? ...I think that is very much an open question.– Cheri Caddy "We need to get [vehicle engineers] to think about cybersecurity at the design phase. Because dealing with bolting on cyber after the fact is, is just not practical.– Cheri Caddy This is just such an interesting area of converging, of all of the exciting cyber things, from supply chain to applied machine learning to data standards and integration. – Cheri Caddy Relevant Links: National Cyber Informed Engineering Strategy [https://www.energy.gov/sites/default/files/2022-06/FINAL%20DOE%20National%20CIE%20Strategy%20-%20June%202022_0.pdf] Information on vehicle data privacy and cybersecurity from the National Highway Traffic Safety Administration (NHTSA) * https://www.nhtsa.gov/research/vehicle-cybersecurity [https://www.nhtsa.gov/research/vehicle-cybersecurity] * https://www.nhtsa.gov/press-releases/nhtsa-updates-cybersecurity-best-practices-new-vehicles [https://www.nhtsa.gov/press-releases/nhtsa-updates-cybersecurity-best-practices-new-vehicles] Guest Bio: Cheri Caddy is a cybersecurity leader with over 30 years of experience in national security, intelligence, and technical advisory roles. She has served as the Deputy Assistant National Cyber Director at the White House, as well as a senior advisor at the Department of Energy. Caddy's expertise lies in bridging policy and technical innovation, particularly in IT/OT convergence and secure-by-design engineering for critical infrastructure.

In this episode of Cyber Focus, host Frank Cilluffo interviews Kiersten Todt, president of Wondros, a creative firm focused on social and policy change. Todt, who previously served as Chief of Staff at the Cybersecurity and Infrastructure Security Agency (CISA) and as a senior advisor on the Senate Homeland Security Committee, shares insights on the challenges and advancements in cybersecurity workforce development, public-private collaboration, and the critical role of community involvement in cybersecurity initiatives. Main Topics Covered: * Cybersecurity workforce development, with a focus on neurodiversity and inclusivity * Public-private partnerships and CISA's role in regional engagement * The importance of community-level cybersecurity initiatives * Cybersecurity supply chain issues and the need for inclusive small business support * Cybersecurity awareness through campaigns, education, and human-centered design Key Quotes: "I think we as a nation will be so much better if we create inclusive workforces that represent and acknowledge and honor the aptitudes of individuals that we may not define as being... typical." – Kiersten Todt "If we're truly looking at securing [critical infrastructure sectors], we have to look with a cross-sector approach." – Kiersten Todt "[Cyber incident response] starts in the community, it starts at the local level. And so being able to engage those individuals is critical." – Kiersten Todt "The applied side is what attracts most of these kids [to cybersecurity]. It's not sitting behind a computer and just the zeros and ones. It's actually seeing the fruit of their work and actually getting involved." - Frank Cilluffo "Creating more of an activist culture in cybersecurity, as well as some of these other issues, really helps to turn the tide and to create change." – Kiersten Todt Relevant Links and Resources: * https://pausetake9.org/ [https://craignewmarkphilanthropies.org] * https://cyberreadinessinstitute.org/ [https://cyberreadinessinstitute.org/] * https://wondros.com/about/ [https://wondros.com/about/] Guest Bio: Kiersten Todt is the president of Wondros, a firm dedicated to social and policy change. She previously served as Chief of Staff at CISA and has held senior advisory roles on the Senate Homeland Security Committee. Her work focuses on building inclusive cybersecurity solutions, workforce development, and fostering partnerships across public and private sectors.

In this episode of Cyber Focus, host Frank Cilluffo interviews Patrick Wright, the Chief Information Security Officer and Chief Privacy Officer for the State of Nebraska. The discussion centers around the challenges and opportunities of implementing artificial intelligence (AI) and cybersecurity strategies at the state and local levels. Patrick shares insights on leveraging AI to bolster cybersecurity, managing privacy implications, and building strategic public-private partnerships. The conversation also highlights initiatives like Cyber Tatanka, a unique cybersecurity exercise involving military, government, and private entities, and addresses the importance of cooperation with federal agencies. Main Topics Covered: * State-level implementation of AI and its role in improving government services * Leveraging AI for cybersecurity: challenges, use cases, and privacy considerations * Cyber Tatanka: A collaborative cybersecurity exercise with the National Guard * Strategic partnerships with private sector and federal agencies * Resource allocation and logistical challenges in disaster management using AI Key Quotes: "We're leveraging cybersecurity and AI to bolster our defenses against the national and global threats that we face." – Patrick Wright "We can talk about cyber security from a strategic perspective all day long... But where the rubber meets the road is in providing the the critical capabilities for cyber down to the SLT level." – Patrick Wright "Being proactive in not only what we're doing from a cybersecurity awareness perspective, but from an emerging technology perspective, from a policy perspective, from a best practices perspective." – Patrick Wright "When you start talking about targeting the power grid, not only are you disrupting power supply generation for constituents across the state or region, but you're also, impacting power for other critical infrastructure like like health care and banking." – Patrick Wright "We tend to look at the world through our boxes and org charts. The bad guys don't. They act. In fact, they very intentionally exploit the seams in our defenses. –  Frank Cilluffo Relevant Links and Resources: National Association of State Technology Directors (NASTD) [https://www.nastd.org] NASTD AI Survey [https://higherlogicdownload.s3.amazonaws.com/NASTD/UploadedImages/20b47faa-5f00-40f1-bc5f-7ea8c80514d3/NASTD_AI_Survey_Summary_2024_Final.pdf] Multi-State Information Sharing and Analysis Center (MS-ISAC) [https://www.cisecurity.org/ms-isac] Guest Bio: Patrick Wright is Nebraska’s Chief Information Security and Privacy Officer, responsible for statewide cybersecurity initiatives, incident response, and compliance. With experience in both public and private sectors, he holds degrees in IT and public policy, and chairs multiple cybersecurity committees. He also serves on CIS’s Multi-State Information Sharing and Analysis Center Executive Committee (MS-ISAC).