In this episode of Cyber Focus, Frank Cilluffo hosts Steve Kelly, Chief Trust Officer at the Institute for Security and Technology. With a rich background that includes roles at the National Security Council and the FBI, Steve shares his deep insights into the cybersecurity landscape. The discussion covers the expanding attack surface due to emerging technologies, the convergence of physical and cyber domains, and the critical importance of trust and security in today's digital world.Main Topics:The increasing attack surface from consumer devices, industrial IoT, clean energy tech connecting to the gridRethinking network architecture and security models in the era of dissolving perimetersThe potential for AI and machine learning to aid defenders by automating detection/response at scaleCreative law enforcement operations to disrupt cybercriminal infrastructure and business modelsThe need to scale public-private operational collaboration against cyber threatsIST's work on AI governance, trust & safety practices, and securing critical infrastructureKey Quotes:“One of the challenges in the network defense realm is this kind of data deluge that the average network defender is experiencing, that there's just more telemetry, more signaling, more alerts, and more events that can possibly be looked at and interpreted and actioned.” - Steve Kelly"There’s a need to fundamentally rethink network architecture from a security standpoint so that we do not have vulnerable assets connected to the public Internet." - Steve Kelly"The idea is we want to have American products be marketable and trusted on the global marketplace as well as foreign products that are trustworthy to be acceptable here." - Steve Kelly on the U.S. Cyber Trust Mark"If we're relying on the end user to unbox the device and go in and change a password… that's not a winning solution." - Steve Kelly“I think that there's a need to fundamentally rethink network architecture from a security standpoint so that we do not have vulnerable assets connected to the public Internet that can be found by bad actors.” - Steve Kelly"If it's discoverable, it will be exploited." - Steve KellyRelevant Links/ResourcesU.S. Cyber Trust Mark programNational Cyber StrategyInstitute for Security and TechnologyCarnegie Mellon's CI LabShodan.io Guest BioSteve Kelly is the Chief Trust Officer at the Institute for Security and Technology (IST). Prior to IST, he served as a Special Assistant to the President on the National Security Council staff, focusing on emerging technology risks like AI, quantum computing, and 5G/6G. Steve retired from the FBI in 2022 after over 20 years as a cyber investigator and supervisor on the agency's cyber national security squad.

In this episode of Cyber Focus, host Frank Cilluffo engages in an insightful discussion with Michael Daniel, President of the Cyber Threat Alliance, former Cybersecurity Coordinator for President Obama, and McCrary Institute Senior Fellow. They delve into the intricacies of cybersecurity policy, the evolution of cybercrime as an industry, and the importance of operational collaboration between the public and private sectors. Michael shares his journey into the cybersecurity realm, offers his expert analysis on current strategies, and emphasizes the need for innovative approaches to cybersecurity challenges.Main Topics CoveredMichael Daniel's journey and insights into cybersecurity leadershipShifting the cybersecurity burden from end-users to larger entitiesThe importance of operational collaboration in cybersecurityThe industrialization of cybercrime and its implicationsStrategies for imposing costs on bad cyber actorsFunding and resourcing critical Internet functionsLessons from the cyber dimensions of the Russia-Ukraine conflictQuotesMichael Daniel: "The bad guys are getting in through a hole that we know about that we have a fix for, but we just haven't done it."Frank Cilluffo: "If you can figure out how to marshal and mobilize the economic instruments, we can start moving the ball."Michael Daniel: "We need to help shape those incentives so that we get the market forces working for us rather than against us."Frank Cilluffo: "We've got to shift the calculus from a government-leads-private-sector-follows mentality."Michael Daniel: "In cyberspace, we have an unusual set of capabilities that are resident in the private sector in a way that are not in most other policy areas."Resources MentionedCyber Threat AllianceNational Cyber StrategyCenter for a New American Security (CNAS)EuropolCyber Solarium CommissionCybercrime AtlasNational Vulnerability Database (NVD)Cyber Peace InstituteGlobal Cyber AllianceICANNShadow ServerGuest BioMichael Daniel is the President of the Cyber Threat Alliance, an organization that facilitates intelligence sharing and collaboration among cybersecurity companies. He previously served as the Cybersecurity Coordinator and Special Assistant to President Obama, where he was responsible for coordinating the federal government’s cybersecurity policies and activities. Michael also has extensive experience in the Office of Management and Budget, overseeing intelligence programs and budgets. He is widely recognized for his contributions to the field of cybersecurity and his efforts to improve national and global cyberdefense strategies.

In this episode of Cyber Focus, host Frank Cilluffo sits down with Phil Venables, Chief Information Security Officer for Google Cloud. They discuss Venables' work co-leading the President's Council of Advisors on Science and Technology's report on cyber-physical resilience, and its key recommendations including creating a national critical infrastructure observatory. The conversation also covers Google's focus on secure-by-design and secure-by-default, the implications of AI/generative AI for cybersecurity, and the evolving role of the CISO as more of a chief risk officer.Main Topics CoveredPresident’s Council of Advisors on Science and Technology Report to the President on Strategy for Cyber-Physical ResilienceCreating a national critical infrastructure observatorySecure by design and secure by default at GoogleImplications of AI/generative AI for cybersecurity defendersEvolution of the CISO role to be more like a chief risk officerCurrent cyber threat landscape and basic defenses still neededPublic-private partnership between tech companies and governmentQuotes"It's not just about security, privacy, or compliance. It's about trust and safety… The bold but responsible use of AI." - Venables on ethical AI concerns"We have much more heavily engaged with our government partners, not just here in the US, but around the world, because we recognize our position in supporting critical infrastructures." - Venables on Google's public-private partnerships."[Executives] also need to make sure that there's the resources in the ranks in their organizations to get security done." - Venables on executive support for security"...implementing strong phishing resistant multi-factor authentication, keeping systems up to date, segmenting and all the basic hygiene...when you do it, you mitigate a whole bunch of risks." - Venables on basic cyber hygiene defensesResources President’s Council of Advisors on Science and Technology report on cyber-physical systems - Press Release, Executive Summary, Full ReportGoogle's Secure AI Framework (SAIF)Secure By DesignSecure By DefaultBioPhil Venables is the Chief Information Security Officer for Google Cloud. Prior to Google, he spent 20 years at Goldman Sachs as CISO and Chief Operational Risk Officer, establishing the firm as a cybersecurity leader. Venables co-led the President's Council report on enhancing cyber-physical resilience of critical infrastructure, recommending a national infrastructure observatory. He has co-founded multiple financial sector cybersecurity initiatives and served on boards for NIST, NYU, NSA, and others. Widely recognized for his leadership, Venables has received the RSA Conference Award, FS-ISAC Critical Infrastructure Award, and other top honors. With over 25 years of cross-disciplinary experience across finance, technology and risk management, he brings a unique perspective to Google Cloud's security efforts.

In this episode of Cyber Focus Frank Cilluffo and Matt Hayden discuss the intricate challenges posed by cyber threats and the role of organizations like CISA in coordinating defense efforts. They discuss the influence of emerging technologies such as AI and quantum computing, the impact of emerging technologies on defenses, and the zero trust security model to enhance resilience.Main Topics CoveredCritical infrastructure threats and vulnerabilitiesLiving off the land techniques used by attackersDeterrence strategies and creating playbooks for different threat actorsRole of innovation and emerging technologies like AI, quantum, 5G/6GConvergence of physical and cyber securityZero trust security modelImportance of resilience in critical infrastructureQuotes"You come after a critical infrastructure within our domestic space, it points back to you. We're going to have a conversation you're not going to like." - Matt Hayden on deterring attacks on critical infrastructure."Resilience means you have the ability to re-stand up infrastructure service to really work with your network and your users to where you still have the ability to operate." - Matt Hayden defining resilience."We would have the traditional sanctions methods...but it wasn't something that really imposed cost. And so looking at that model now, there is the need for playbooks that are strategic for each bad actor." - Matt Hayden on needing tailored deterrence strategies.“You're saying I'll let you get away with X? Yeah, but not Y…  And as [the bad actors] get worse, the deterrent gets stronger. You have to gradient [deterrence].” - Matt Hayden on deterrence gradient.“The strength of America is that people want to be here for all the challenges you have. People would rather live here than anywhere else.” - Matt Hayden on American innovation being a strength.Resources MentionedNational Security Memorandum 22BioMatt Hayden is a cybersecurity executive with over 20 years of experience spanning both the public and private sectors. He currently serves as VP for Cyber and emerging technology at CyIQ, fostering industry partnerships and driving growth strategies. Previously, Hayden held senior leadership roles at DHS, including serving as the Assistant Secretary for Cyber, Infrastructure, Risk, and Resilience Policy. In this position, he led policy development efforts focused on reducing national risks to critical infrastructure cybersecurity, federal networks, and comparing cybercrime. Hayden also served as a senior advisor with DHS’s Cybersecurity and Infrastructure Security Agency and its Office of Partnership and Engagement. He is a Senior Fellow at the McCrary Institute.

Flashpoint CEO Josh Lefkowitz joins us for a fascinating talk about how 9/11 changed the trajectory of his career, the impact of Telegram worldwide and how A.I. is making human analysts better.

On location at the RSA Conference 2024, we talk to Alison King and Elisa Costante about the National Security Memorandum on Critical Infrastructure Security and Resilience, the 2024 Report on Cybersecurity Posture of the United States, and creating opportunities for women in cyber.

In this episode Frank Cilluffo sits down with Anjana Rajan, the assistant national cyber director for technology security at the Office of the National Cyber Director in the White House. Their discussion sheds light on the challenges and complexities of reshaping the cybersecurity landscape with better buildings blocks.  Together, they the White House's call for broader use of memory safe programming languages, and how her office is working with the private sector to find ways to eliminate entire categories of cyber vulnerabilities. ONCD Report - Back to the Building Blocks: A Path Toward Secure and Measurable Software

Gavin Wilde helped create  the formal U.S. assessment of Russia's foreign influence campaigns in 2016 and 2020. Now a Senior Fellow at the Carnegie Endowment for International Peace, he's asking whether the drive to thwart those efforts in damaging our democracy. In today's episode, Gavin shares with Frank Cilluffo why he is pushing back on assumptions about those campaigns, and the real dangers of believing they are effective. https://tnsr.org/2024/03/from-panic-to-policy-the-limits-of-foreign-propaganda-and-the-foundations-of-an-effective-response/https://carnegieendowment.org/experts/2183

The National Institute of Standards and Technology (NIST) recently updated its widely used Cybersecurity Framework. Cheri Pascoe, Director of the National Cybersecurity Center of Excellence (NCCoE), joins us for this episode to talk about the new 2.0 edition of the framework, and why it's better equipped to respond to the current challenges cybersecurity professionals face. Find the CSF 2.0 here.

As an investigative cyber reporter for Reuters, Chris Bing spends his days uncovering the facts behind the world's biggest cyber stories. In this episode he shares with Frank what it's like to break news on cyber criminal activities, including the ransomware attack on Change Healthcare wrecking havoc on the industry's payment processes. Chris also shares insights into how governments are cracking down. https://www.reuters.com/authors/christopher-bing/

On this week's Cyber focus, Frank Cilluffo interviews Mark Montgomery, the Executive Director of the Cyberspace Solarium Commission. They address the commission's history and role in shaping U.S. cybersecurity policies. They also outline unfinished business in the field, and explore the challenges posed by China and TikTok.

As Director General of the Israeli National Cyber Directorate, Yigal Unna oversaw every aspect of Israel's cyber defenses. In this episode he shares with Frank what he thinks of the international threat landscape, the growth of private cyber defense start-ups, and his advice for a restructured approach to U.S. cyber organizations.

As the former Director of the National Counterintelligence and Security Center (NCSC) Bill Evanina led the U.S. efforts to block and disrupt foreign espionage from advisories like China. On this week’s episode, he shares insights into the shape of those operations, and what should be happening now to stay ahead of the actions China is taking now.

On this week's episode, Chris Krebs shares insights into the current highs and lows of the cybersecurity world. He looks back on his years of public service, the performance of those that followed him after his departure from CISA in 2020, and gives advice to those managing risks inside the private sector.

George Barnes worked inside the National Security Agency for 35 years. Before retiring last year, he served as the agency's Deputy Director and most senior civilian leader. In this week's episode, George shares what led the NSA to leave behind the complete secrecy of the past, and embrace a more open posture with the American people. He also lays out his vision for improving the country's cyber security.

Dmitri Alperovitch, co-founder of CrowdStrike and Silverado Policy Accelerator, and the Washington Post's Ellen Nakashima join Frank Cilluffo for an engaging discussion of how to keep cyber threats in the proper global perspective. They both share insights into the current conflicts in Ukraine and Gaza, and the potential for future conflict over Taiwan.

In this episode, host Frank Cilluffo talks with Mike D'Ambrosio of the unexpected ways the Secret Service shapes how the U.S. fights against cybercrime.

Cyber Focus is where we explore the people and ideas shaping and protecting our digital world. In this episode host Frank Cilluffo speaks with Tom Fanning, the now retired CEO of The Southern Company. The two discuss the best ways private businesses need to approve their digital security, and why company leaders are too often missing the mark.

In this episode Frank Cilluffo speaks with Politico's Maggie Miller, about her recent reporting on China, and Iran. Maggie's recent reporting: On Chinese threats to Guam: https://subscriber.politicopro.com/article/2024/02/guam-facing-continuous-cyber-threats-from-china-delegate-says-00140433On threats to US critical water utilities: https://www.politico.com/news/2023/11/28/federal-government-investigating-multiple-hacks-of-us-water-utilities-00128977  On telecom connectivity in Gaza: https://www.politico.com/news/2024/01/17/biden-israel-gaza-internet-blackout-00136194On breaches at the State Department: https://www.politico.com/news/2023/09/15/digital-tripwire-helped-state-uncover-chinese-hack-00115973

Cyber Focus is where we explore the people and ideas shaping and protecting our digital world. In this episode host Frank Cilluffo talks with Melissa Hathaway, a former presidential advisor, and leading voice on US cyber policy. She shares the ways she believes the country has lost ground in its pursuit of cybersecurity, and what steps need to be taken to get back on track.