McCrary Institute for Cyber & Critical Infrastructure Security

Harnessing America’s cyber experts to safeguard our nation.

 

Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security seeks practical solutions to real-world problems, underpinned by research and scholarship. Founded in 2015 through a generous donation from the Alabama Power Foundation in honor of its retiring CEO and Auburn alumnus Charles D. McCrary, the Institute fuses theory with practice, and policy with technology, to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.

The McCrary Institute is a nonpartisan think tank located at Auburn University, and is the leading group of public/private sector cyber experts providing unique end-to-end cyber capabilities from R&D, cybersecurity education/training, policy-relevant analysis, to future technology research.

As a top-tier research university, designated a Carnegie R1 institution, over 200 of Auburn’s on-campus faculty members conduct defense, cyber, and homeland security research for the Department of Defense, NASA, and other federal agencies.

Cyber Focus Podcast

In this episode of Cyber Focus, host Frank Cilluffo sits down with Sean Connelly, the Executive Director for Zero Trust Strategy and Policy at Zscaler, to delve into the origins, challenges, and best practices of zero trust architecture. Connelly shares insights from his extensive experience, including his time at the Cybersecurity and Infrastructure Security Agency (CISA), where he led significant zero trust initiatives. The conversation covers the evolution of cybersecurity strategies, the impact of technologies like cloud computing, and the ongoing challenges in implementing zero trust across federal agencies. Listeners will gain a deep understanding of why zero trust is critical in today’s cybersecurity landscape and how it is shaping the future of digital security.

Main Topics

·      Introduction to Zero Trust

·      Evolution of Zero Trust in Government

·      Impact of Cloud Computing and Modern Technologies

·      Implementation Challenges and Cultural Shifts

·      Future of Zero Trust and AI Integration

·      Closing Thoughts and the Importance of Federal Leadership

 

Key Quotes: 

“SolarWinds happened, and it really from a very high level all the way from the president downwards, everyone was asking how do we look at cybersecurity differently?”  – Sean Connelly

“The old perimeter security alone ain't going to cut it with the castles, the moats and any alligators or anything in between.” – Frank Cilluffo

“CISA has doubled down on secure by design, Department of Energy, Cyber informed engineering, where it's not just the cyber ninjas that need to understand security, but everyone else.” – Frank Cilluffo

“It takes a long time to build trust. Whether people or technology.” Frank Cilluffo

“Zero Trust is all about interoperability. Sharing telemetry, not only internally, but with new organizations.” – Sean Connelly

Guest Bio: 

Sean Connelly is the Executive Director for Zero Trust Strategy and Policy at Zscaler, where he leads the company’s efforts to advance zero trust architecture in both the public and private sectors. Before joining Zscaler, Sean spent over a decade at the Cybersecurity and Infrastructure Security Agency (CISA), where he played a pivotal role in developing and implementing zero trust strategies across federal agencies. His extensive experience in both technical and policy aspects of cybersecurity makes him a leading voice in the field.

Listen: Episode 35

In this episode of Cyber Focus, Frank Cilluffo chats with Charles DeBeck, a cyber threat intelligence expert from Google Cloud, about the latest insights from their Threat Horizons report. They explore how cyber threats are evolving, particularly in cloud environments, with a focus on issues like weak passwords and system misconfigurations that leave organizations vulnerable. Charles also shares how criminals are increasingly using cloud services for their attacks and discusses the growing role of artificial intelligence in both defending against and carrying out cyber threats.

Main Topics Covered:

  • Weak credentials and misconfigurations as top threats.
  • The role of cloud infrastructure in modern cyber threats.
  • Challenges and risks in serverless environments and hardcoded secrets.
  • The impact of AI on both defense and adversarial activities.
  • Outlook on the convergence of criminal and nation-state cyber activities.

Key Quotes:

  • “Year after year, we see threat actors using weak credentials or no credentials or default credential services to get initial access as one” - Charles DeBeck
  • “If you’re a threat actor and you break into a cloud environment you have access to a giant pool of resources that could be used for crypto mining. It’s the easiest way to turn illicit access into money. " - Charles DeBeck
  • “Ransomware is what is on everyone’s mind. It's one of the most significant and prolific transfers of wealth from legitimate organizations to criminal actors. - Charles DeBeck
  • We’re seeing the threat actors are really engaging in more because it’s a much more profitable endeavor for them and their seeing a lot more success in the overall marketplace. - Charles DeBeck
  • "Secure-by-default policies are critical, and they must be mandatory, not optional." - Charles DeBeck

Relevant Links

https://services.google.com/fh/files/misc/threat_horizons_report_h2_2024.pdf

Guest Bio:

Charles DeBeck is a Cyber Threat Intelligence Expert at Google Cloud. Charles brings over a decade of experience leading threat intelligence operations from the NSA, Deloitte and Touche and IBM. He strongly believes threat intelligence can help organizations make faster and more effective decisions.

Listen: Episode 34

In this episode, Frank Cilluffo interviews Dr. Marion Messmer, Senior Research Fellow at Chatham House, about the policy institute’s recent report on cybersecurity in the civil nuclear sector. They discuss the evolving threats to nuclear infrastructure, the impact of emerging technologies like small modular reactors, and the challenges of international legal frameworks. Dr. Messmer also highlights the importance of integrating cybersecurity into nuclear systems from the beginning.

Main Topics Covered:

  • Key threats to nuclear infrastructure in peacetime and conflict.
  • Notable cyberattacks on nuclear facilities and critical infrastructure.
  • Cybersecurity challenges posed by new technologies like small modular reactors.
  • The role of public-private partnerships and international law in improving cybersecurity.

Key Quotes: 

“There has been a rise of cybercriminals that like to target specifically critical national infrastructure, which nuclear power is for a lot of countries.” – Dr. Marion Messmer

“I think while we have got a lot better at thinking of the purposeful kinds of risks of something that we're not always thinking through, is where the inadvertent vulnerabilities might be coming from and how you can also protect from those kind of attacks.” – Dr. Marion Messmer

“I think that there is a risk here that specifically the cybersecurity side of things might not get enough attention because we've got a lot of regulation when it comes to the actual nuclear materials, but significantly less when it comes to the cybersecurity aspect.” – Dr. Marion Messmer

“Nuclear is almost treated in its own silo, which has great advantages, but it also misses out on opportunities and being part of the broader ecosystem in terms of awareness and partnerships” – Frank Cilluffo

“So much of the international system only works when you've got a consensus around it. And what we are unfortunately seeing at the moment is that consensus is breaking up or at the very least weakening quite significantly.” – Dr. Marion Messmer

Relevant Links and Resources:

https://www.chathamhouse.org/2024/07/cybersecurity-civil-nuclear-sector

https://www.iaea.org/topics/computer-and-information-security

Guest Bio: Dr. Marion Messmer is a Senior Research Fellow in the International Security Programme at Chatham House. She specializes in arms control, nuclear weapons policy, and Russia-NATO relations. Before joining Chatham House, Dr. Messmer served as Co-Director of BASIC (British American Security Information Council), where she led initiatives focused on nuclear risk reduction and disarmament. 

Listen: Episode 33

Recent News

Applied Research, Development, & Commercialization

The McCrary Institute’s experts work to safeguard America as an applied research, development, and commercialization partner supporting government, military, national labs and industry clients.  We focus our work on critical infrastructure sectors including energy & water, space & defense, transportation, rural industries, and more. By leveraging a world class Southeast Cybersecurity Operations Center and classified labs, we help solve some of America’s greatest threats and challenges.

Research Focus