Cyber Focus

In this special Cyber Focus episode recorded at Black Hat 2025, host Frank Cilluffo sits down with two senior leaders from the Cybersecurity and Infrastructure Security Agency (CISA): Chris Butera, a more than decade-long CISA veteran currently serving as Acting Director of the Cybersecurity Division, and Bob Costello, the agency’s Chief Information Officer. They discuss how CISA is adapting its mission in the face of evolving threats, budget pressures, and leadership changes, while maintaining a rapid operational tempo. Topics include the agency’s fast-turn vulnerability response through the Known Exploited Vulnerabilities (KEV) catalog, expansion and quality focus of the Common Vulnerabilities and Exposures (CVE) program, and the push to strengthen operational technology (OT) security. The conversation also explores resilience strategies like CISA’s new eviction tool, deepening public-private operational collaboration, securing supply chains, and the importance of reauthorizing the Cybersecurity and Information Sharing Act. Main Topics Covered CISA’s mission, workforce, and adapting to leadership and budget changes Rapid vulnerability response and the Known Exploited Vulnerabilities (KEV) catalog Threat landscape, including nation-state actors and OT security Operational collaboration with industry, JCDC, and new IT platforms CVE program growth and automation for vulnerability management Resilience strategies, eviction tool, and micro-segmentation Supply chain security and Secure by Demand guidance SLTT cybersecurity grants and field support Importance of reauthorizing the Cybersecurity and Information Sharing Act (2015) Key Quotes: “I'm really honored to work with some of the most experienced cyber professionals I think that exists anywhere in the world… We're seeing people step up into new roles, leadership positions, work on new technical projects that maybe they weren't before. And we're just hitting grand slams every day.” – Bob Costello “[I ask organizations] ‘How can you continue your mission without access to some of your critical systems? Whether these are your billing systems, your IT systems, your even just access to the Internet.’ And I think a lot of organizations don't have those kind of plans in place or can't function in those cases.” – Chris Butera “One of the things that we are trying to do every single day is remove some of those OT systems from the Internet. That is a very critical step that we think that there are very few business cases where you should have an OT system connected directly to the Internet.” – Chris Butera “We absolutely support reauthorization of [CISA 2015 authorities]… collaboration is what we're all about. We talk about cyber being a team sport and this helps make all the teams play a lot better together.” – Bob Costello “I think we all need to think about [supply chains] a lot differently. And it's across the board, whether it's open source, closed source, or hardware, everything is kind of linked together, and often we don't know where those linkages are.” – Bob Costello Relevant Links and Resources: CISA Known Exploited Vulnerabilities Catalog Black Hat 2025 Guest Bios: Chris Butera is Associate Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), where he oversees operational efforts to protect the nation’s critical infrastructure from cyber threats. Bob Costello is Chief Information Officer at CISA, leading the agency’s enterprise IT systems, collaboration platforms, and secure information-sharing initiatives with public and private sector partners.

Forescout CEO Barry Mainz joins host Frank Cilluffo to unpack the evolving cybersecurity threat landscape—from nation-state hacktivism to post-quantum vulnerabilities. Mainz highlights how adversaries are leveraging crowdsourced expertise and agentic AI to target critical infrastructure, especially operational technology (OT) systems in sectors like water, energy, and healthcare. The conversation explores Forescout's research on hacktivist proxy groups, the growing danger posed by embedded and aging devices, and the urgency of preparing for post-quantum cryptographic threats. Mainz emphasizes the need for visibility, containment, and cultural alignment between IT and OT security teams to build genuine resilience in both the public and private sectors. Main Topics Covered: • Hacktivist proxy campaigns and nation-state coordination • Vulnerabilities in critical infrastructure, especially water and energy • Embedded devices and the rise of OT-targeted malware • The looming impact of quantum computing and agentic AI on encryption • Cultural and structural barriers between IT and OT security teams • Practical steps toward building resilience and post-quantum readiness Key Quotes: “Nation state bad actors were using multiple hacktivism groups like an open source… crowdsourced to solve problems… It’s not 10 people sitting in a room somewhere, it could be up to several thousand.” – Barry Mainz “You can’t secure stuff you don’t see. So it’s really about… asset visibility.” – Barry Mainz “If your cyber vendor doesn’t have quantum-safe technology built in, it’s a problem.” – Barry Mainz “The culture is ‘Hey, I'm in OT, stay out of my business. I'm in IT, stay out of my business.’ And I think this lack of ‘Hey, let's go and take an approach together’ is missing.” – Barry Mainz “Every one of the times we've engaged with a large corporation and they had an issue, it was costing them way more than if they would have just bought the [necessary technology protections] up front.” – Barry Mainz Relevant Links and Resources: Forescout’s Vedere Labs The Rise of State-Sponsored Hacktivism  Forescout Quantum-Safe Solutions Guest Bio: Barry Mainz is the Chief Executive Officer of Forescout Technologies, where he leads the company’s mission to secure the world’s most critical assets across IT, OT, IoT, and medical device environments. Appointed CEO in early 2023, Mainz brought more than 25 years of executive leadership experience across infrastructure software and cybersecurity, including roles as CEO of MobileIron and President of Wind River Systems, a division of Intel.

In this special crossover edition of Cyber Focus and the Power Podcast, host Frank Cilluffo sits down with Aaron Larson to explore the evolving intersection of energy innovation and cybersecurity. From breakthroughs in small modular reactors and geothermal technologies to the power demands of AI and electric vehicles, they examine how the U.S. grid is being reshaped by both opportunity and threat. Larson draws on his background in nuclear power and conversations with top industry leaders to highlight the promise of emerging energy sources—and the urgent need to bake in security from the start. Together, they underscore the stakes of keeping U.S. energy infrastructure resilient in the face of growing cyber threats and global competition. Main Topics Covered: The transformation of the U.S. power grid from centralized plants to distributed energy resources The impact of AI, data centers, and EVs on electricity demand Innovations in nuclear energy, including SMRs, fusion, and microreactors State-level leadership in clean energy development and workforce transition The need for stronger cybersecurity awareness and integration across the energy sector Strategic competition with China in advanced energy technologies Key Quotes: "We can't [be AI dominant] if we're not energy dominant. The two are inextricably interwoven." — Frank Cilluffo "The nuclear industry will never compromise on safety... because they know any accident at one facility is an accident at all facilities" — Aaron Larson "Volt Typhoon... literally did the cyber equivalent of preparation of the battlefield, where they own that infrastructure and can turn it on or off to meet their needs." — Frank Cilluffo "People know [Cybersecurity] is important...They just don't always think it's their responsibility." — Aaron Larson Guest Bio: Aaron Larson is the Executive Editor of POWER magazine, a team he joined in 2013. Aaron has a bachelor’s degree in nuclear engineering technology and a master’s degree, specializing in finance. He spent 13 years in the U.S. Navy nuclear power program, advancing to Chief Petty Officer. He has worked at commercial nuclear, biomass, and coal-fired power plants, functioning in operations, maintenance, safety, financial, and management capacities.

Richard Horne, CEO of the United Kingdom’s National Cyber Security Centre (NCSC), joins host Frank Cilluffo to explore how the UK is strengthening cyber resilience across critical infrastructure, private industry, and international partnerships. Drawing from his experience in both government and the private sector, Horne outlines NCSC’s approach to tackling advanced threats, closing resilience gaps, and collaborating with allies on systemic cyber defense. The conversation spans ransomware, AI, supply chain risk, quantum cryptography, and how organizations—large and small—can better prepare for disruption. Horne emphasizes the growing complexity of the digital threat landscape and urges a pragmatic, contest-oriented mindset to keep pace. Main Topics Covered: The mission and structure of the UK’s National Cyber Security Centre (NCSC) Cyber resilience through exposure, defenses, and consequence management Gaps in critical infrastructure protection and supply chain vulnerabilities Use of AI and automation in both defense and attack International collaboration and the importance of Five Eyes partnerships Quantum computing and the need to prepare cryptography for post-quantum threats Key Quotes:  “AI is almost like… when we moved from wooden [tennis] rackets to composite rackets. Was that an advantage? It was an advantage to both sides. [...] If you stick with a wooden racket, then ultimately you're going to be overcome.” — Richard Horne “We see many cyber attacks exploiting zero-day vulnerabilities that frankly shouldn't be there. And the quality of code that we have in our hardware, software… is a big issue.” — Richard Horne “In the world we're in, we all need to recognize we have a responsibility for cyber security for ourselves and for others.” — Richard Horne “The relationship with the U.S. and the Five Eyes really does underpin especially our understanding of the most advanced threat.” — Richard Horne “You'll often see sort of ransomware attacks against some small company you've never heard of and then potential front page impact the next day.” — Richard Horne Related Links:  UK National Cyber Security Centre (NCSC) NCSC Cyber Essentials Program Guest Bio: Richard Horne has served as CEO of the UK’s National Cyber Security Centre since October 2024. Prior to that, he was a Cyber Security Partner at PwC UK, where he advised global leaders on cyber risk strategy and led responses to major incidents—including the 2021 ransomware attack on Ireland’s health service. He previously led cyber risk management at Barclays and played a key role in developing the UK’s first national cyber security plan during a stint with the Cabinet Office. Richard holds a PhD in Mathematics and has represented the UK in cybersecurity forums at the OECD, European Commission, and ISO.

Kristina Walter, Director of the NSA’s Cybersecurity Collaboration Center, joins Frank Cilluffo to explain how the NSA is building trusted partnerships with private industry to counter advanced cyber threats. Walter shares how collaborative work with defense contractors and tech providers has helped uncover zero-day vulnerabilities, block billions of malicious domains, and expose Chinese operations like Volt Typhoon. She also discusses the role of AI in cyber defense, the race to prepare for quantum computing, and why resilience—not perfection—is the new benchmark for critical infrastructure protection. Main Topics Covered Origins and mission of the Cybersecurity Collaboration Center Building trust and scaling public-private partnerships Tracking Chinese cyber campaigns and zero-day vulnerabilities NSA’s protective DNS service and pre-ransomware defense AI’s role in threat detection and emerging attack surfaces Post-quantum cryptography and upgrading national systems Workforce development and government-industry collaboration Key Quotes “That service has about 1200 companies enrolled in it today. And it's blocked 4 billion malicious domains… 500 million of them are NSA unique domains.” – Kristina Walter “You can't surge trust in a crisis. We have found that having that established relationship meant that when something did go wrong for some of these companies, they knew who to turn to, and how to work with us, and how we would protect the information they gave us”. – Kristina Walter “We found it in about two weeks of the start of exploitation and were able to get out the hunting and the detections while the patch was being worked so that we could do it all together and try to remediate the threat.” – Kristina Walter “Our focus was… how do we work with interagency partners and industry to expose this trade craft of living off the land… and really unleash the cybersecurity community in the United States to find it and eradicate it on the US Government's behalf.” – Kristina Walter “When we talk about a cryptologically relevant quantum computer, it's really [a question of] when, not if… So what we're really focused on is how do we upgrade all of the cryptographic inventory of the United States and national security systems to be quantum resistant.” – Kristina Walter  Relevant Links and Resources NSA Cybersecurity Collaboration Center NSA AI Security Center NIST Post-Quantum Cryptography Project Guest Bio Kristina Walter is Director of the NSA’s Cybersecurity Collaboration Center, where she leads efforts to partner with private industry in defense of U.S. national security systems. A founding member of the center, Walter brings deep experience from her work in both operational cybersecurity and workforce development at NSA. She also oversees the NSA’s AI Security Center, advancing the secure development of artificial intelligence technologies while safeguarding U.S. innovation from foreign adversaries.

In this episode of Cyber Focus, Frank Cilluffo sits down with Jonathan Braley, Director of the Food and Agriculture Information Sharing and Analysis Center (Food and Ag-ISAC), to explore the growing cybersecurity threats facing the U.S. food and agriculture sector. They examine the integration of operational technology (OT), the rise in ransomware attacks on farms and food producers, and the fragile nature of supply chain cybersecurity. Braley highlights why even small farms are increasingly targeted and how awareness, threat intelligence sharing, and proactive cyber defense strategies are essential. The discussion also touches on the geopolitical dimensions of agricultural cybersecurity, with examples from Ukraine, Israel, and China. Main Topics Covered: • Why cybersecurity threats matter in the agriculture and food production sector • The risks posed by operational technology (OT) and GPS disruption in precision agriculture • The impact of ransomware attacks on small farms and supply chain resilience • Emerging cyber threats tied to foreign adversaries, disinformation, and intellectual property theft • New technologies in agriculture: AI tools, drones, and autonomous farming systems • The importance of cyber threat intelligence sharing and public-private collaboration in agriculture Key Quotes: “Historically we all have this picture of a farm in our heads with the manual tractors and people out on the fields. But there's a lot of technology now baked into the food and agriculture sector.” – Jonathan Braley “If we’re relying on our precision agriculture without a backup plan, when [GPS] goes down, it's not going to be a good situation for us.” – Jonathan Braley “Anywhere along that [supply] line, one of those companies has a cyber incident—it's going to impact everybody.” – Jonathan Braley “The ransomware group seemed to have an understanding of the nature of food and ag, and they hit them when it was most impactful [during peak planting and harvesting season].” – Jonathan Braley “The more we can share with each other [across government and industry], I think we have a better chance of protecting ourselves.” – Jonathan Braley Relevant Links and Resources: • Food and Ag-ISAC: https://www.foodandag-isac.org/ •  Cybersecurity Information Sharing Act of 2015 (CISA) Guest Bio: Jonathan Braley is the Director of the Food and Ag-ISAC, a key hub for cybersecurity information sharing across the food and agriculture sector. He also serves as Director of Threat Intelligence at the IT-ISAC, where he supports some of the world’s leading technology companies. Braley’s work focuses on improving cyber resilience in agriculture, helping farms, suppliers, and food producers detect and defend against ransomware, OT threats, and supply chain vulnerabilities.

In this special Independence Day episode of Cyber Focus, we bring together highlights from three influential House leaders shaping U.S. cyber policy: Chairman Mark Green (Homeland Security), Chairman Mike Rogers (Armed Services), and Chairman Rick Crawford (Intelligence). From digital warfare and offensive cyber capabilities to workforce development and interagency reform, this episode offers a rare look into how Congress is working to strengthen national security in the digital age. Listen to their full interviews: • Rick Crawford – We Are in a State of Digital Warfare https://mccraryinstitute.com/podcast/cyber-focus/76/we-are-in-a-state-of-digital-warfar/ • Mike Rogers – Cyber, Space, and the Future of Warfare https://mccraryinstitute.com/podcast/cyber-focus/64/cyber-space-and-the-future-of-warfa/ • Mark Green – Bridging the Cybersecurity Gap https://mccraryinstitute.com/podcast/cyber-focus/9/bridging-the-cybersecurity-gap-cong/

In this urgent episode of Cyber Focus recorded June 24, 2025, host Frank Cilluffo speaks with retired General Frank McKenzie, former Commander of U.S. Central Command and Executive Director of the Global and National Security Institute at the University of South Florida. The discussion focuses on the unfolding crisis between Iran and Israel, recent U.S. military strikes on Iranian nuclear sites, and the fragile ceasefire now in place. McKenzie offers expert insight into the strategic weakness of Iran, the state of its proxy forces, and the growing threat of Iranian cyberattacks. They also examine how Russia and China are positioning themselves amid the turmoil, the state of U.S. missile defense systems, and what Americans should watch for when it comes to national and homeland security. Main Topics Covered: Iran’s weakened military and the strategic calculus behind the current ceasefire U.S. bunker-busting strikes and implications for Iran’s nuclear program The future of Iran’s proxy forces and risks of terrorism and radicalization China and Russia’s interests in the Middle East crisis Iran’s cyber threat posture and U.S. digital vulnerabilities Space-based missile defense and the future of homeland security strategy Key Quotes: “Iran badly needs a ceasefire. They need to stop the bombardment because they're losing.” — General Frank McKenzie (Ret.) “The fact of the matter is Iran has had poor luck operating in the United States… they're not adept at operating in this environment.” — General Frank McKenzie (Ret.) “I think self radicalization is probably more of a threat… than a highly organized Iranian attack in the United States or through one of their proxies. But you can't rule it out.” — General Frank McKenzie (Ret.) “They do have the ability to attack us here with cyber… they will go where we're weakest.” — General Frank McKenzie (Ret.) “If we want to defend the United States against attacks like this from intercontinental ballistic missiles, we're going to have to be prepared to put systems on orbit, persistent systems on orbit.” — General Frank McKenzie (Ret.) Relevant Links and Resources: Global and National Security Institute at the University of South Florida Cyber Florida – The Florida Center for Cybersecurity U.S. Central Command (CENTCOM) NTAS Bulletin – National Terrorism Advisory System Guest Bio: General Frank McKenzie (Ret.) is the Executive Director of the Global and National Security Institute at the University of South Florida and former Commander of U.S. Central Command (CENTCOM). A retired U.S. Marine Corps General, McKenzie brings decades of experience in Middle East operations, nuclear deterrence, and national security strategy. He is a leading voice on cybersecurity, defense policy, and military readiness in the face of global threats.

In this episode of Cyber Focus, host Frank Cilluffo sits down with Congressman Rick Crawford, Chairman of the House Permanent Select Committee on Intelligence. They explore the evolving cyber threat landscape—from Chinese infiltration of U.S. supply chains to the rise of paramilitary cartels leveraging advanced digital tools. Crawford shares his perspective on offensive cyber capabilities, domestic counterintelligence reform, and efforts to close legislative blind spots through inter-committee collaboration. The conversation also covers critical infrastructure vulnerabilities, agricultural data security, and the strategic role of open-source intelligence in modern national security. Main Topics Covered: China’s cyber-enabled influence operations in the Western Hemisphere The evolution of cartels into cyber-capable paramilitary organizations Counterintelligence gaps within the U.S. and the need for stronger domestic protections Hardware vulnerabilities in supply chains, agriculture, and freight logistics Debate over splitting NSA and U.S. Cyber Command leadership (“dual-hat” issue) Legislative focus on reauthorizing CISA and addressing liability protections for reporting The national security importance of open-source intelligence (OSINT) Key Quotes: “We are living in a state of digital warfare… As long as we continue to be in a defensive posture, this will continue to be a pervasive problem.” —Chairman Rick Crawford “[The cartels] have evolved into essentially a paramilitary organization… this is not the 1980s and they are very much a sophisticated adversary.” —Chairman Rick Crawford “It's [China’s] ability to seed critical infrastructure elements…that gives them a foray into our supply chain. That makes us very, very vulnerable.” —Chairman Rick Crawford “[Open source intelligence] comprises about 25% of the President's Daily Brief. That’s significant… but it doesn’t have the appropriate level of attention paid to it.” —Chairman Rick Crawford "We either need to be all in [on Cyber Command] as a combatant command and then stand it up and authorize it the way it should be, fund it appropriately and organize it appropriately, or we need to say we think the NSA can do this and make this sort of a subsidiary of the NSA." —Chairman Rick Crawford Relevant Links and Resources: ·       Learn more about Congressman Rick Crawford: https://crawford.house.gov ·       House Permanent Select Committee on Intelligence: https://intelligence.house.gov Guest Bio: Rep. Rick Crawford represents Arkansas’s First Congressional District and serves as Chairman of the House Permanent Select Committee on Intelligence. A former Army EOD technician, Crawford brings a national security lens to issues ranging from intelligence oversight and supply chain security to cyber threats in agriculture. He also serves on the Transportation and Infrastructure Committee and the Agriculture Committee, positioning him uniquely to address cybersecurity across critical infrastructure sectors.

In this episode of Cyber Focus, host Frank Cilluffo sits down with Mark Pomerleau, senior reporter for DefenseScoop, to discuss the evolving landscape of U.S. cyber operations and military doctrine. Pomerleau unpacks the ongoing debate over splitting NSA and U.S. Cyber Command, the rising role of offensive cyber capabilities, and what “Cybercom 2.0” might look like in practice. He also explores the integration of cyber, electronic warfare, and space as part of a new operational triad, and shares lessons learned from Ukraine that are reshaping U.S. strategy. Together, they examine whether U.S. deterrence efforts are keeping pace with adversaries—and what needs to change to meet tomorrow’s threats. Main Topics Covered: The origins and implications of the NSA-Cyber Command dual-hat debate Tactical cyber at the edge: how services are enabling cyber in battlefield operations The emerging cyber-electronic warfare-space triad Cybercom 2.0 and the effort to modernize doctrine, authorities, and force generation The limits of cyber deterrence and the need for a more assertive posture Key Quotes: “As a Title 50 intelligence organization, your goal is to not get caught… using that same infrastructure for military operations… can undermine that [intelligence] mission. And so Cyber Command has been working to really build up its own infrastructure, its own tools.” — Mark Pomerleau “The modern triad… really includes space, special operations forces and cyber. And the notion is that all of these together will be greater than the sum of their parts and be able to provide some really unique mission packages and capabilities for commanders.” — Mark Pomerleau “One of the big lessons that the Department of Defense came away with is that cyber does have a role to play in future conflict, but it's not the role that they necessarily thought it was a few years ago. And that cyber by itself likely isn't going to have the effect that they… initially thought it was.” — Mark Pomerleau “EW is going to be a huge enabler going forward… The faster commanders realize how to harness that and maneuver within that space, combine it with other effects like cyber and RF… we're really going to see that take off.” — Mark Pomerleau “Ultimately, those that are integrating [cyber and EW] into their warfighting strategy, doctrine, and practice are the ones that are going to dominate.” — Frank Cilluffo Relevant Links and Resources: Recent reporting by Mark Pomerleau on DefenseScoop  Coverage of the NSA–Cyber Command split  Guest Bio: Mark Pomerleau is a senior reporter for DefenseScoop, covering information warfare, cyber, electronic warfare, information operations, intelligence, and battlefield networks. With over a decade of experience, he is widely regarded as one of the most authoritative voices reporting on military cyber and EW strategy. His reporting regularly shapes the national conversation around U.S. cyber policy and defense modernization.

In this episode of Cyber Focus, host Frank Cilluffo sits down with Tory Bruno, President and CEO of United Launch Alliance (ULA), which is responsible for more than 90% of U.S. national security space launches. Bruno discusses the escalating threat landscape in space, the urgency of a layered missile defense architecture known as the "Golden Dome," and how adversaries like China may initiate future conflicts in orbit before any shots are fired on Earth. The conversation also explores the technological and policy components of space deterrence, Bruno’s insights from decades of leadership in strategic defense, and the role of directed energy in countering hypersonics. Main Topics Covered: ULA’s role in national security and heavy-lift launch capability The increasing likelihood that future conflicts with China will begin in space The case for a layered missile defense system, including THAAD and NGI Vulnerabilities in U.S. space infrastructure and economic dependence on orbit-based systems Directed energy as a solution to maneuvering hypersonic threats Policy priorities for the incoming administration Key Quotes: “A conflict like that on Earth will begin in space because China will see it as a means of leveling the playing field.” – Tory Bruno “[Space is now] a utility for our economy, everything and our society. Not having space would be like not having water, not having highways, not having transportation.” – Tory Bruno “[Space] isn’t a force multiplier. It is now absolutely essential for basic military operations.” – Tory Bruno “North Korea, Iran, Syria… there’s about a dozen countries that we now need to be concerned about. They would not necessarily be able to mount the volume of an attack that a China could. But… they might have some similar [counterspace] capabilities that in the past would have been really beyond their reach.” – Tory Bruno “Golden Dome is way overdue… When you’ve got a dozen countries that have a capability to put either a conventional or, God forbid, a weapon of mass destruction on your kids’ school, then only having a retaliatory deterrent is insufficient.” – Tory Bruno Relevant Links and Resources: ULA Official Website The Golden Dome: We Have the Tools to Build It Right Now – RealClearScience Hypersonic Missiles Are Just Misunderstood – Medium Guest Bio: Tory Bruno is President and CEO of United Launch Alliance (ULA), where he leads the country’s most experienced and reliable launch provider. Prior to ULA, he held senior roles at Lockheed Martin, including as Vice President of the THAAD missile program. With decades of experience in missile defense, strategic deterrence, and space systems, Bruno is a leading voice on the intersection of aerospace technology and national security.

Originally Released September 11, 2024 In this episode of Cyber Focus we’re revisiting the conversation Frank Cilluffo had last September with Robert M. Lee. Rob is the CEO and co-founder of Dragos, a leading firm in industrial control systems (ICS) and operational technology (OT) cybersecurity. Rob unpacks the real-world consequences of cyber-enabled threats to physical infrastructure, including attacks on water systems, energy grids, and manufacturing sites. He shares insights into advanced malware like PipeDream and Frosty Goop, explains the growing risk of scalable OT attacks, and highlights adversaries’ shifting tactics — from state-backed intrusions to criminal exploitation. The conversation also covers lessons from Ukraine, implications of Volt Typhoon, and the importance of visibility, public-private collaboration, and outcome-focused regulation in defending critical infrastructure. Main Topics Covered: What operational technology (OT) is — and how it differs from IT Why cyber-enabled threats to physical infrastructure are escalating Real-world case studies: Ukraine grid attacks, Saudi petrochemical facility, and U.S. water systems Dragos' findings on ICS malware: PipeDream, Frosty Goop, and Modbus TCP exploits Emerging adversary trends including Volt Typhoon and the shift to scalable, repeatable OT malware The state of public-private collaboration and challenges facing OT cybersecurity in the U.S. and globally Lessons from Singapore’s regulatory approach and what operators can do today Key Quotes: "[Operational technology] is all the stuff you have in IT, plus physics." – Robert M. Lee "These are cyber enabled attacks that can have physical consequences." – Frank Cilluffo "[PipeDream] is the first time we've seen ICS or OT malware that is repeatable, reusable, and scalable across industries. It works in everything from a servo motor on an unmanned aerial vehicle to a gas turbine." – Robert M. Lee "There was an attack in 2017 where an adversary broke into a petrochemical facility in Saudi Arabia explicitly to cause an event at a facility that would have killed people if they were successful." – Robert M. Lee "Right now in the operations technology community, we deal with low frequency, high consequence attacks. IT deals with high frequency, low consequence attacks. And if we start to see scale, we're going to start to see medium to then high frequency, high consequence attacks. We're not ready." – Robert M. Lee Relevant Links and Resources: Dragos FrostyGoop ICS Malware Intel Brief Chernovite and PipeDream Malware Overview CNN Opinion: Small-Town Water Systems Are Global Hacking Targets – Robert M. Lee Guest Bio: Rob Lee is the CEO and co-founder of Dragos, a cybersecurity company focused on protecting industrial control systems (ICS) and operational technology (OT). With a background in military and intelligence, Rob has worked at the National Security Agency (NSA) and U.S. Cyber Command. He has been instrumental in raising awareness about the vulnerabilities in critical infrastructure and the need for better OT cybersecurity. Rob is widely recognized as a leader in the field, advising government agencies and industry leaders on protecting essential services from cyberattacks.

In this episode of the Cyber Focus podcast, recorded on April 30 at the RSA Conference in San Francisco, host Frank Cilluffo sits down with Christian Beckner, Vice President of Retail Technology and Cybersecurity at the National Retail Federation. Beckner provides a wide-ranging look at how cybersecurity, fraud, and emerging technologies are reshaping the retail landscape. They discuss how threats have evolved over the past decade, the growing impact of third-party risk, and the rise of fraud tactics such as account takeovers and gift card abuse. Beckner also outlines NRF’s policy work on CIRCIA, the SEC cyber disclosure rule, and the organization’s efforts to build stronger cross-sector collaboration. The conversation offers both a strategic overview and practical insight into one of the nation’s most targeted and complex sectors. Main Topics Covered: The role of NRF and its focus on retail cybersecurity How threats to the sector have evolved over the past 7 years Growing concerns around third-party and vendor risk The surge in fraud, including account takeover and gift card abuse NRF’s development of a fraud taxonomy for the industry How AI is shaping both threats and defenses NRF’s cyber policy priorities and hopes for increased CISA engagement Long-term risks and opportunities for strengthening retail cybersecurity Key Quotes: “Retail is a huge part of the economy. It’s something that touches every person every day, and that’s what makes it such an important piece of the overall cybersecurity landscape.” — Christian Beckner “We’re seeing an increase in account takeover fraud, gift card fraud, return fraud… It’s often hard to draw the line between what’s a fraud issue and what’s a cyber issue.” — Christian Beckner “We’re building a taxonomy for fraud. And that’s critical, because right now, we’re all speaking different languages when we talk about these incidents.” — Christian Beckner Relevant Links and Resources: National Retail Federation (NRF) NRF Center for Digital Risk & Innovation Guest Bio: Christian Beckner is Vice President of Retail Technology and Cybersecurity at the National Retail Federation and Executive Director of NRF’s Center for Digital Risk & Innovation. He leads the association’s efforts on cybersecurity, fraud prevention, and emerging technologies. Before joining NRF, Beckner was Deputy Director of the Center for Cyber and Homeland Security at George Washington University and served in senior roles on the Senate Homeland Security and Governmental Affairs Committee. He holds degrees from Stanford University and Georgetown University.

In this special RSA Conference edition of Cyber Focus, host Frank Cilluffo sits down with Edgard Capdevielle, President and CEO of Nozomi Networks, to unpack the evolving landscape of operational technology (OT) cybersecurity. Together, they explore how digital transformation and the convergence of IT and OT are reshaping the threat environment for critical infrastructure. Capdevielle outlines the three major phases of the OT security market, reflects on the role of AI and legacy systems, and explains why visibility remains foundational to cybersecurity. The conversation also highlights the growing risk from nation-state actors, the breakdown of air gap assumptions, and the tangible steps owner-operators must take to build resilience. Main Topics Covered: Defining the three phases of OT cybersecurity market maturity The impact of digital transformation and IT/OT convergence Why visibility remains the top concern for infrastructure operators The role of AI in passive detection and firmware profiling Nation-state threats, air gap fallacies, and Volt Typhoon’s implications Practical steps for operators to improve risk visibility and resilience Key Quotes: “Digital transformation is a one-way street. We’re only going to automate more — automate everything — and IT and OT are only going to converge more.” — Edgard Capdevielle “You cannot protect what you can’t see. So having a layer of visibility is number one.” — Edgard Capdevielle “Air gapping has been our number one enemy because it’s not real… It’s brought a level of comfort that is not good for us.” — Edgard Capdevielle Relevant Links and Resources: Nozomi Networks Guest Bio: Edgard Capdevielle is President and CEO of Nozomi Networks, a global leader in OT and IoT cybersecurity. He has a background in computer science and more than two decades of experience in cybersecurity and enterprise technology. Prior to joining Nozomi in 2016, he held leadership roles at Imperva and EMC (including post-acquisition work with Data Domain) and has served as an investor and advisor to several successful startups in the security space.

In this episode of Cyber Focus, host Frank Cilluffo sits down with award-winning journalist Jason Plautz of Politico’s E&E News Energywire to explore the growing tension between artificial intelligence, energy demand, and infrastructure readiness. Plautz breaks down how AI-driven data centers are reshaping the U.S. power grid—and what state and federal leaders are doing in response. The conversation covers legislative efforts in Texas and Georgia, the controversial idea of “kill switches” for data centers, and major federal moves like the Stargate project and DOE’s push to site data centers on federal lands. Plautz also unpacks the Trump administration’s AI and energy strategy, and highlights how tech companies could accelerate innovation in nuclear, geothermal, and other clean energy sources. Main Topics Covered: Why AI is driving an unprecedented spike in electricity demand The strain data centers are placing on existing grid infrastructure How states like Texas and Georgia are responding with new legislation The feasibility and controversy around data center “kill switches” The Stargate project and the Trump administration’s AI-energy policy direction DOE’s plan to co-locate data centers and power sources on federal land Key Quotes:  “Some of these [data centers] have been compared to like mini malls. If you imagine a site that big running computers, imagine how much power that's going to need.” — Jason Plautz  “AI or data center use could triple by 2030 in the U.S. Right now it accounts for about 4% of the nation's electricity use. It would account for 12%.... the equivalent of 53 million households just running data centers. — Jason Plautz  “Lawmakers have said is they don't want a situation where the grid is strained and you have an entire block of houses without power, and across the street is a data center that's still humming.” — Jason Plautz  “This is really an opportunity, I think, to leap forward in some of the energy technology that’s been sitting dormant—because all of a sudden, you have deep pockets and a lot of interest.” — Jason Plautz  “We're seeing a lot more concern about what would happen if there were to be a cyberattack on the grid. What would that mean—and how can we build the grid without making it more vulnerable?” — Jason Plautz  “This is an economic competitiveness issue as well as a national security issue—and it’s a race neither we nor Beijing want to lose.” — Frank Cilluffo  Relevant Links and Resources:  “Artificial Intelligence's Thirst for Power Demands Greater Focus on Cybersecurity of the Energy Sector” by Frank Cilluffo https://www.powermag.com/artificial-intelligences-thirst-for-power-demands-greater-focus-on-cybersecurity-of-the-energy-sector/ "State lawmakers grapple with energy demand for data centers" by Jason Plautz https://www.eenews.net/articles/state-lawmakers-grapple-with-energy-demand-for-data-centers/ “Study finds headroom on the grid for data centers" by Jason Plautz https://www.eenews.net/articles/study-finds-headroom-on-the-grid-for-data-centers/ "Energy is AI’s barrier to entry. David Sacks knows it." by Jason Plautz https://www.eenews.net/articles/energy-is-ais-barrier-to-entry-david-sacks-knows-it/ "Chris Wright elaborates on DOE data center build-out, job cuts" by Jason Plautz https://www.eenews.net/articles/chris-wright-elaborates-on-doe-data-center-build-out-job-cuts/ Guest Bio: Jason Plautz is an award-winning journalist based in Denver, currently reporting for E&E News’ Energywire, where he covers electricity and the clean energy transition. He focuses on the intersection of environmental policy and politics, and his work has also appeared in Science, High Country News, and Ars Technica. A former reporter in Washington, D.C., Plautz was selected for the Scripps Fellowship in Environmental Journalism at the University of Colorado and brings experience in reporting, editing, and audio production.