McCrary Institute for Cyber & Critical Infrastructure Security
Harnessing America’s cyber experts to safeguard our nation.
Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security seeks practical solutions to real-world problems, underpinned by research and scholarship. Founded in 2015 through a generous donation from the Alabama Power Foundation in honor of its retiring CEO and Auburn alumnus Charles D. McCrary, the Institute fuses theory with practice, and policy with technology, to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
The McCrary Institute is a nonpartisan think tank located at Auburn University, and is the leading group of public/private sector cyber experts providing unique end-to-end cyber capabilities from R&D, cybersecurity education/training, policy-relevant analysis, to future technology research.
As a top-tier research university, designated a Carnegie R1 institution, over 200 of Auburn’s on-campus faculty members conduct defense, cyber, and homeland security research for the Department of Defense, NASA, and other federal agencies.
Cyber Focus Podcast
Overview: In this episode, host Frank Cilluffo sits down with Cheri Caddy, former Deputy Assistant National Cyber Director at the White House and senior technical advisor at the Department of Energy. They discuss the cybersecurity challenges surrounding connected vehicles, examining how modern cars are effectively "computers on wheels" and the broader implications for privacy, data security, and national security. Cheri highlights the convergence of IT and OT systems in vehicles, the need for cyber-informed engineering, and the importance of regulatory harmonization in addressing these challenges.
Main Topics Covered:
- Convergence of IT/OT systems in connected vehicles
- Cybersecurity and privacy risks of modern cars
- Global supply chain implications for vehicle data security
- Regulatory harmonization across sectors impacting connected vehicles
- Future of automation and autonomous vehicles in the cybersecurity landscape
- Managing cybersecurity at an enterprise level for government and corporate vehicle fleets
Key Quotes:
"Your car has always been something in your environment, but now it's a computer. It's software-defined, and you have to treat it with all of the cyber implications of being a computer." – Cheri Caddy
"There's no cyber problem that's a single sector anymore." – Cheri Caddy
"Vehicles are giant sensor platforms recording everything. What are the security implications of taking a connected vehicle on to a sensitive facility? ...I think that is very much an open question.– Cheri Caddy
"We need to get [vehicle engineers] to think about cybersecurity at the design phase. Because dealing with bolting on cyber after the fact is, is just not practical.– Cheri Caddy
This is just such an interesting area of converging, of all of the exciting cyber things, from supply chain to applied machine learning to data standards and integration. – Cheri Caddy
Relevant Links:
National Cyber Informed Engineering Strategy
Information on vehicle data privacy and cybersecurity from the National Highway Traffic Safety Administration (NHTSA)
- https://www.nhtsa.gov/research/vehicle-cybersecurity
- https://www.nhtsa.gov/press-releases/nhtsa-updates-cybersecurity-best-practices-new-vehicles
Guest Bio: Cheri Caddy is a cybersecurity leader with over 30 years of experience in national security, intelligence, and technical advisory roles. She has served as the Deputy Assistant National Cyber Director at the White House, as well as a senior advisor at the Department of Energy. Caddy's expertise lies in bridging policy and technical innovation, particularly in IT/OT convergence and secure-by-design engineering for critical infrastructure.
Listen: Episode 47
In this episode of Cyber Focus, host Frank Cilluffo interviews Kiersten Todt, president of Wondros, a creative firm focused on social and policy change. Todt, who previously served as Chief of Staff at the Cybersecurity and Infrastructure Security Agency (CISA) and as a senior advisor on the Senate Homeland Security Committee, shares insights on the challenges and advancements in cybersecurity workforce development, public-private collaboration, and the critical role of community involvement in cybersecurity initiatives.
Main Topics Covered:
- Cybersecurity workforce development, with a focus on neurodiversity and inclusivity
- Public-private partnerships and CISA's role in regional engagement
- The importance of community-level cybersecurity initiatives
- Cybersecurity supply chain issues and the need for inclusive small business support
- Cybersecurity awareness through campaigns, education, and human-centered design
Key Quotes:
"I think we as a nation will be so much better if we create inclusive workforces that represent and acknowledge and honor the aptitudes of individuals that we may not define as being... typical." – Kiersten Todt
"If we're truly looking at securing [critical infrastructure sectors], we have to look with a cross-sector approach." – Kiersten Todt
"[Cyber incident response] starts in the community, it starts at the local level. And so being able to engage those individuals is critical." – Kiersten Todt
"The applied side is what attracts most of these kids [to cybersecurity]. It's not sitting behind a computer and just the zeros and ones. It's actually seeing the fruit of their work and actually getting involved." - Frank Cilluffo
"Creating more of an activist culture in cybersecurity, as well as some of these other issues, really helps to turn the tide and to create change." – Kiersten Todt
Relevant Links and Resources:
Guest Bio: Kiersten Todt is the president of Wondros, a firm dedicated to social and policy change. She previously served as Chief of Staff at CISA and has held senior advisory roles on the Senate Homeland Security Committee. Her work focuses on building inclusive cybersecurity solutions, workforce development, and fostering partnerships across public and private sectors.
Listen: Episode 46
In this episode of Cyber Focus, host Frank Cilluffo interviews Patrick Wright, the Chief Information Security Officer and Chief Privacy Officer for the State of Nebraska. The discussion centers around the challenges and opportunities of implementing artificial intelligence (AI) and cybersecurity strategies at the state and local levels. Patrick shares insights on leveraging AI to bolster cybersecurity, managing privacy implications, and building strategic public-private partnerships. The conversation also highlights initiatives like Cyber Tatanka, a unique cybersecurity exercise involving military, government, and private entities, and addresses the importance of cooperation with federal agencies.
Main Topics Covered:
- State-level implementation of AI and its role in improving government services
- Leveraging AI for cybersecurity: challenges, use cases, and privacy considerations
- Cyber Tatanka: A collaborative cybersecurity exercise with the National Guard
- Strategic partnerships with private sector and federal agencies
- Resource allocation and logistical challenges in disaster management using AI
Key Quotes:
"We're leveraging cybersecurity and AI to bolster our defenses against the national and global threats that we face." – Patrick Wright
"We can talk about cyber security from a strategic perspective all day long... But where the rubber meets the road is in providing the the critical capabilities for cyber down to the SLT level." – Patrick Wright
"Being proactive in not only what we're doing from a cybersecurity awareness perspective, but from an emerging technology perspective, from a policy perspective, from a best practices perspective." – Patrick Wright
"When you start talking about targeting the power grid, not only are you disrupting power supply generation for constituents across the state or region, but you're also, impacting power for other critical infrastructure like like health care and banking." – Patrick Wright
"We tend to look at the world through our boxes and org charts. The bad guys don't. They act. In fact, they very intentionally exploit the seams in our defenses. – Frank Cilluffo
Relevant Links and Resources:
National Association of State Technology Directors (NASTD)
NASTD AI Survey
Multi-State Information Sharing and Analysis Center (MS-ISAC)
Guest Bio: Patrick Wright is Nebraska’s Chief Information Security and Privacy Officer, responsible for statewide cybersecurity initiatives, incident response, and compliance. With experience in both public and private sectors, he holds degrees in IT and public policy, and chairs multiple cybersecurity committees. He also serves on CIS’s Multi-State Information Sharing and Analysis Center Executive Committee (MS-ISAC).
Recent News
Applied Research, Development, & Commercialization
The McCrary Institute’s experts work to safeguard America as an applied research, development, and commercialization partner supporting government, military, national labs and industry clients. We focus our work on critical infrastructure sectors including energy & water, space & defense, transportation, rural industries, and more. By leveraging a world class Southeast Cybersecurity Operations Center and classified labs, we help solve some of America’s greatest threats and challenges.
Research Focus