McCrary Institute for Cyber & Critical Infrastructure Security
Harnessing America’s cyber experts to safeguard our nation.
Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security seeks practical solutions to real-world problems, underpinned by research and scholarship. Founded in 2015 through a generous donation from the Alabama Power Foundation in honor of its retiring CEO and Auburn alumnus Charles D. McCrary, the Institute fuses theory with practice, and policy with technology, to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
The McCrary Institute is a nonpartisan think tank located at Auburn University, and is the leading group of public/private sector cyber experts providing unique end-to-end cyber capabilities from R&D, cybersecurity education/training, policy-relevant analysis, to future technology research.
As a top-tier research university, designated a Carnegie R1 institution, over 200 of Auburn’s on-campus faculty members conduct defense, cyber, and homeland security research for the Department of Defense, NASA, and other federal agencies.
Cyber Focus Podcast
In this episode of Cyber Focus, host Frank Cilluffo discusses cybersecurity priorities for the incoming administration with Mark Montgomery, co-author and leader of the Cyber Solarium 2.0 Commission, and George Barnes, former deputy director of the NSA. They delve into the McCrary Institute's new presidential transition report that presents a strategic roadmap to maintain the progress achieved in cybersecurity. The report highlights eight lines of effort, ranging from regulatory harmonization and collaboration to building workforce capacity and securing emerging technologies, with the ultimate goal of safeguarding national security and economic resilience.
Main Topics Covered:
- The purpose and composition of the transition report
- Maintaining cybersecurity momentum across administrations
- Eight lines of effort to ensure cybersecurity continuity
- Unifying the regulatory landscape
- Synergy in cybersecurity protection
- Cost imposition and deterrence strategies
- Resiliency through proactive risk reduction
- Enhancing cyber statecraft and international collaboration
- Building workforce capacity and volunteer support
- Safeguarding critical and emerging technologies
- Ensuring continuity of the economy
Key Quotes:
“Irrespective of who wins the presidency in November, cybersecurity is going to be a priority and must be elevated.” – Frank Cilluffo
“The most important thing in Washington is momentum, and to have momentum, you have to have ideas.” – Mark Montgomery
"Cyber transcends the air, land, sea space and the reality is this has implications and impact much broader from a national security and economic security perspective." – Frank Cilluffo
"You can't just sit there and defend. You actually have to put pressure and cost and position in the other direction." – George Barnes
"The one thing [autocracies] can't do well is partner. They're very transactional and domineering, as we know. And so partnerships really matter." – George Barnes
“[We] need to first achieve regulatory harmonization. You can't continue to pile requirement on requirement on the private sector without first ensuring that you're not asking them to do the same thing in five different manners.” – Mark Montgomery
Related Links:
The full report:
https://eng.auburn.edu/mccrary/pttf/
Guest Bios:
- Mark Montgomery is the leader of the Cyber Solarium 2.0 Commission, focusing on strategies to improve national cybersecurity and protect critical infrastructure, and a senior fellow at the McCrary Institute.
- George Barnes is the former deputy director of the National Security Agency (NSA), a senior fellow at the McCrary Institute, and the Cyber Practice President and Partner at Red Cell Partners
In this episode of Cyber Focus, host Frank Cilluffo speaks with Ambassador Toby Feakin, Australia’s first Ambassador for Cyber Affairs and Critical Technologies. Feakin reflects on the evolving cyber threat landscape in the Asia-Pacific region, Australia's cybersecurity strategy, and its growing focus on balancing economic ties with China while addressing critical security risks. The conversation delves into Australia’s international partnerships, public attribution of cyber threats, and critical infrastructure protection. Feakin also shares insights into his role in spearheading Australia's cyber policy and the future of technological leadership in quantum computing, AI, and supply chain security.
Main Topics Covered:
- Australia’s evolving cybersecurity strategy and public attribution of threats like the Cloud Hopper incident
- The balance between economic ties with China and cybersecurity risks
- International partnerships with Five Eyes and regional players like South Korea and Japan
- Critical infrastructure protection, including undersea cables and cyber-kinetic threats
- The significance of China's pre-positioning cyberattacks
- Emerging technologies, including AI, quantum computing, and their impact on geopolitics
- Feakin’s role in shaping Australia’s cyber diplomacy and international engagement
Key Quotes:
"Something that Australia continually has to balance is this kind of multifaceted relationship with China... it's balancing the economic ties that you have with such a behemoth in the Asia-Pacific and globally, economically, alongside a growing understanding of security risk." - Toby Feakin
"[China's pre-positioning] absolutely should concern not just other governments, but it should concern industry because they are the guys... who own and operate a majority of infrastructure and they need to know clearly that's the level of threat they're dealing with." - Toby Feakin
"If you look at that tech convergence, you cannot afford to sit still for one second because it's all moving such a fast rate that even the developers themselves have no idea where this journey is ending up." - Toby Feakin
"[To safeguard supply chains] Australia in making much more rigorous assessments of not only where does the equipment come from, but where does the money flow from." - Toby Feakin
"Businesses need to feel comfortable in the chaos of trying out new technologies and creating right pockets of environments and business cases so that they can trial new tech and not be frightened of it." - Toby Feakin
Related Links:
- https://insights.sei.cmu.edu/blog/operation-cloud-hopper-case-study/
- https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
- https://www.iiss.org/publications/strategic-comments/2019/australia-huawei-and-5g/
Guest Bio:
Ambassador Tobias (Toby) Feakin served as Australia's inaugural Ambassador for Cyber Affairs and Critical Technologies. He was responsible for shaping Australia's international cyber engagement strategy and has been instrumental in fostering partnerships across the Asia-Pacific. Feakin has played a crucial role in Australia's public attribution of cyber threats and has been a key advocate for balancing technological innovation with security risks.
In this episode of Cyber Focus, host Frank Cilluffo talks with Bob Kolasky, Senior Vice President at Exeter and former head of the National Risk Management Center at CISA. The conversation covers key topics related to supply chain risk, security, and national defense. Bob provides insights into the evolving threats within supply chains, especially those linked to cybersecurity and critical infrastructure. He also touches on legislative efforts and the role of public-private partnerships in mitigating risks from foreign actors, particularly focusing on concerns regarding Chinese companies like DJI and Huawei.
Main Topics Covered:
- The hybrid nature of supply chain threats and their intersection with cybersecurity
- Notable supply chain attacks like SolarWinds and the role of software vulnerabilities
- The rise of Chinese technology companies, especially DJI, in U.S. supply chains
- Legislative responses to supply chain risks, including the China Select Committee
- Critical infrastructure sectors and the importance of visibility and resilience in supply chains
- The need for secure alternatives to foreign technologies, particularly in drones and communication systems
- Public-private partnerships to address systemic risks in national security
Key Quotes:
"Supply chain has increasingly become an important element of how nations defend themselves, but also an area of attack." – Bob Kolasky
"We're seeing order of magnitudes improvements in manufacturing techniques that are being enabled by digital. And whenever you say the word digital, you can say the word cyber because a digital supply chain is a potentially cyber-vulnerable supply chain." – Bob Kolasky
"How are we as a country going to see the investments made in alternatives to DJI [drones] so that law enforcement can still get a cost effective solution to meet their mission needs?" – Bob Kolasky
"It’s not just about bringing supplies back here. It’s about friend-shoring and trust-shoring and making sure that there are the instruments of power used to stimulate the development of technologies and markets for technologies that are crucial." – Bob Kolasky
"Let's empower the institutions that Congress has created, the executive branch has created to continue to do this work. Administrations may have different priorities, but the more we jump around... the more we get drawn away from the end state goal, which is more security and resilience." – Bob Kolasky
Relevant Links and Resources:
Guest Bio:
Bob Kolasky is the Senior Vice President at Exeter and a former leader at the National Risk Management Center at CISA. His career has focused on addressing supply chain risk, cybersecurity, and critical infrastructure. At CISA, he worked on supply chain security efforts, particularly in defense and technology sectors, and was a key figure in developing national policies to protect critical infrastructure from cyber and physical threats.
Listen: Episode 41Recent News
Applied Research, Development, & Commercialization
The McCrary Institute’s experts work to safeguard America as an applied research, development, and commercialization partner supporting government, military, national labs and industry clients. We focus our work on critical infrastructure sectors including energy & water, space & defense, transportation, rural industries, and more. By leveraging a world class Southeast Cybersecurity Operations Center and classified labs, we help solve some of America’s greatest threats and challenges.
Research Focus