McCrary Institute for Cyber & Critical Infrastructure Security
Harnessing America’s cyber experts to safeguard our nation.
Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security seeks practical solutions to real-world problems, underpinned by research and scholarship. Founded in 2015 through a generous donation from the Alabama Power Foundation in honor of its retiring CEO and Auburn alumnus Charles D. McCrary, the Institute fuses theory with practice, and policy with technology, to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
The McCrary Institute is a nonpartisan think tank located at Auburn University, and is the leading group of public/private sector cyber experts providing unique end-to-end cyber capabilities from R&D, cybersecurity education/training, policy-relevant analysis, to future technology research.
As a top-tier research university, designated a Carnegie R1 institution, over 200 of Auburn’s on-campus faculty members conduct defense, cyber, and homeland security research for the Department of Defense, NASA, and other federal agencies.
Cyber Focus Podcast
Overview: In the first episode of Season Two of Cyber Focus, host Frank Cilluffo welcomes Matt Hayden, former Assistant Secretary at DHS, and RADM (Ret.) Mark Montgomery, former Executive Director of the Cyberspace Solarium Commission. Together, they discuss the evolving cyber landscape under the incoming Trump administration. The conversation covers critical cybersecurity challenges, including regulatory reform, military mobility infrastructure, the separation of Cyber Command and NSA, and strategies to counter adversarial cyber threats. Hayden and Montgomery provide insight into potential policy shifts and the role of public-private partnerships in safeguarding national security.
Main Topics Covered:
- Cybersecurity priorities and regulatory reform under the Trump administration
- Strengthening critical infrastructure through public-private partnerships
- Enhancing military mobility and addressing state-sponsored cyber threats
- Cyber workforce development and innovation in response strategies
Key Quotes:
"The president and his team have a list of priorities. And the good news for folks that are interested in cyber is cyber touches everything." — Matt Hayden
"I do think there's going to be a push for a Cyber Force." — Mark Montgomery
"We're never simply going to firewall our way out of this problem." — Frank Cilluffo
"The current force generation model isn't working. We're not recruiting the right people. We're not training them. We're not maintaining them. We're not retaining them." — Mark Montgomery
""I think that [CISA has] an opportunity to actually explain what they do a little better... Knowing what CISA actually does day to day, especially on the congressional side, is tough." — Matt Hayden
Relevant Links and Resources:
Guest Bios:
- Matt Hayden: Former Assistant Secretary for Cyber, Infrastructure, Risk, and Resilience at DHS, now a Senior Fellow at the McCrary Institute.
- RADM (Ret.) Mark Montgomery: CCTI Senior Director at the Foundation for Defense of Democracies and former Executive Director of the Cyberspace Solarium Commission.
In this episode of Cyber Focus, host Frank Cilluffo speaks with Manny Cancel, Senior Vice President at NERC and CEO of the Electricity Information Sharing and Analysis Center (E-ISAC). The conversation explores the evolving threat landscape impacting grid security, including challenges posed by ransomware, physical attacks, and AI-driven cyber risks. Manny highlights the importance of public-private collaboration, resilience engineering, and supply chain security to mitigate nation-state and extremist threats. He also discusses the ISAC's role in information sharing, mutual aid programs, and exercises like GridEx to strengthen critical infrastructure defenses. The episode concludes with insights on emerging technologies, operational technology (OT) convergence, and preparing the next generation of cybersecurity leaders.
Main Topics Covered:
- The evolving threat landscape: cyber, physical, and AI-driven risks
- Public-private collaboration and lessons learned from global crises
- Enhancing grid resilience through mutual aid, GridEx exercises, and supply chain security
- The convergence of IT and OT systems in critical infrastructure
- Preparing the next generation of cybersecurity leaders and addressing resource gaps
Key Quotes:
"The threat has really become so much more complicated because of the geopolitical tensions... corporations were not designed to fight nation states." - Manny Cancel
"We curate products and services for the different audiences that we deal with. We don't dumb things down, but we make things more consumable and digestible and useable." - Manny Cancel
"It's not unreasonable to think that what we're seeing in other parts of the world could occur here." - Manny Cancel
"In a worst case scenario, at least, we hope we can bounce back. If not bounce forward." - Manny Cancel
“We’re seeing a proliferation of drones. I think the challenge with drones is that there are legitimate and then there are malicious [uses].” – Manny Cancel
Related Links:
Guest Bio: Manny Cancel is Senior Vice President at the North American Electric Reliability Corporation (NERC) and CEO of the Electricity ISAC. With over 40 years of experience, including serving as CIO of Con Edison, Manny is a recognized leader in grid security and resilience. He champions collaboration across industries, fostering partnerships to address cyber and physical threats to critical infrastructure.
Listen: Episode 50
For this episode of Cyber Focus, host Frank Cilluffo sits down with Eric Geller, a leading cybersecurity journalist who contributes to top outlets like Politico, Wired, and The Record. Together, they unpack Eric's reporting on expectations for changes in AI regulation and cybersecurity under the incoming Trump administration. They also discuss the vulnerabilities within critical infrastructure sectors like agriculture and telecom. Geller offers insights into systemic challenges, the evolving threat environment, and the need for innovation in tackling cybersecurity policy and governance.
Main Topics Covered:
- Changes in cybersecurity priorities under different U.S. administrations
- Insights into major incidents like Salt Typhoon and their implications for telecom security
- The Biden administration's AI executive order vs. potential Trump-era policies
- Cybersecurity vulnerabilities in agriculture and critical infrastructure
- The challenges of implementing software liability and establishing duty-of-care standards
Key Quotes:
"[Salt Typhoon is] one of the broadest campaigns that the U.S. government has ever seen." - Eric Geller
"Congress would have to step in and say, we are declaring software to be a product, which unlocks some legal avenues for further work [on software liability]." - Eric Geller
"Trump changed the rules a little bit to make it easier for the military to launch some of these [cyber] attacks. And Biden did not reverse that." - Eric Geller
"The tech industry really needs to figure out where it stands on how much regulation it wants." - Eric Geller
"All these things could be hacked. And right now, it's almost just a matter of luck that some of them haven't been." - Eric Geller
Relevant Links:
https://www.wired.com/story/trump-administration-cybersecurity-policy-reversals/
https://www.wired.com/story/donald-trump-ai-safety-regulation/
https://therecord.media/government-is-not-ready-for-food-agriculture-cybersecurity-usda
https://therecord.media/cybersecurity-software-liability-standards-white-house-struggle
Guest Bio: Eric Geller is a seasoned cybersecurity journalist, recognized for his in-depth analysis of pressing cyber issues. He has written for Politico, Wired, The Record, and Cipher Brief, focusing on policy, governance, and the intersection of technology and national security.
Recent News
Applied Research, Development, & Commercialization
The McCrary Institute’s experts work to safeguard America as an applied research, development, and commercialization partner supporting government, military, national labs and industry clients. We focus our work on critical infrastructure sectors including energy & water, space & defense, transportation, rural industries, and more. By leveraging a world class Southeast Cybersecurity Operations Center and classified labs, we help solve some of America’s greatest threats and challenges.
Research Focus