McCrary Institute for Cyber & Critical Infrastructure Security
Harnessing America’s cyber experts to safeguard our nation.
Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security seeks practical solutions to real-world problems, underpinned by research and scholarship. Founded in 2015 through a generous donation from the Alabama Power Foundation in honor of its retiring CEO and Auburn alumnus Charles D. McCrary, the Institute fuses theory with practice, and policy with technology, to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
The McCrary Institute is a nonpartisan think tank located at Auburn University, and is the leading group of public/private sector cyber experts providing unique end-to-end cyber capabilities from R&D, cybersecurity education/training, policy-relevant analysis, to future technology research.
As a top-tier research university, designated a Carnegie R1 institution, over 200 of Auburn’s on-campus faculty members conduct defense, cyber, and homeland security research for the Department of Defense, NASA, and other federal agencies.
Cyber Focus Podcast
In this episode of Cyber Focus, host Frank Cilluffo speaks with Manny Cancel, Senior Vice President at NERC and CEO of the Electricity Information Sharing and Analysis Center (E-ISAC). The conversation explores the evolving threat landscape impacting grid security, including challenges posed by ransomware, physical attacks, and AI-driven cyber risks. Manny highlights the importance of public-private collaboration, resilience engineering, and supply chain security to mitigate nation-state and extremist threats. He also discusses the ISAC's role in information sharing, mutual aid programs, and exercises like GridEx to strengthen critical infrastructure defenses. The episode concludes with insights on emerging technologies, operational technology (OT) convergence, and preparing the next generation of cybersecurity leaders.
Main Topics Covered:
- The evolving threat landscape: cyber, physical, and AI-driven risks
- Public-private collaboration and lessons learned from global crises
- Enhancing grid resilience through mutual aid, GridEx exercises, and supply chain security
- The convergence of IT and OT systems in critical infrastructure
- Preparing the next generation of cybersecurity leaders and addressing resource gaps
Key Quotes:
"The threat has really become so much more complicated because of the geopolitical tensions... corporations were not designed to fight nation states." - Manny Cancel
"We curate products and services for the different audiences that we deal with. We don't dumb things down, but we make things more consumable and digestible and useable." - Manny Cancel
"It's not unreasonable to think that what we're seeing in other parts of the world could occur here." - Manny Cancel
"In a worst case scenario, at least, we hope we can bounce back. If not bounce forward." - Manny Cancel
“We’re seeing a proliferation of drones. I think the challenge with drones is that there are legitimate and then there are malicious [uses].” – Manny Cancel
Related Links:
Guest Bio: Manny Cancel is Senior Vice President at the North American Electric Reliability Corporation (NERC) and CEO of the Electricity ISAC. With over 40 years of experience, including serving as CIO of Con Edison, Manny is a recognized leader in grid security and resilience. He champions collaboration across industries, fostering partnerships to address cyber and physical threats to critical infrastructure.
Listen: Episode 50
For this episode of Cyber Focus, host Frank Cilluffo sits down with Eric Geller, a leading cybersecurity journalist who contributes to top outlets like Politico, Wired, and The Record. Together, they unpack Eric's reporting on expectations for changes in AI regulation and cybersecurity under the incoming Trump administration. They also discuss the vulnerabilities within critical infrastructure sectors like agriculture and telecom. Geller offers insights into systemic challenges, the evolving threat environment, and the need for innovation in tackling cybersecurity policy and governance.
Main Topics Covered:
- Changes in cybersecurity priorities under different U.S. administrations
- Insights into major incidents like Salt Typhoon and their implications for telecom security
- The Biden administration's AI executive order vs. potential Trump-era policies
- Cybersecurity vulnerabilities in agriculture and critical infrastructure
- The challenges of implementing software liability and establishing duty-of-care standards
Key Quotes:
"[Salt Typhoon is] one of the broadest campaigns that the U.S. government has ever seen." - Eric Geller
"Congress would have to step in and say, we are declaring software to be a product, which unlocks some legal avenues for further work [on software liability]." - Eric Geller
"Trump changed the rules a little bit to make it easier for the military to launch some of these [cyber] attacks. And Biden did not reverse that." - Eric Geller
"The tech industry really needs to figure out where it stands on how much regulation it wants." - Eric Geller
"All these things could be hacked. And right now, it's almost just a matter of luck that some of them haven't been." - Eric Geller
Relevant Links:
https://www.wired.com/story/trump-administration-cybersecurity-policy-reversals/
https://www.wired.com/story/donald-trump-ai-safety-regulation/
https://therecord.media/government-is-not-ready-for-food-agriculture-cybersecurity-usda
https://therecord.media/cybersecurity-software-liability-standards-white-house-struggle
Guest Bio: Eric Geller is a seasoned cybersecurity journalist, recognized for his in-depth analysis of pressing cyber issues. He has written for Politico, Wired, The Record, and Cipher Brief, focusing on policy, governance, and the intersection of technology and national security.
In this episode of Cyber Focus, host Frank Cilluffo interviews Mark Green, Chairman of the House Homeland Security Committee. Congressman Green, a combat veteran and healthcare entrepreneur, discusses key cybersecurity challenges, including workforce shortages, bureaucratic inefficiencies, and economic models that incentivize cybercrime. The conversation highlights the importance of initiatives like the Cyber Pivot Act, designed to address critical workforce gaps, and the need for harmonizing regulatory requirements. Green also explores strategies for protecting critical infrastructure, enhancing state-level cybersecurity, and leveraging public-private partnerships to bolster national resilience.
Main Topics Covered:
- Addressing the cybersecurity workforce gap through the Cyber Pivot Act
- Harmonizing federal regulations to reduce bureaucratic inefficiencies
- Strengthening cybersecurity for critical infrastructure at all levels of government
- Tackling economic incentives that enable cybercrime and vulnerabilities
- Advancing public-private partnerships and state-level cybersecurity initiatives
Key Quotes:
"We have a 500,000 person shortage in cybersecurity jobs in this in this country, empty spaces with nobody to put in them." - Mark Green
"If a company is spending more time complying than they are actually securing themselves, then... government is doing harm." - Mark Green
"I have a strong belief that we have to as a country own the fact that these businesses can't protect themselves against nation states. And we have an obligation." - Mark Green
"At the end of the day, the first to respond and the last to leave in a local incident are still going to be at [the] state level." - Frank Cilluffo
"We've got to figure out as a country how to put pressure on people, to enforce laws, to extradite when someone breaks our laws." - Mark Green
Relevant Links:
https://homeland.house.gov/2024/09/24/chairman-green-introduces-cyber-pivott-act-to-tackle-government-cyber-workforce-shortage-create-pathways-for-10000-new-professionals/
Guest Bio:
Mark Green is the Chairman of the House Homeland Security Committee, where he spearheads efforts to address cybersecurity, border security, and national resilience. A West Point graduate, Green served as a combat veteran and special operations physician in the Army’s renowned 160th Special Operations Aviation Regiment, known as the Night Stalkers. After his military service, he became a successful entrepreneur in the healthcare sector. Green has brought his leadership skills to Congress, focusing on critical issues like cybersecurity workforce development, regulatory harmonization, and protecting critical infrastructure. He is also the author of We Before Me, a book reflecting his philosophy of putting collective success above individual gain.
Listen: Episode 48Recent News
Applied Research, Development, & Commercialization
The McCrary Institute’s experts work to safeguard America as an applied research, development, and commercialization partner supporting government, military, national labs and industry clients. We focus our work on critical infrastructure sectors including energy & water, space & defense, transportation, rural industries, and more. By leveraging a world class Southeast Cybersecurity Operations Center and classified labs, we help solve some of America’s greatest threats and challenges.
Research Focus