Q&A with Frank Cilluffo

Frank Cilluffo

Director of the McCrary Institute for Cyber & Critical Infrastructure Security, Auburn University

What’s top of mind for you in cyber right now and why?

China, China, China . . . and Russia. No secret here; the Communist Party of China has been very vocal about China’s intentions to be a global cyber superpower. Not only is China investing in its cyber capabilities, it has also demonstrated time and again, that it is unwilling to play by the rules. Looking beyond their advanced cyber capabilities, it is hard to overstate the risk to our supply chains. Whether it is semiconductor chips or other critical components and technologies, the risk to our national and economic security is significant and left unchecked, could become debilitating. Keep in mind that China is our nearest peer-competitor and challenger across the board (militarily, economically, and so on) and you can’t look at cyber in isolation from the larger geopolitical backdrop. All of this taken together makes China the one to watch. Pulling on a similar thread, the Russia-Ukraine war is also a concern when its cyber dimension is placed in broader context. There we see the return of geostrategic maneuvering and manipulation in the worst possible way. Relatedly it’s worth asking if the sanctions imposed on Russia as a result of its war against Ukraine have had a real impact on ransomware operators—since many of the major perpetrators operate out of Russia and are provided safe haven there. While it may be a little too early to discern the data on that it would also be interesting to know whether ransomware (and cybercrime more generally) rises or falls in a time of economic downturn.

What will you be watching for most in the next six months?

How things will shape up on the Hill after the departure of multiple cyber-titans from Congress. Representatives Langevin and Katko and Senator Sasse have demonstrated exemplary leadership and expertise which has played an instrumental role in driving cyber policy into law. Now that Congress is finally having real impact in this area the question is, who will pick up the mantle to continue leading the charge? At this stage, we need serious leadership on oversight and on budgeting (after all, policy without resources is rhetoric) to make sure that important policies will succeed in their implementation. Pivoting to the other end of Pennsylvania Avenue, we should also keep our eyes open for the upcoming release of the National Cyber Strategy. It’s expected to be comprehensive in scope, but the real test will lie in translating its nouns into verbs in order to achieve actual operational impact.

What will be the next big drivers of the evolution of public-private partnerships?

Everyone recognizes that the private sector is an enormously important piece of the puzzle, but we need to act that way and not just say it. Taking the public-private partnership (PPP) to the next level requires building ever-greater confidence on both sides of the equation, because trust is the coin of the realm. Yet trust takes a long time to build and can evaporate in a nanosecond. Fighting side by side in the same foxholes, addressing the same challenges, will move us in the right direction—and the Joint Cyber Defense Collaborative (JCDC) is a positive development. That experience of public-private partnering will help form an increasingly strong foundation for enhanced cooperation. With industry on the front lines in so many critical settings and taking an increasingly important role (such as in space domain), the need to evolve PPPs becomes ever more pressing. One tool for getting us closer to where we need to be is the new Department of Energy National Strategy for Cyber Informed Engineering (CIE). The idea here is to promote cybersecurity by design; and in order to maximize our potential for reaching that goal, industry (along with educators and innovators) was heavily involved in the crafting of the Strategy. A product that truly reflects the expertise of the private sector is a good step toward meaningful PPP.

Frank J. Cilluffo serves as Director of Auburn University’s McCrary Institute for Cyber & Critical Infrastructure Security. He has decades of national and homeland security experience derived from working inside and outside government including serving as a Special Assistant for Homeland Security to President Bush in the White House, immediately following the 9/11 attacks on the US. He recently served as a commissioner on the Cyberspace Solarium Commission and chaired a handful of committees for the Homeland Security Advisory Council on economic security, cybersecurity and counterterrorism. He has testified before Congress dozens of times and has published extensively in major media.