In this episode of Cyber Focus, host Frank Cilluffo sits down with Harry Krejsa, Director of Studies at Carnegie Mellon University's Institute for Strategy and Technology. Krejsa, a former Pentagon and White House cyber strategist, discusses his latest report, Sunshield, which highlights the intersection of cybersecurity, U.S.-China competition, and grid security. The conversation explores how China's cyber operations exploit technical debt in U.S. critical infrastructure, the cybersecurity risks and opportunities in the energy transition, and how the rapid buildout of AI-driven power demand presents both new challenges and unique opportunities. Krejsa outlines strategic actions the U.S. must take to secure its energy future and broader critical infrastructure against Chinese cyber threats.

Main Topics Covered

• China's cyber threat to U.S. critical infrastructure, including Volt Typhoon's activities
• The risks of integrating old and new technology in the energy sector
• How the energy transition presents a unique chance to embed cybersecurity from the start
• The role of AI data centers in reshaping U.S. energy infrastructure and security
• Key policy actions needed to reduce U.S. dependency on Chinese-dominated supply chains
• Lessons from the financial sector in managing systemic cybersecurity risks

Key Quotes

"The People's Republic of China, we now know, are working to place disruptive and destructive cyber capabilities on various kinds of American infrastructure... to stymie our ability to mobilize a military response to a crisis... [and] induced societal panic." — Harry Krejsa

"No critical infrastructure sector in the country has the amount of capital necessary to undergo that [security] transformation, except for one... the electricity sector." — Harry Krejsa

"I think we need to put modern energy at the center of our competition with China." — Harry Krejsa

"We need to get the glowering national security hawks like myself, and the affirmative vision granola crunching energy communities sitting down and talking to each other." — Harry Krejsa

"The IT-OT convergence has been a theme we come back to over and over because it is very real. Yet if you look at our defenders, we still don't look at it through the same lens." — Frank Cilluffo

Relevant Links

SUN SHIELD: How Clean Tech & America's Energy Expansion Can Stop Chinese Cyber Threats

Guest Bio

Harry Krejsa is the Director of Studies at Carnegie Mellon University's Institute for Strategy and Technology. A former White House and Pentagon cyber strategist, he played a key role in shaping the National Cyber Strategy and served on the Cyberspace Solarium Commission. His expertise spans China's cyber operations, critical infrastructure security, and the intersection of emerging technology with national defense.

In this episode of Cyber Focus, host Frank Cilluffo speaks with Cynthia Brumfield, a prolific cybersecurity journalist and analyst. Brumfield discusses her reporting on the human toll of cybersecurity incidents, including mental health challenges and burnout among cyber professionals. She also explores the evolving role of deception technology in cyber defense and highlights key cybersecurity provisions in the latest National Defense Authorization Act (NDAA). The conversation covers the growing threats posed by foreign adversaries, including China, and the importance of resilience in cybersecurity operations.

Main Topics Covered:

• The mental health impact of cybersecurity incidents and the need for better support systems
• Deception technology and its role in cyber defense beyond traditional honeypots
• Cybersecurity funding and policy changes in the NDAA, including a $30 billion investment in military cyber operations
• The rise of ransomware and its classification as a national security threat
• The establishment of the NSA's AI Security Center and its implications for national security
• Supply chain security concerns, including Chinese technology risks in ports and telecommunications

Key Quotes:

"I don't think I realized until I wrote it and having talked to all the folks who have gone through this... I don't think I realized how traumatic it is to be in the middle of a cybersecurity incident. In fact, it's very much like any other emergency situation." – Cynthia Brumfield

"You need to lay the baseline of an appropriate emotional and psychological response to these incidents before they occur, so that you don't have the burnout, that you don't have the PTSD." – Cynthia Brumfield

"[Deception technology] is basically this term of coming up with a very broad strategic goal of tricking the enemy and getting them lured into dead ends on your network." – Cynthia Brumfield

"I think [the Cyber Force discussion] has legs this time... There's some momentum on this. I'm getting asked more and more and more questions, including from skeptics." – Frank Cilluffo

"It's important when we're talking about Chinese supply chain threats and espionage threats to sort of separate the wheat from the chaff. There are some serious concerns... but we have to have a much more sophisticated grasp on what are the true threats and what are not really true." – Cynthia Brumfield

Relevant Links and Resources:

https://www.metacurity.com/

Managing the emotional toll cybersecurity incidents can take on your team

Increasing the response level to ransomware

Tricking the bad guys

Guest Bio:
Cynthia Brumfield is a leading cybersecurity journalist and analyst, writing for publications such as CSO Online. She runs Metacurity.com, a cybersecurity news site, and has been covering the field for over a decade. Her work focuses on cyber policy, national security, and emerging threats, with an emphasis on making complex issues accessible to a broad audience.

In this episode of Cyber Focus, host Frank Cilluffo speaks with Sai Molige, the leader of the threat hunting team at Forescout. They discuss the key findings from Forescout's 2024 Global Threat Roundup, including the growing role of bulletproof hosting services, increasing attacker dwell time, and targeted cyber intrusions on critical infrastructure. Molige explains how state-sponsored actors and cybercriminals are increasingly collaborating, and how the convergence of IT and OT security is reshaping the cybersecurity landscape. He also shares insights into new malware targeting industrial control systems, emerging attack techniques, and the importance of intelligence-led defense strategies.

Main Topics Covered:

• Key findings from the 2024 Global Threat Roundup: bulletproof hosting, increased attacker dwell time, and rising attacks on cybersecurity infrastructure.
• Threats to critical infrastructure: espionage and tracking of key personnel, VPN exploitation, and borrowing of attack tools between cyber groups.
• State-sponsored and criminal cyber collaboration: the blurred lines between nation-state actors and cybercriminal groups.
• Operational Technology (OT) security risks: increased targeting of specialized industrial protocols and legacy system vulnerabilities.
• Threat hunting frameworks and cyber resilience: the importance of intelligence-led defense, strategic visibility, and response planning.

Key Quotes:

"[Bulletproofing services become] breeding grounds for cyber attacks, or at least the building blocks for it. —Sai Molige

"Attackers are spending an increased amount of time inside the network to better understand the environment they are in." —Sai Molige

"Cyber criminals...are finding opportunities, and partnering with either nation state groups or state-sponsored groups." —Sai Molige

"Trust is the coin of the realm for the good guys, but also for the bad guys. So maybe we need to be spending a little more time eroding trust and confidence between and among some of these cyber criminals." —Frank Cilluffo

"[Threat hunting] is a iterative and proactive process, to uncover hidden risks and enhance resilience." —Sai Molige

Relevant Links and Resources:

• Forescout's 2024 Global Threat Roundup
• CISA Cybersecurity Advisories on Industrial Control Systems

Guest Bio:

Sai Molige is the head of Threat Hunting at Forescout, where he leads efforts in adversary engagement, cyber intelligence, and advanced threat detection. He has previously worked at Comcast and Snapchat, bringing deep expertise in network security, offensive cybersecurity strategies, and cyber threat intelligence. His work focuses on understanding attack patterns, improving cyber resilience, and bridging gaps between IT and OT security.