Frank Cilluffo poses on the campus of Auburn University.

5 Minutes with Frank Cilluffo

Frank Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security, joined the university in 2019, bringing wit him the Center for Cyber and Homeland Security as the institute’s policy driver in Washington, D.C. Cilluffo is an internationally recognized cyber and homeland security expert, and he feels Auburn has positioned itself as the new national leader in cyber research and professional preparedness.

AP: Frank, just tell me a little about yourself and some of your background.

FC: I’ve had the privilege to work inside government, addressing some of the country’s greatest challenges, working for President George W. Bush on some of our counterterrorism and homeland security issues, but I’ve always been a bit of a think-tanker and also stood up a major institute at George Washington University. I ran an MBA program with a focus on cybersecurity there, and recently came to Auburn where I had the opportunity to marry up theory with practice or policy with technology to sort of hit some of the most complicated and complex issues our country’s facing, and tried to bring the best and the brightest from both the theoretical world and  together with a very practical world with those that are addressing real problems, addressing real issues, many of whom reside here at Auburn University. 

AP: So you kind of answered the “why Auburn?” question, but why now? What made the timing right?

FC: You know, universities have an opportunity, and dare I say even a responsibility, to educate the next generation, the next work force to address some of the most pressing challenges facing our country, and cybersecurity would be at the very top of that list. Not only within the College of Engineering, but within the university as a whole. Technology changes human nature and remains consistent, and when you start thinking about cybersecurity issues, by definition, they’re interdisciplinary. They require people with different skillsets and different forms of expertise to marry that up to address the common challenges that face us all. So, the technological component is critical — it’s key— and I think Auburn can play a significant role in making things happen in this environment. They already have; I think we can exacerbate and enhance some of those capabilities even further. But it’s also bringing together the soft sciences, the behavioral sciences, economists. So, ultimately, I think universities have an opportunity, a responsibility, to arm the next generation and the workforce of tomorrow to tackle these issues. 

AP: What resources do you feel that we have here at Auburn University and, in particular, Auburn Engineering that can position Auburn as a global leader in cyber, homeland and critical infrastructure security?

FC: For years I had been working on policy-related issues and loved what I was doing day in and day out, but we’d come up with a product, a deliverable, and I could never be in the implementation phase. Here at Auburn, there’s the opportunity to actually implement some of these ideas to provide an end-to-end solution that is not only grounded in good science in terms of issues, but can also execute and act upon those ideas. So, ultimately, I think it is a deep tech bench. It’s a number of faculty, post-doctorates and students that want to contribute to some of the biggest issues facing our country today, and I hope that we can find opportunities to marry that intent up with capability and get things done. I mean, the reality is that we’ve been admiring this problem for too long. We know where the challenges are. Now is the opportunity to get things done and I think Auburn can serve as a catalyst to get things done. All things said and done, timing is important here and I’m excited about the opportunity to deliver on that.

AP: Lt. Gen. Ron Burgess Jr. played a big part in getting you here. He has extensive experience in military intelligence, we also have the Auburn Cyber Research Center here and even more extensive research being conducted within the Department of Computer Science and Software Engineering. So, what are some of those things that we’re armed with that you feel can propel us to the next level.

FC: Absolutely. So, Auburn already has a deep tech bench. They’ve already been punching above their weight. You’ve got some amazing faculty such as David Umphress who is running the Cyber Research Center; getting things done for quite some time. One of the reasons I came to Auburn, in addition to the deep technological bench that resides here, was General Burgess. He’s someone who has an amazing reputation in Washington, D.C., someone who’s been a leader in the military and intelligence environment and has a commitment to these really tough issues facing all of us. So, it’s not simply a technological solution. I wish there were silver bullets; the reality is that it’s going to take an integrated approach to help propel some of the amazing faculty, students that are already here. We have some great faculty right now, both seasoned faculty and young faculty. For me, this is the time. The time is now and I think the commitment is there and were going to get things done.

AP: Can you talk about some of the imminent threats that are facing our nation today that Auburn is positioned to be on the forefront of?

FC: When you think about cybersecurity, people tend to think of purely computer screens, but the reality is that cybersecurity is integrated in everything we do, both as a society and from a national security standpoint. So, when you think about the greatest cyber threats facing the United States right now, it’s largely going to be nation states: Russia, China, Iran and North Korea. Historically, in the past year, we have seen major crisis from each of these actors. Was it a China problem? Was it a cyber problem? Is it a Russia problem? Is it a cyber problem? Reality is, it’s both. And blending that expertise is becoming more and more important. Our nation’s critical infrastructure, the most important infrastructure, the lifeline sectors such as the electric power, telecommunication, financial services, transportation, our defense industrial base — these are all vulnerable to cyber sorts of attacks and what we need to do now is enhance our posture to be able to prevent where possible, mitigate when the inevitable occurs, minimize the consequences and build resiliency into our society should bad incidents occur. The reality is cyber is not new, but the way countries are engaging, the way they’re integrating it into their war-fighting strategy and doctrine, that is new and the United States needs to be prepared for not tomorrow’s threat, this is here now and ultimately to enhance our security as much as we can.

AP: You touched on nation states, but criminal actors are also a huge threat to the private sector. You’ve mentioned that not only does the private sector need a seat at the cybersecurity table, but they should almost be at the head at the table. Let’s talk about how that affects ordinary companies, their websites, whether it’s an insurance company or whether it’s your grocery store, and how the private sector is at the forefront?

FC: Absolutely. Firstly, just to put a fine point on the threat, not all hacks are the same, not all hackers are the same. Intentions vary, capabilities vary and if you were to look at the threat spectrum, at the top of the list is nation states, followed by criminal enterprises, followed by foreign terrorist organizations, followed by special interest groups that have an ax to grind agnostic to what that ax may be. The threat comes in various shapes, sizes and forms, but ultimately we tend to think of this and what makes cyber different to traditional national security challenges in that the private sector is on the frontlines of this war. Not even the biggest companies went into business thinking they had to defend themselves against foreign intelligence services. That’s precisely what’s happening today. We’ve got to be able to get to the point where we can address the gaps and the shortfalls between government and private sector and make sure that the private sector is armed with the tools, armed with the intelligence, armed with the information and has the workforce that can handle some of these issues. And I think Auburn can actually provide many of the students that will be engaging in these frontline challenges going forward. I think that when we think traditionally of national security issues, this is a national and economic challenge, and not only is the private sector in the frontlines, they ought to be driving policy to the extent going forward. Historically, it was government lead, private sector follow. Not so with cybersecurity. In many cases it should be private sector lead and everyone else follow. I think that is something we were still in the early stages of getting to that point, but when you look at where the financial sectors are, where the energy companies are, they’re at a pretty high level of capability. But 99% of America is run by small- and medium-sized businesses, and I think we have a responsibility to make sure those businesses are armed with the tools, armed with the expertise to provide better security for themselves, for their clients and for their shareholders.

You can listen to #GINNing’s April interview with Cilluffo’s interview here.