Imagine losing power for days, or weeks. What about running water and telecommunications? Mass transportation grinds to a halt, healthcare facilities scramble and financial systems unravel.
“You’re talking about America’s lifelines. When they go down for more than a moment, it’s a bad day,” said Nick Sellers, chief operating officer at Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security.
The McCrary Institute was founded in 2015 with that reality in mind. From its Washington, D.C., office to Auburn’s campus, the institute bridges policy and practice, working with federal agencies, industry partners and national laboratories.
Enter the institute’s new line of defense: the McCrary Edge Lab, a 5,000-square-foot hub in the Auburn University Research Park.
At the intersection of cyber workforce development and cybersecurity, research, testing and training drive real-world defense through the Southeast Region Cybersecurity Collaboration Center (SERC3), a collaborative effort focused on protecting the nation’s power grid and other critical infrastructure from cyber threats. Students and peer cybersecurity professionals collaborate with state and industry partners to monitor threats and strengthen cyber defenses through the Alabama Cybersecurity Intelligence Center (ACIC).
“Putting boots on the ground with our engineers, students and faculty working alongside government agencies, industry and national laboratories to deliver solutions is exciting,” Sellers said. “Our work at the McCrary Institute aligns with the university’s vision as a land-grant institution and reflects the strength of Auburn engineering.”
Hands on, lights on
The Edge Lab’s heartbeat isn’t the cyber operations command center, even with a 400-inch video wall awash in live telemetry. It isn’t the rows of multi-monitor stations tracking threats in real time. It isn’t even the industrial control rigs that mirror the nation’s critical infrastructure.
It’s students. Twenty of them.
Here, they configure networks, install software, deploy sensors that detect malicious activity and test how systems hold up under attack. Not a bad gig for young people to put on a résumé, especially when you’re using cutting-edge technology and building artificial intelligence (AI) models to help you do it.
“Many students graduate with strong theoretical knowledge, but they don’t get the opportunity to work with real-world systems,” said Tylan Rudolph, a senior studying industrial and systems engineering and working an apprenticeship as an assistant to the McCrary Institute chief operating officer. “Here, we use the configurations of industry-informed technology sets, so those systems aren’t new to us when we walk into industry.”
SERC3 Program Director John Kotolski said preparing the next generation of cyber and utility security leaders sits at the core of the McCrary Institute’s mission.
“Few higher education programs can really prepare someone to step into the world of utilities and operational technology without hands-on experience,” he said. “Students nationwide often graduate with a strong understanding of theory, but they rarely get the opportunity to interact with the kinds of systems they’ll encounter once they enter the workforce. What’s unique about Auburn and the McCrary Institute is that students put their hands on the same equipment they’ll see in the work environment.”
What kind of equipment?
Supervisory control and data acquisition systems. Industrial control systems. Programmable logic controllers. Network monitoring and threat-detection software. Testbeds that replicate a variety of utility operations.
That kind of equipment.
High-tech, impactful equipment like that is a long way from where Rudolph began his cybersecurity journey, but the curiosity was the same. Growing up in Jemison, he poured his “insane” enthusiasm for computers into helping manage his high school’s information technology infrastructure. As a committed member of Future Farmers of America, his days often swung from feeding cattle to diagnosing network issues.
“I didn’t know at the time that planted a seed for the work that I’m doing now,” Rudolph said. “I’ve always been drawn to operating, protecting and enhancing systems that have a direct correlation to everyone’s ability to navigate and interact with society and enterprise.
“I wanted to work in an industry that impacts Americans every single day. The systems we’re studying here and helping protect are the same ones that keep the lights on, move water through cities and support the infrastructure people rely on,” he added.
Employers across the energy and cybersecurity sectors have taken notice of the experience students have gained in the lab, Kotolski said.
“The experience our students gain here makes them much more marketable because we grow people to step directly into utility or energy jobs,” Kotolski said. “We’re happy to see them graduate, of course, but we hate to see the students leave. Any employer would go, ‘Wow, I’m having knowledge walk out the door.’ But knowing that these students can step in and get great jobs like at national defense contractors or utility giants, that speaks a lot about the program and Auburn University.”
‘An accelerator for national labs’
How does one test a cyberattack on the power grid without compromising the real one? How can energy providers trust that the equipment inside their substations hasn’t already been compromised? How do operators defend critical infrastructure when cyberattacks can move faster than humans can respond?
Those questions, and others, drive research inside SERC3.
Established in 2024 through a $10 million U.S. Department of Energy grant, SERC3 operates as a pilot regional research and operations center in partnership with the McCrary Institute and Oak Ridge National Laboratory. The initiative brings together researchers, utilities and federal agencies to study cyber threats and develop new defense-oriented technologies.
“We view ourselves as an accelerator for national labs,” Sellers said. “Our partnership with Oak Ridge and the Department of Energy was really the foundation for what we’re trying to build. We’re taking some of the deep research that’s happening in the national labs and with Auburn University faculty researchers, then translating that into tools operators can use in the field.”
That work spans two facilities. Inside the Edge Lab at the Auburn Research Park, researchers and industry partners run cyberattack simulations, test security tools and train operators in an environment built to mirror real-world systems.
Within the Power Systems Lab in Broun Hall, engineers focus on the physical grid — relays, control systems and equipment that generate and deliver electricity — creating a space where cybersecurity research can be paired with live power system behavior.
Together, the labs form the backbone of SERC3’s research ecosystem.
“A large part of our charge as a land-grant institution is to serve the state of Alabama and of course to serve our country,” Rudolph said. “It’s one thing to research and develop something. It’s another thing to commercialize it and install it.”
Cybercriminals leave fingerprints, too, just not the kind investigators dust for. McCrary researchers are working with the Secret Service’s National Computer Forensics Institute to help law enforcement become better equipped and better trained to find these important cyber fingerprints. For investigators chasing hackers across international networks, those digital fingerprints can turn a mystery into a prosecutable case.
Mass transit systems present a different kind of challenge. Modern buses consist of interconnected systems utilizing diesel-electric hybrid, all-electric battery, or compressed natural gas powertrains featuring digital passenger information systems and onboard Wi-Fi. Researchers are designing an assessment kit, along with conducting cybersecurity assessments against these systems, to identify vulnerabilities before public use.
After initially focusing on testing cyber defenses for the power grid and other operational infrastructure systems, SERC3’s Phase II shifts into advanced research examining how AI is reshaping cybersecurity across critical infrastructure. Attackers are already using AI to automate reconnaissance, generate malicious code and move laterally through industrial systems at speeds human operators can’t match. Kotolski pointed to a recent case where a foreign threat actor used an AI model to break into a utility’s industrial controls in minutes, calling it a clear sign of how quickly the threat landscape is accelerating.
“That kind of speed is exactly why we have to rethink how we evaluate and deploy AI in cybersecurity,” Kotolski said. “We need to be careful because AI can be good… or bad. One of the work streams is asking how we evaluate AI for cybersecurity tools and how we leverage AI to help operators move faster and be more effective.”
Phase II is also driving development of an AI-powered incident-response tool designed to help utility operators detect, interpret and counterattacks in real time.
“We’re developing tools that help operators move faster and more efficiently to defend themselves,” Sellers said. “The bad guys are already using AI. Phase II is about making sure the good guys can, too.”
Rural cyber defenders
Did you know the Edge Lab monitors cyber threats across all 67 Alabama counties at no cost to local governments?
“We’re working to ensure that communities across Alabama have the ability to defend their respective critical infrastructures in cyberspace,” Sellers said. “Many local governments simply don’t have the resources or personnel to monitor threats or respond to incidents on their own. What we’re doing here is helping provide that capability so 400-plus cities and rural water systems across the state can better protect the systems their citizens rely on.”
Backed by $19 million from the State and Local Cybersecurity Grant Program and carried out in partnership with the Alabama Office of Information Technology, the effort runs through ACIC, where student analysts provide around-the-clock monitoring, threat intelligence and hands-on cybersecurity support to communities across the state.
In many small towns, limited IT staff means each city-issued device represents a potential entry point into municipal networks. Monitoring devices provides critical visibility, allowing analysts to detect suspicious activity before it spreads across systems that support essential services such as emergency communications, financial operations and public records.
ACIC addresses this challenge through a comprehensive approach that integrates endpoint monitoring, shared threat intelligence and exercises designed for proactive risk reduction.
“The goal isn’t only to detect cyber threats but to improve cyber hygiene statewide by helping organizations understand their risks and implement stronger protections,” Sellers said.
ACIC’s work extends beyond monitoring municipal networks, reaching into the forestry, poultry and water systems that anchor rural Alabama’s economy. Through U.S. Department of Agriculture-supported research with Auburn University’s Rural Partnership Institute, students are developing cybersecurity tools, producing open-source intelligence reports and delivering training across these sectors. The effort highlights how exposed rural communities can be to cyberattacks while reinforcing the essential role they play in the nation’s food and agriculture supply chain.
From shaping the national cyber policy discussion to creating meaningful resources that protect critical infrastructure to developing a cyber operations center that prepares the next generation of cybersecurity engineers, the McCrary Institute is positioning Auburn as a national leader in defending the systems America depends on.
“Our vision was to create an institute dedicated to supporting national security and critical infrastructure and to leverage Auburn’s best and brightest engineers, faculty researchers and students to be on the front edge of applied research and services to better defend America’s lifelines,” Sellers said. “We’re more than checking those boxes.”
