Cyber Focus
Cyber Focus, from the McCrary Institute, explores the people and ideas that shape and protect our digital world. Each week our host, Frank Cilluffo, speaks with the leading voices in cybersecurity, and brings to light what steps public and private organizations need to be taking to keep our country secure.
Cyber Focus
Minimizing Cyber Risks: Steve Kelly on Secure Strategies
In this episode of Cyber Focus, Frank Cilluffo hosts Steve Kelly, Chief Trust Officer at the Institute for Security and Technology. With a rich background that includes roles at the National Security Council and the FBI, Steve shares his deep insights into the cybersecurity landscape. The discussion covers the expanding attack surface due to emerging technologies, the convergence of physical and cyber domains, and the critical importance of trust and security in today's digital world.
Main Topics:
- The increasing attack surface from consumer devices, industrial IoT, clean energy tech connecting to the grid
- Rethinking network architecture and security models in the era of dissolving perimeters
- The potential for AI and machine learning to aid defenders by automating detection/response at scale
- Creative law enforcement operations to disrupt cybercriminal infrastructure and business models
- The need to scale public-private operational collaboration against cyber threats
- IST's work on AI governance, trust & safety practices, and securing critical infrastructure
Key Quotes:
- “One of the challenges in the network defense realm is this kind of data deluge that the average network defender is experiencing, that there's just more telemetry, more signaling, more alerts, and more events that can possibly be looked at and interpreted and actioned.” - Steve Kelly
- "There’s a need to fundamentally rethink network architecture from a security standpoint so that we do not have vulnerable assets connected to the public Internet." - Steve Kelly
- "The idea is we want to have American products be marketable and trusted on the global marketplace as well as foreign products that are trustworthy to be acceptable here." - Steve Kelly on the U.S. Cyber Trust Mark
- "If we're relying on the end user to unbox the device and go in and change a password… that's not a winning solution." - Steve Kelly
- “I think that there's a need to fundamentally rethink network architecture from a security standpoint so that we do not have vulnerable assets connected to the public Internet that can be found by bad actors.” - Steve Kelly
- "If it's discoverable, it will be exploited." - Steve Kelly
Relevant Links/Resources
- U.S. Cyber Trust Mark program
- National Cyber Strategy
- Institute for Security and Technology
- Carnegie Mellon's CI Lab
- Shodan.io
Guest Bio
Steve Kelly is the Chief Trust Officer at the Institute for Security and Technology (IST). Prior to IST, he served as a Special Assistant to the President on the National Security Council staff, focusing on emerging technology risks like AI, quantum computing, and 5G/6G. Steve retired from the FBI in 2022 after over 20 years as a cyber investigator and supervisor on the agency's cyber national security squad.
