Threat Preparedness: Auburn’s Cilluffo addresses ongoing cyber threats to nation

Article body

Following the Sept. 11, 2001, terrorist attacks, President George W. Bush established the Office of Homeland Security to develop and coordinate a comprehensive national strategy to secure the United States from terrorist threats or attacks. Bush appointed Frank Cilluffo to the newly created office, which became the Department of Homeland Security on Nov. 25, 2002.

There, Cilluffo was involved in a wide range of homeland security and counterterrorism strategies, policy initiatives and served as a principal advisor to Director Tom Ridge, directing the president’s Homeland Security Advisory Council.

Cilluffo currently serves as director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University. He continues to testify before Congress on numerous occasions, as a subject matter expert on policies related to counterterrorism, cyber threats, security and deterrence, weapons proliferation, organized crime, intelligence and threat assessments, emergency management and border and transportation security.

With the 20 anniversary of the deadliest attack on American soil approaching, Cilluffo reflects on the past and future threats to our nation.

In the 20 years since the 9/11 terrorist attacks and the subsequent establishment of Homeland Security, it seems like Americans have become unaffected about the chances of a similar attack. And yet there is much to warrant grave concern these days. What happened since 9/11 to make cyber terrorism a primary threat to our nation? 

There is definitely much to warrant concern these days. At the risk of being the bearer of bad news, the terrorism threat to the homeland has actually increased recently. The U.S. pullout of Afghanistan, for instance, has breathed new life into jihadist groups both within and outside Afghanistan. Moving forward, Afghanistan may again become a safe haven for jihadists to launch terrorist attacks against the United States and our citizens and interests here and abroad. It will therefore be critical to keep eyes and ears open to monitor threats to this country. Having said that, the terrorist threat never went away.

For the past 20 years, we put an enormous amount of effort into counterterrorism, and now we can only hope that our hard-earned gains in this regard will not be squandered. While Americans may have had a fluctuating sense of the threat over time, with peaks and valleys largely based on how the threat was being communicated and how and where the threat was most visible, it is important to understand that this perception among the public was an outgrowth of all the work we put into counterterrorism, including for example retooling the entire national security and homeland security communities in the aftermath of 9/11.

With all that in mind, the cyber domain and cyber tools offer our adversaries additional means to try to achieve their goals. While cyber threats have certainly become pervasive since 9/11, they come in a range of shapes, sizes and forms: Not all hacks are the same nor are all hackers—their capabilities and intentions vary widely. Terrorist groups for example, have long made use of the Internet for a range of purposes such as to fundraise, plot and plan, recruit and train, radicalize and propagandize; but to date it has been nation-state actors, such as China and Russia, who have demonstrated the highest level of sophistication and persistence in relation to cyber activity. The more connected we become, such as through the Internet of Things, the greater our attack surface and the more vulnerabilities we have. Cyber tools have to an extent leveled the playing field, allowing nonstate actors to exercise outsized (i.e. asymmetric) impact against entities that are much more powerful in traditional terms. But nation-states remain at the highest end of the threat spectrum, and the emphasis that these actors place on cyber capability should be seen in the larger context of competition among the great powers.  

We aren’t just talking about the hackers who steal credit card numbers and Social Security numbers, right? Yes, identity theft is a big deal, but those criminals/terrorists who hijack city power grids and use ransomware to shut down fuel pipelines are the real problem. Why should Americans see this kind of cyber activity as a legitimate concern? 

Cyber activity directed against critical infrastructure targets such as power grids and fuel pipelines hit people where it hurts. The most critical of the critical—the so-called lifeline sectors—form the foundation for our national security, our economy and our way of life. Circumstances degrade awfully quickly when the water or power supply, for example, is adversely impacted for an extended period of time. Disruption of critical functions and infrastructures, especially at the national level, may also have cascading effects due to interdependencies between key sectors; so it is not just one domino that may fall but instead a whole series of them. Given limited resources, we therefore need to prioritize risk and seek to manage it accordingly. We may not be able to protect everything everywhere all the time; but we should focus on mitigating the vulnerabilities that could cause the most serious harm to our national security, economy, public safety and way of life. All that said, the cyber threat is truly varied. There are certainly criminal groups who are in it for the money—ransomware has hit epidemic proportions—and some cybercriminals are focused on identity theft and other related crimes. It is worth noting that criminal groups or technically savvy individuals may also take their talents elsewhere, offering their services to the highest bidder.

What is motivating those in countries like Russia and China to use cyber tools and measures against our nation in this manner? Is it simply about money? Or do they just want to paralyze our economy? 

Countries like Russia and China are motivated by their national interests and geopolitical strategy. They seek to advance their own economic, political, military, intelligence, diplomatic and other goals—and cyber activity directed against the U.S. is a means to those ends. In other words, you can’t look at Russian and Chinese activity through a cyber lens alone and in isolation from the larger competition among great powers. Taken in broader context, while countries like Russia and China have been known to enlist proxies to do their bidding for the state, with the possible exception of North Korea, it is not so much about money alone—although intellectual property theft for example can reap enormous ill-gotten profits and advances in military and technological capabilities in both the short term and long term. By comparison, for those individuals acting as proxy forces for the state, money may serve as more of a motivating factor, but not always; sometimes hackers will be motivated to support the state for patriotic or other reasons. Bottom line: Subverting the U.S. economy may be a welcome outcome for our cyber adversaries, but an equally important aim for them is to shore up their own power (military, financial, diplomatic, etc.) 

How is the McCrary Institute at Auburn working with Homeland Security and other agencies to protect Americans? 

At the intersection of policy, research and education, the McCrary Institute is uniquely positioned to not only admire the myriad of problems in cyberspace, but also contribute to the solutions. Generally speaking, the agencies that protect Americans are inundated with daily crises and addressing immediate operational priorities. They just don’t have the time or resources to deal with strategic considerations beyond the here and now. The McCrary Institute can help by widening the lens and looking over the horizon to offer both context and insight. As a trusted convenor, we can also bring partner agencies together with other stakeholders, such as critical infrastructure companies, in a protected setting that allows individuals to interact in a frank and productive way.

At the core of Auburn University is education and building the next generation of cybersecurity professionals is a national imperative. But as the threat grows, so does the growing gap in the cybersecurity workforce. If cyber education is the solution, Auburn University is on the ground floor. Working with our colleagues in the Samuel Ginn College of Engineering, the Department of Computer Science and Software Engineering and across campus, Auburn is arming students with the knowledge, tools and tradecraft to develop tomorrow’s cyber warriors and cyber defenders. To be clear, in addition to our government-related work, the McCrary Institute works hard to build partnerships with the private sector and to help foster public/private partnerships, because neither government nor the private sector can go it alone when it comes to cyber challenges. Bottom line, when it comes to cyber, a slow news day is a good day.

More Information To arrange an interview with our experts, please contact Preston Sparks, director of university communications services, at

Auburn University is a nationally ranked land grant institution recognized for its commitment to world-class scholarship, interdisciplinary research with an elite, top-tier Carnegie R1 classification, life-changing outreach with Carnegie’s Community Engagement designation and an undergraduate education experience second to none. Auburn is home to more than 30,000 students, and its faculty and research partners collaborate to develop and deliver meaningful scholarship, science and technology-based advancements that meet pressing regional, national and global needs. Auburn’s commitment to active student engagement, professional success and public/private partnership drives a growing reputation for outreach and extension that delivers broad economic, health and societal impact.