Inside State Cyber Defense: Whole-of-State Security with Alabama’s Daniel Urquhart and Chad Smith
Season 2 Episode 46 •Show Notes
State and local governments are stepping up to defend critical services against fast-evolving cyber threats. In this episode of Cyber Focus, Alabama’s top IT leaders show how they’re staying ahead of the curve. They explain how a hybrid, highly decentralized environment forces them to lean on shared standards, SLCGP funding, and whole-of-state partnerships. Along the way, they unpack a recent incident that came dangerously close to crisis and what it revealed about tools, visibility, and trust. They also look ahead to AI-enabled attacks, deepfakes, and “distortion,” and why automation and better intel will shape Alabama’s next moves. Watch to see what other states, utilities, and local leaders can learn from Alabama’s playbook.
Main Topics:
- How Alabama OIT governs technology across roughly 140 executive agencies in a mostly decentralized environment.
- Using SLCGP funds, shared contracts, and enterprise tools to lift up smaller municipalities that lack resources.
- Rethinking threat intelligence by pairing MS-ISAC and CISA feeds with deep knowledge of state business processes.
- Lessons from a major cyber incident, including incident-response retainers, tooling gaps, and the value of open communication.
- Building whole-of-state partnerships with CISA, FBI, utilities, National Guard, and the McCrary Institute through exercises and real incidents.
- Preparing for AI-enabled cyberattacks through automation, platform integration, and continuous upskilling for Alabama’s cyber workforce.
Key Quotes:
“Cybersecurity is a team sport. It’s not just one person. We’re trying to build the community.” — Daniel Urquhart
“There’s a huge concern that I have as we think about the amount of threats that are going to come at us from an AI enabled cyber attack. It is going to be so broad and so unlike anything that we’ve seen today.” — Chad Smith
“I think we have to be willing to talk about [a recent cyber incident] so that people can learn from it, but also so that people know, hey, they’re actually doing something and things are happening in a way that we can respect.”— Chad Smith
“We try to do a lot of education and team building and building that cohesive whole estate approach by setting up technology demos and articulating the why.” — Daniel Urquhart
“We’ve done a really good job the last couple of years working with the FBI, Secret Service, National Guard. Those types of partnerships can make us stronger as a state.” — Daniel Urquhart
Relevant Links and Resources
· Alabama Office of Information Technology
· Multi-State Information Sharing and Analysis Center
Guest Bios:
Daniel Urquhart is the Secretary of the Alabama Office of Information Technology. OIT is responsible for the strategic planning, governance, and resource utilization of all IT for the State of Alabama. Before joining OIT, he served as CIO for the Alabama Law Enforcement Agency, where he worked with industry partners to build a state-of-the-art criminal justice network.
Chadwick Smith serves as the Chief Information Security Officer for Alabama’s Office of Information Technology (OIT). Mr. Smith has worked in the technology industry for over twenty-five years. Prior to joining OIT, Chad worked in the insurance, banking, and data communications industries.
Transcript
1
00:00:00,000 –> 00:00:01,000
Chad Smith [00:00:00]: We were probably within four days of seeing something very tragic happen within the state. It was because of some pinpointed information that they were able to assess for us, and then that we were able to pull the string on to begin to threat hunt inside the environment and find that made a very strategic difference in remediating that event very rapidly.
2
00:00:01,000 –> 00:00:02,000
Frank Cilluffo [00:00:21]: Welcome to Cyber Focus from the McCrary Institute, where we explore the people and ideas and shaping and defending our digital world. I’m your host, Frank Cilluffo, and this week we’re in for a treat. We’re on location. We’re in the great state of Alabama, in its capital in Montgomery, and we are here for the Alabama Digital Summit. And we have the two leaders behind the summit joining us today for our podcast. First and foremost, we’ve got Daniel Urquhart, who is the Chief Information Officer, or CIO and also the Secretary for Alabama’s Office of Information Technology. And we also have Chad Smith joining us, who is the Chief Information Security Officer at Alabama’s Office of Information Technology. Gentlemen, thank you so much for taking some time with us today.
3
00:00:02,000 –> 00:00:03,000
Frank Cilluffo [00:01:12]: And I know you’ve got a busy day since you’re hosting a number of people across the state. Daniel, I thought I’d start with you and sort of to give our viewers a sense of what a state does on the front lines of dealing with some of these cyber crises. And we just had the government reopen and we just had some important cyber provisions that were included in the legislation, including the ability to share information between government and industry and ensuring some of the liability protections, as well as state, local, the SLCGP funding, the significance of state and local. So I thought couldn’t have a better time to talk about what the great state of Alabama is doing. So tell our viewers, listeners, a little bit about what a day looks like in the front lines and your mission.
4
00:00:03,000 –> 00:00:04,000
Daniel Urquhart [00:02:06]: Alright, well, thanks, Frank. Thanks for, thanks for having us on the show for starters. Definitely an honor to be here, watch your podcast every day. So glad to be a participant.
5
00:00:04,000 –> 00:00:05,000
Frank Cilluffo [00:02:14]: Thank you.
6
00:00:05,000 –> 00:00:06,000
Daniel Urquhart [00:02:15]: Every day can look a little different. We have a kind of a fairly large mission within state government, mainly over the executive branch is what we, our constituents that we try to serve, which is around 140 agencies. So we set the technology standards, we provide IT policies and governance. We also create all of the statewide contracts for executive branch government as well as local government. So we don’t necessarily have a hand in how they run their daily operations, but they typically use our contracts for procurement of IT goods and services. So that keeps us fairly busy. We’re running a little mini business in addition to all the technology aspects of it as well.
7
00:00:06,000 –> 00:00:07,000
Daniel Urquhart [00:03:04]: And we collectively try to monitor everyone that’s in our shared tenant. We have a Microsoft Forest that’s been kind of built over time. Like a lot of states, it’s got roughly 25,000 people inside of it. And those are all of our large executive branch agencies that represent cabinet members on the governor’s cabinet. So they have their own autonomy somewhat. We’re a hybrid state. Every state has a different operating model. It’s like Doug Robinson says at NACIO, if you, if you know one state, if you’ve seen one state, you’ve seen one state.
8
00:00:07,000 –> 00:00:08,000
Daniel Urquhart [00:03:40]: And that, and he’s, he’s exactly right. Our models, it’s hybrid, but it’s somewhat consolidated, but it’s mostly decentralized. We have a lot of autonomy at the agencies. They build and buy their own platforms and manage infrastructure, which is kind of scary from a cybersecurity perspective. Right? When you have the ability to go purchase and procure things, sometimes our only stopgap is the procurement when they get ready to buy products. So we try to do a lot of education and team building and building that cohesive whole estate approach by setting up technology demos and articulating the why. Right?
9
00:00:08,000 –> 00:00:09,000
Daniel Urquhart [00:04:21]: I mean, we all know we need to be protected, but what are we protecting and why?
10
00:00:09,000 –> 00:00:10,000
Frank Cilluffo [00:04:25]: Awesome. Awesome.
11
00:00:10,000 –> 00:00:11,000
Daniel Urquhart [00:04:26]: So that helps drive some level of standardization. You always have the one offs that you have to deal with, but it makes cybersecurity a little more cohesive at times. For my fellow panelist here, Chad Smith, I’m sure he has plenty to say around that. But we’re also the state administrative authority for the state and local cybersecurity grant, which is a little different model in Alabama. Most states that’s part of homeland security. So for the purpose of this grant, it was delegated to centralized IT to manage that. So we kind of had to, we had to build the program because we’re more of a technology agency and not necessarily a grant operational agency. We’ve partnered with McCrary Institute to help us with that whole estate approach.
12
00:00:11,000 –> 00:00:12,000
Frank Cillufo [00:05:14]: War Eagle.
13
00:00:12,000 –> 00:00:13,000
Daniel Urquhart [00:05:15]: Hey, there we go. To help us with that whole estate approach to build that community around the city and local government, which is very important. That’s the target of this grant. So we’ve really got a good planning committee, we’ve got the mechanics of the program running really well. And now we’re in execution mode. So very thankful the government opened back up yesterday. I think that will help push these initiatives forward.
14
00:00:13,000 –> 00:00:14,000
Frank Cilluffo [00:05:42]: You know, Daniel, not to make this about McCrary, but we’re extremely privileged and proud to work with you all to get to the, to get to where the rubber really hits the road in our communities in the state of Alabama. So thank you. Chad, anything you want to add to, I mean, a CISO’s role is never, I normally ask what keeps you up at night, what helps you sleep at night, but a CISO’s role is really challenging. But anything you’d like to share in terms of AOIT’s role in all of that and some of your personal thoughts and views.
15
00:00:14,000 –> 00:00:15,000
Chad Smith [00:06:18]: Thank you, Frank, for allowing us to be here today. And thank you for McCrary Institute, first of all. You’ve been a huge help to us. And one of the recent events we went through, you guys were spot on right there with us in the trenches fighting. So thank you for that. One of the unique parts about our mission at Alabama Office of Information Technology is, is that we are not have, we do not have direct oversight over a lot of these agencies, but we’re looked at as an advisor. And so one of the opportunities that we get is to go in and speak with some of these other agency heads and talk about, hey, let us help you.
16
00:00:15,000 –> 00:00:16,000
Chad Smith [00:06:48]: And so SLCGP grant has helped us in that capability as well. So we have attack surface intelligence and other kind of capabilities that allow us to go in and look, for instance, at what’s happening in some of our local municipalities. And a lot of times they just don’t have access to those kind of tools. And so we’re able to leverage some of the buying power and resources we have as well as the intelligence to help augment their capabilities. And so it’s given us the capability from a cybersecurity standpoint to really look broad across the state. And we’re looking at some things like how sick are we as a state? And being able to look at that holistically and say, hey, how can we advise the governor and other people about these are things that we need to do from a legislative or priority standpoint. So that’s helped us to have that capability.
17
00:00:16,000 –> 00:00:17,000
Frank Cilluffo [00:07:32]: So having sort of that managed services visibility first and then sort of, that plays a huge role because, I mean, you look at the Alabama Powers, the Southern Companies, the Regions Bank, they have resources, they take this seriously day in, day, night. But then you look at some of the smaller companies, and I think what ransomware has demonstrated is everyone’s a target. I mean, it’s democratized the threat. So do you feel like you’re getting the visibility y’all need as much as anyone can? I mean, in a perfect world we’d have perfect visibility. But how do you think that’s going?
18
00:00:17,000 –> 00:00:18,000
Chad Smith [00:08:12]: It’s gotten a little bit more difficult because of the level of attacks that are occurring and the covert nature of them. We’re having to work with, for instance, MS-ISAC and others. When you think about the sensors that we’ve all questioned, you know, what’s going to happen and how are we going to deal with those based on funding models of CISA? And so we’ve had to think about threat intelligence differently. One of the things I’ve challenged the team is we don’t need to just look at what’s happening from a threat intelligence externally, but also how do we think about threat intelligence internally. So one of the things that we’re getting better at is being able to understand how the business processes function within the state. And so I believe the next level of the game that we’re after here is what are we actually doing, not only to take and ingest large amounts of data so that we can respond to exploits and vulnerabilities and things that are happening in that manner.
19
00:00:18,000 –> 00:00:19,000
Chad Smith [00:09:03]: But internally, whenever you think about a mechanism that I wanted to talk about today called distortion. How can we go in and distort reality in some way? And so whenever I think about that, things that are happening.
20
00:00:19,000 –> 00:00:20,000
Frank Cilluffo [00:09:15]: A lot of that going on, right?
21
00:00:20,000 –> 00:00:21,000
Chad Smith [00:09:17]: With deep fakes and with voice and all these other kind of things that are happening to distort the way that reality looks and the way that artificial intelligence is hitting us, it can overwhelm a security operations center very rapidly. Because they’re already overwhelmed by the amount of logs and other things that they’re having to pay attention to. And so I think about the art of war and I think about the things that we’re having to deal with. We’ve got to also have an internal focus to say what are happening, what’s happening internal to our organization and how could that affect us and what do we need to be ready for? So we’re having to play a multi pronged game here.
22
00:00:21,000 –> 00:00:22,000
Frank Cilluffo [00:09:50]: Yeah, and not many states went into business thinking they had to defend against nation states, against foreign militaries, foreign intelligence services, but that is the battlefield today. And I actually support conceptually the focus on empowering our state, local, tribal, territorial partners, empowering industry. But they do need the resources to get the job done, right? Daniel, in terms of some of the technology, because you can drive some of that, and I’m sure you’re going to send some messages to the audience today about that. Anything you want to share here and any concerns about foreign technologies that do have potential national security implications? Any Huawei in the state of Alabama systems?
23
00:00:22,000 –> 00:00:23,000
Daniel Urquhart [00:10:45]: Yeah, I don’t know. We have a pretty strong legislature with all of those, and there’s usually a bill that gets propped up every year. But we work really closely with our state purchasing to make sure all of those contracts are in alignment. And we’re putting, we’re trying to not be overburdensome by putting a lot of requirements inside of those procurement contracts we all see, but that does kind of, nationally, that creates other, other issues.
24
00:00:23,000 –> 00:00:24,000
Frank Cilluffo [00:11:09]: Absolutely.
25
00:00:24,000 –> 00:00:25,000
Daniel Urquhart [00:11:10]: But we, we do have a triage method to make sure that, you know, we’re not onboarding negative technology. That’s not to say it doesn’t happen because you know the reality, the reality is, is the, the final procurement is not a really good governance model. You need to, if you controlled everything centrally, it makes it a lot easier.
26
00:00:25,000 –> 00:00:26,000
Frank Cilluffo [00:11:27]: Well said.
27
00:00:26,000 –> 00:00:27,000
Daniel Urquhart [00:11:28]: Like most private organizations function, But we do try to push standard. We have strategic business partners, obviously one with Microsoft and with Cisco, and we’re trying to purposefully implement features within those tool sets that we’ve already paid for so we can see our realized economies of scale with what we’ve already purchased. I don’t need 10 tools that do the same thing. I need to standardize on base platforms to give us a baseline level of security across the enterprise. It makes incidents that we had recently with our cybersecurity event a lot easier when you already have tool sets deployed, you’ve got the telemetry, you know where to look. You don’t have to deploy things to figure out in reverse what happened to you.
28
00:00:27,000 –> 00:00:28,000
Frank Cilluffo [00:12:12]: Which often is the case. Right? You say, you led the witness here. Let’s talk about an incident. So every state has had an incident, whether they know it or not. And in most cases, they know it. And they often know it too late. But if you wouldn’t mind shedding some light, and in as much as you’re comfortable discussing a recent incident y’all did face.
29
00:00:28,000 –> 00:00:29,000
Daniel Urquhart [00:12:37]: Sure, I’ll, I’ll start it. And I’m going to hand it over to my CISO here. He’s got a lot more details. That was ironically, Chad was, had been onboarded, what, about two months
30
00:00:29,000 –> 00:00:30,000
Chad Smith [00:12:45]: Maybe.
31
00:00:30,000 –> 00:00:31,000
Frank Cilluffo [00:12:46]: Oh, boy.
32
00:00:31,000 –> 00:00:32,000
Daniel Urquhart [00:12:47]: Maybe two months.
33
00:00:32,000 –> 00:00:33,000
Frank Cilluffo [00:12:48]: Baptism by fire there, huh?
34
00:00:33,000 –> 00:00:34,000
Daniel Urquhart [00:12:49]: Yeah, just recruited him, said, oh man, we haven’t had any incidents in a while. Come on. It’s fine. It’s, you know, you have plenty of time to get ramped up. Well, two months later we have, you know, we get, we get a notification from MS-ISAC which, you know, just reiterates the value that they provide to the states as a whole through the, through the sensor programs.
35
00:00:34,000 –> 00:00:35,000
Daniel Urquhart [00:13:07]: That’s what we participate in. So we started working in reverse. Luckily we already had a incident response retainer in place, so we kind of got the investigation started. And that was one of the main challenges was we didn’t have consistent tool sets deployed. So you have to spend a couple of days pushing out tools just to get the telemetry to figure out kind of what happened and work your way backwards into the event. I do think Chad being on board did a really good job. He’s got a lot of experience as a state CISO and, or just a CISO in private industry. We did a really good job of bringing the community together.
36
00:00:35,000 –> 00:00:36,000
Daniel Urquhart [00:13:47]: Right? That’s always, that’s how some, a lot of people get. Yeah. If you don’t communicate early and often, then typically you’ll get, you’ll get skewered by your peers and the media and everyone else. So we did a really good job of kind of getting the message out there, telling them we’re investigating as we walked, walked through the issue and went to the containment remediation. So I’ll say that’s definitely a bright spot.
37
00:00:36,000 –> 00:00:37,000
Frank Cilluffo [00:14:13]: That was a good story to tell.
38
00:00:37,000 –> 00:00:38,000
Daniel Urquhart [00:14:14]: Yeah. From this event.
39
00:00:38,000 –> 00:00:39,000
Frank Cilluffo [00:14:16]: Without a doubt.
40
00:00:39,000 –> 00:00:40,000
Daniel Urquhart [00:14:17]: Yeah, absolutely.
41
00:00:40,000 –> 00:00:41,000
Frank Cilluffo [00:14:18]: Chad, you want to pull the thread on that? Take us day one.
42
00:00:41,000 –> 00:00:42,000
Chad Smith [00:14:21]: 7:45 that night, sitting on the couch in the living room. Boy, that was a nice, you don’t forget, I remember that phone call. And I looked down at my phone and it was a CISA rep. And I thought, why is she calling? And then the reality hits you before you ever even answer and you’re like, I know why she’s calling. This is not going to be a fun phone call. I remember just immediately setting off and triggering all the things that we had put in play whenever I’d come on board. We did not have an incident retainer at the time.
43
00:00:42,000 –> 00:00:43,000
Chad Smith [00:14:49]: And I’m so grateful that we had the wisdom and foresight to go ahead and get that in place because we immediately executed on that. There’s a lot of coordination that goes on in standing up. Your team came in. McCrary came in to help us. We had a lot of other incident responders come in. We were working two weeks. In one week we clocked 95 hours.
44
00:00:43,000 –> 00:00:44,000
Frank Cilluffo [00:15:07]: Wow.
45
00:00:44,000 –> 00:00:45,000
Chad Smith [00:15:07]: Just on a single FTE being able to manage the event and go through the things that were happening. That left us, you know who Jocko Willink is. Do you know who I’m talking about, Frank? Jocko has a podcast and one of the things Jocko, he’s got a video if you get an opportunity to link it. It talks about good. And every time something bad would happen, Jocko would say good. And it made me think about that. Because even though things were bad, there were good that came out of it. There’s a lot of good that came out of it. It brought attention to some things that we needed to pay attention to that had been, from a technical debt standpoint, been allowed to exist for quite some time.
46
00:00:45,000 –> 00:00:46,000
Chad Smith [00:15:49]: So that was very helpful from that standpoint. There was a lot of good that came out of it, but it was a lot of heartache along the way and it affected business. We did not lose any citizen information. We did not have a compromise of anything like that. But what it did is it brought to light some things that needed to be paid attention to holistically. And because of that, I think we’re going to see some long term effects for the state.
47
00:00:46,000 –> 00:00:47,000
Frank Cilluffo [00:16:10]: So Winston Churchill, not to take away from Jocko’s views, but always said, never let a good crisis go to waste. And the reality is you learn by doing, right? I mean, you can have all the, and then General Eisenhower, one of my favorite quotes is, in preparation for battle, I’ve often found plans to be useless. I’m not suggesting we don’t have plans, but planning to be indispensable. And there’s nothing like a game day sort of situation. How did you try to turn some good into all of that? In addition to what you’re doing internally? Did your legislature, because the other challenge is it’s always difficult. Every state is struggling with so many issues and their limited resources.
48
00:00:47,000 –> 00:00:48,000
Frank Cilluffo [00:16:58]: And unfortunately in our business, they often pay attention when it’s too late, you get kicked in the teeth. But how did we turn that into a positive? It probably built some cohesion in the team and recognized some of the, some of the needs and the TTPs that y’all can put in place. But did it also open eyes?
49
00:00:48,000 –> 00:00:49,000
Daniel Urquhart [00:17:22]: I think it did. From, I know from, certainly from my chain of command, the governor’s office, they were obviously concerned with that. Anytime you have any kind of security breach, you have citizen information, you have basic trust in government that can be adversely affected. So we did really well as far as no data was exfiltrated, but it did help internally with the IT team, since we are a hybrid state, it helped build that need for a cohesive, at least a baseline set of security tools that everybody uses. So we were already working towards hardening our environment. We recently upgraded to Microsoft’s G5 suite across the email and the collaboration platform. And we were having struggles with some of the agencies deploying all of the agents and the tools because they had some overlapping technology. So never let a crisis go to waste.
50
00:00:49,000 –> 00:00:50,000
Daniel Urquhart [00:18:16]: This event helped push those out immediately to give us that baseline of security. So, I mean, from that perspective, I think we became stronger and more cohesive as a state. We certainly learned how to communicate better internally. Across all of the OIT teams and I think externally as well.
51
00:00:50,000 –> 00:00:51,000
Frank Cilluffo [00:18:34]: Chad, anything you want to add to that?
52
00:00:51,000 –> 00:00:52,000
Chad Smith [00:18:37]: I don’t think I realized how well we had handled it until several months later. Whenever I had dinner with someone and they were at dinner with us and he said, hey, man, I got to tell you, the communications you guys had on that were A1. He said, they were just wonderful. And Daniel alluded to it earlier, it was, internally, we were having one a days at times with department heads, cabinet level members, making sure they knew what actions we were taking, how we were responding. And then externally, we were releasing, through Jeremy Ward and others on our communications teams, we were coordinating externally so that people knew, hey, this is publicly facing what you need to be aware of. And so that’s one thing I would encourage people with is, you know, oftentimes you get in these kind of situations and you find yourself sort of wanting to crawl into a shell and not talk about it. And I think we have to be willing to talk about it so that people can learn from it, but also so that people know, hey, they’re actually doing something and things are happening in a way that we can respect and we understand the privacy of it. But thank you for taking care of it.
53
00:00:52,000 –> 00:00:53,000
Chad Smith [00:19:37]: And we kept people in the loop, which is a big deal.
54
00:00:53,000 –> 00:00:54,000
Frank Cilluffo [00:19:40]: Yeah. And I think that, so firstly, I’m biased, but I have seen many incidents. And I think that your conversation with your friend, y’all handled it exceedingly well. And I do think the immediate reaction is to get into that shell. That, bad news doesn’t get better over time. It just bites you harder. So I think there are some lessons there that hopefully other states can learn from and you can learn from.
55
00:00:54,000 –> 00:00:55,000
Frank Cilluffo [00:20:18]: I mean, my dad used to say, may he rest in peace, always learn from your mistakes, but even better to learn from the mistakes of others. So I think there is some benefit in having a pool of resources. And I know we’re coming near the end of our time, but I’m not sure everyone realized it was a CISA rep, the regional representative. So we talk a lot about federal, state, local, but here it shows that that syncing up without that tip off, it could have been a really bad day, right?
56
00:00:55,000 –> 00:00:56,000
Chad Smith [00:20:54]: Yes. It could have gotten worse. We were probably within four days of seeing something very tragic happen within the state. It took us many, many days to find patient zero. And I think that goes back to that whole distortion conversation we were having earlier. It was because of some pinpointed information that they were able to assess for us and then that we were able to pull the string on to begin to threat hunt inside the environment and find that made a very strategic difference in remediating that event very rapidly.
57
00:00:56,000 –> 00:00:57,000
Frank Cilluffo [00:21:25]: And again, sometimes people look at these as boxes and org charts, but, but, and that tends to be the typical D.C. way. But here you saw it in action and I think that’s the narrative that matters here. You can’t be exchanging business cards when the bomb goes off or when something bad happens. This is building trust. It’s doing the reps every day.
58
00:00:57,000 –> 00:00:58,000
Frank Cilluffo [00:21:51]: Right? And I know you have looked at how to build on that within the state through a crisis. But I also think that that federal, state, local piece becomes so important. And talk to us about partnerships here, because one team, one fight. But my goodness, it’s everyone, everyone, everyone is part of this team, but they don’t always realize it until it’s too late. What, what is Alabama doing uniquely in the partnership business, which isn’t a bumper sticker and it’s not a feel good, woo woo kind of thing, this is important, right?
59
00:00:58,000 –> 00:00:59,000
Daniel Urquhart [00:22:34]: Yeah, you’re exactly right. Cybersecurity is a team sport. It’s not just one person. We’re trying to build the community. Chad’s doing a really good job of outreach with the local agencies. We have a strong ties with our federal partners as well. You know, I can, just thinking back historically, I’ve been with the state for roughly 22 years, and most of the major incidents that we’ve been alerted to came from CISA, came from that intelligence inside of the network.
60
00:00:59,000 –> 00:01:00,000
Daniel Urquhart [00:23:03]: So, you know, that’s a very valuable partnership and it’s very, very helpful to the state. A lot of times we, when you have disparate tools and you don’t have that central plane of view, you need, you hate to hear it in reverse, but it’s certainly, it’s better to hear it then, right, than not at all?
61
00:01:00,000 –> 00:01:01,000
Frank Cilluffo [00:23:21]: Yep.
62
00:01:01,000 –> 00:01:02,000
Daniel Urquhart [00:23:22]: So I think those relationships are strong. We’ve done a really good job the last couple of years working with the FBI, Secret Service, National Guard. Those types of partnerships can, can make us stronger as a state. Obviously we have managed partners. You guys are one of those. We have someone helping us with our 24/7 security operations as well for the executive branch. So I think it’s just, it’s a team sport and you’ve got to have those relationships and know who to call and when to call.
63
00:01:02,000 –> 00:01:03,000
Frank Cilluffo [00:23:53]: Absolutely. And I might note that the adjutant General is forward leaning in the state and a good partner in all of this. Chad, anything from, from your perch?
64
00:01:03,000 –> 00:01:04,000
Chad Smith [00:24:03]: I had the pleasure, Nick on your team has been a great resource for us. And Nick and I were in Washington recently and got to meet Sean Cairncross and talk to ONCD about some of the things we’re doing, the work that we’re also doing with our partners at CISA. But we recently had a TTX that I think that also really showed a lot. We had DHS, we had the FBI, we had one of our major utilities there, we had EMA there from Alabama. And whenever we went through that immersive, we redesigned how TTXs are done. We went into an immersive virtual experience where we had scenarios that were playing out on the screen in real time for us and so that we could immerse ourself in what it would look like and the awareness that that brought and the reality of it that people were going, you know, we’ve never seen anything like this before, but number two, how it drew people into the conversation. And we began to have very candid conversations about hey, who’s got whose satellite phone numbers? How are we handling these kind of things when comms go down? It was more than just us sitting there reading through a scenario on a piece of paper.
65
00:01:04,000 –> 00:01:05,000
Chad Smith [00:25:03]: And it really engaged those people in such a way that I feel like not only brought them into the picture, but it allowed us to talk very openly about the things that we’re struggling with and it not just be a regular paper based exercise.
66
00:01:05,000 –> 00:01:06,000
Frank Cilluffo [00:25:15]: Love it. I mean in the counterterrorism business and the homeland business we used to say make the big mistakes on the practice field, not Main Street, USA. In this case it’s all USA because everything’s connected in one way or another. And I might just note here, again I’m trying not to be too infomercially, but I’m proud of our team. Nick, Tucker, Jonathan, they’re all, it gets them excited to get up every day because you are serving something beyond self and it’s not behind a keyboard.
67
00:01:06,000 –> 00:01:07,000
Frank Cilluffo [00:25:50]: These are people that are affected, and I’m not sure everyone recognizes that, but it makes a difference. It gives you a reason to get up and, and do good things. Gentlemen, I know we’re at the end of our time, but I always, last question is what questions didn’t I ask that I should have?
68
00:01:07,000 –> 00:01:08,000
Daniel Urquhart [00:26:10]: I think you hit a pretty good array of it, array of topics here. Definitely highlighted some things we’re working on. I think the big message for from my perspective is partnership. We’re all in this together. We need reliable partners that are willing to help us and kind of bend the business as things change. Because situations don’t stay stagnant in this field, unfortunately. They change all the time.
69
00:01:08,000 –> 00:01:09,000
Daniel Urquhart [00:26:35]: AI is changing them more rapidly, the attacks are mutating. So we need partners that are progressive and are able to help lead us and go with us together to fight the fight.
70
00:01:09,000 –> 00:01:10,000
Frank Cilluffo [00:26:46]: And for our students listening and viewing, that’s a good thing. You’re always going to be learning something. Chad, what questions didn’t I ask that I should have? I mean there’s so much we could cover.
71
00:01:10,000 –> 00:01:11,000
Chad Smith [00:26:56]: I’m surprised you didn’t ask about artificial intelligence more because most people always want to know. To me, that’s the strategy that we’re thinking about is what the future looks like. That’s one of the questions I was hoping we’d come out is what does the future look like not only in the state of Alabama, but for information security, cybersecurity. And we have talked a lot about AI, and you think about companies like Anduril and Palantir and all of these defense organizations that are really pushing the leading edge of what’s happening there. The state of Alabama is thinking about that as well. I’m currently in class at John Hopkins University and we’re thinking about business strategy around artificial intelligence. And there’s a huge concern that I have as we think about the amount of threats that are going to come at us from an AI enabled cyber attack. It is going to be so broad and so unlike anything that we’ve seen today.
72
00:01:11,000 –> 00:01:12,000
Chad Smith [00:27:47]: We’re preparing for that. We’re looking at how we can automate our platforms and interconnect them so that we don’t become so human dependent. It’s one of the major initiatives we have in the next 14 months is how do we look at the interconnection of these automations so that whenever we do see something, we don’t have the delay in process to actually make things happen. And so we’re taking quite a bit of effort around that, not only strategically, but actually down to an operational level to make that function.
73
00:01:12,000 –> 00:01:13,000
Frank Cilluffo [00:28:11]: Awesome. And both from the adversarial perspective and from the good guys perspective. Right? Gentlemen, thank you for all you do every day. Thank you for your partnership. Thank you for spending some time with us, and keep kicking ass. So thank you.
74
00:01:13,000 –> 00:01:14,000
Chad Smith [00:28:25]: Thank you, Frank.
75
00:01:14,000 –> 00:01:15,000
Daniel Urquhart [00:28:26]: Thank you, Frank.
76
00:01:15,000 –> 00:01:16,000
Frank Cilluffo [00:28:27]: Thank you. Thank you for joining us for this episode of Cyber Focus. If you liked what you heard, please consider subscribing. Your ratings and reviews help us reach more listeners. Drop us a line if you have any ideas in terms of topics, themes, or individuals you’d like for us to host. Until next time, stay safe, stay informed, and stay curious.