Deterrence and the New Cyber Strategy with White House National Cyber Director Sean Cairncross
Season 3 Episode 11 •Show Notes
Cyber deterrence has long lagged behind the threat. In this special episode of Cyber Focus recorded on March 11, 2026, White House National Cyber Director Sean Cairncross argues that the United States can no longer afford a posture built mainly around resilience and response while adversaries, criminal groups, and state-backed proxies operate at low cost and low risk. He presents President Trump’s new National Cyber Strategy as an effort to change that calculus by aligning government policy, offensive and defensive capabilities, industry partnership, and international coordination around a more forward-leaning approach.
The conversation walks through the strategy’s six pillars, from shaping adversary behavior and streamlining regulation to modernizing federal systems, securing critical infrastructure, protecting U.S. technological advantage, and expanding the cyber workforce. Cairncross emphasizes a core theme throughout: private companies should not be left to fend for themselves against foreign intelligence services and military-linked actors, and government must do more to impose cost, remove friction, and support practical security outcomes.
Main Topics Covered
- Cyber deterrence and imposing costs on adversaries
- Public-private partnership and smarter regulation
- Federal modernization and procurement reform
- Critical infrastructure resilience
- AI, post-quantum policy, and cyber workforce development
Key Quotes
“Resiliency is great, but resiliency…implies that you’re taking hits.” — Sean Cairncross
“There is a lot that can be done to deny [bad cyber actors] the benefits of their activity, to make life harder for them online and to deny them safe haven.” — Sean Cairncross
“I think if you get hit by a foreign adversary, for the USG to turn around and point a finger at you is essentially shifting blame… It’s not going to succeed unless both sides of that coin are working together and being collaborative.” — Sean Cairncross
“We can work on procurement speed. We can work on technological innovation and adopting that technology much more quickly than we have.” — Sean Cairncross
“This [low-cost, high-reward incentive structure for malicious cyber actors] has been allowed to go too far and get too far out of whack … and we need to reset that.” — Sean Cairncross
Relevant Links and Resources
President Trump’s National Cyber Strategy
Cybercrime executive order signed the same day as the strategy
Post-quantum policy / “PQC” executive order or action under development
Guest Bio
Sean Cairncross is the White House National Cyber Director, serving as the principal adviser to the president on cyber policy matters. Before taking this role, he served in the Trump White House as deputy assistant to the president and senior adviser to the chief of staff. He also served as CEO of the Millennium Challenge Corporation and has held senior leadership roles in politics, government, and strategic consulting.
Transcript
1
00:00:00,000 –> 00:00:01,000
Sean Cairncross [00:00:01]: So many times these actors are given safe haven by our adversaries.
2
00:00:01,000 –> 00:00:02,000
Frank Cilluffo [00:00:07]: Yep.
3
00:00:02,000 –> 00:00:03,000
Sean Cairncross [00:00:07]: Or are working in conjunction with them. But I think there is a lot that can be done to deny them the benefits of their activity, to make life harder for them online.
4
00:00:03,000 –> 00:00:04,000
Frank Cilluffo [00:00:21]: Welcome to Cyber Focus from the McCrary Institute, where we explore where we explore the people and ideas shaping and defending our digital world. I’m your host, Frank Cilluffo, and this week I have the privilege to sit down with someone who is at the pinnacle of shaping cyber policy, Sean Cairncross. Sean is the National Cyber Director, which is the principal advisor to the president on cyber policy matters, and he joins us hot off the presses, the release of a national strategy, President Trump’s National Strategy on Cybersecurity. The strategy itself lays out 6 pillars. We’ll get into each of those briefly, and really excited to sit down with Sean today. Sean, thank you so much for joining us.
5
00:00:04,000 –> 00:00:05,000
Sean Cairncross [00:01:02]: Thanks for having me. Pleasure to be here.
6
00:00:05,000 –> 00:00:06,000
Frank Cilluffo [00:01:03]: So 6 pillars. Firstly, congratulations. As someone who’s been around trying to get national policies through, it’s a lot of blood, sweat, and tears. So congratulations for getting this done.
7
00:00:06,000 –> 00:00:07,000
Sean Cairncross [00:01:15]: Yes, I appreciate it. Obviously, this is the president’s strategy, and so a lot of work went into this through the interagency and the like, but we’re happy, we’re happy to have it out and get to work on it.
8
00:00:07,000 –> 00:00:08,000
Frank Cilluffo [00:01:28]: Get to work on it. Exactly. And you laid out 6 pillars: shaping adversarial behavior, promoting common sense regulation, modernizing and securing federal networks, critical infrastructure, which the McCrary Institute is near and dear to, sustaining superiority in critical and emerging technologies, and building talent and capacity. Before jumping into each of the pillars, what’s new about this particular strategy and what are you most excited about?
9
00:00:08,000 –> 00:00:09,000
Sean Cairncross [00:01:58]: Sure. Well, first, Frank, great to see you again and thank you to the McCrory Institute for having me in. You all have been on the front thought leadership on, in these issues and have been a big help to us in developing this. So thank you.
10
00:00:09,000 –> 00:00:10,000
Frank Cilluffo [00:02:11]: Well, it’s our privilege.
11
00:00:10,000 –> 00:00:11,000
Sean Cairncross [00:02:13]: First, let me sort of back up and say the biggest piece of this strategy is meant to reflect a real posture change from the United States government point of view. And this is something I think that has been developing over the, particularly the course of the last decade as we’ve seen adversarial threats in this space grow and scale, become much more persistent, become more advanced, the willingness of adversaries and criminal actors to be more aggressive in this space. There has been an eagerness to shift posture here and become more forward-leaning to do something rather than simply playing defense all the time. Resiliency is great, but resiliency—
12
00:00:11,000 –> 00:00:12,000
Frank Cilluffo [00:03:00]: Alone is insufficient.
13
00:00:12,000 –> 00:00:13,000
Sean Cairncross [00:03:02]: Right, and it implies that you’re taking hits. By definition, that’s what the word means. And so how can we shift that mindset on the other side of this equation so that before people engage in this, they consider that there’s more at stake for them maybe than there has been in the past. And that hunger, sort of what was missing from that, both on the industry side and on the USG side, was a direction from the very top that this is something that we should align the USG and our partnership and our international allies to steer toward. And so through a long train of events, some of which you were very much a part of, the office that I sit in was created, and because of President Trump and the administration, we’ve decided to really make that office into the principal lead for the USG and policy coordination. So that has allowed this strategy to come to the fore, and now we will be lining up our tactical activities and our policymaking under these broad strategy pillars.
14
00:00:13,000 –> 00:00:14,000
Frank Cilluffo [00:04:13]: Awesome, awesome. And that’s a perfect segue into pillar 1, which is shaping adversarial behavior. And I’ve been a bit of a broken record on this issue for a long time. We’ve in essence been blaming the victims, not necessarily imposing cost and consequence on the adversary. Imagine the physical world. If you’re robbing banks all the time and you blame the bank alone. That’s unacceptable.
15
00:00:14,000 –> 00:00:15,000
Frank Cilluffo [00:04:35]: And I think we have some real-world examples, which we’re not going to go into depth on, but whether it was in Venezuela, in terms of capturing Maduro, or whether in Midnight Hammer in Iran, and I’m sure General [Dan] Caine’s been talking about Iran most recently, we’re starting to see cyber as a first mover. And are we expecting more of that, or?
16
00:00:15,000 –> 00:00:16,000
Sean Cairncross [00:04:59]: Well, the first thing I’d say is, without question, the United States has the most capable and talented cyber operators on planet Earth. And we’ve seen that, the NSA, Cyber Command, our intelligence community, they’re amazing in what they can do and their capabilities. And that is certainly a piece of it in terms of the offensive cyber side. The other thing we’ve seen and the thing that, the sort of thing that I and the team are working on changing is on the adversary calculus side, you see a thought line that sort of says, well, there would never be an attack on the US homeland, any sort of kinetic attack or sort of an aggressive action like that because of the response it would bring. But for some reason, US critical infrastructure and through the cyber doorway and ransomware attacks by criminal organizations in these transnational criminal organizational groups, it’s a different calculus. It’s seen as less risky. And so that’s what we’re really focused on addressing. And it’s no accident that the strategy was signed by the president on the same day as a cybercrime executive order, which stitches together the interagency to really take on the scam centers and the transnational criminal organizations in a strategic, proactive way.
17
00:00:16,000 –> 00:00:17,000
Sean Cairncross [00:06:28]: What can we do to put a dent in this behavior strategically? Not, the USG, the private sector are very good at response. They’re very good at remediation. They’re good at that piece of it, but that piece alone isn’t enough to slow the tide of what’s coming. And like I said, which is scaling because we’re seeing AI infused into some of these attacks and the aggressive posture is growing, so we need to, we need to do something to slow it down.
18
00:00:17,000 –> 00:00:18,000
Frank Cilluffo [00:07:01]: Well, well said. And heretofore, in essence, we’ve kind of let our adversaries shape our strategy, right? We respond and that becomes the response. Now we’re trying to shake up the calculus.
19
00:00:18,000 –> 00:00:19,000
Sean Cairncross [00:07:11]: And that’s something the United States just doesn’t allow to happen in any other environment. And so this domain, regarding it as its own strategic domain, taking a whole-of-government approach is something that just, it’s been a long time coming. And I think that has a lot to do with the way that this domain sort of evolved originally and the various lines of authority that were sort of diffused throughout government. And everyone, it’s nobody’s fault. The intent has been great. There have been tremendous actors who have done so much to defend the country in the past, but we are just trying to build on those efforts and make them so much more impactful.
20
00:00:19,000 –> 00:00:20,000
Frank Cilluffo [00:07:52]: Well said. And I also appreciated the executive order around transnational criminal organizations and cyber. 3 years ago, what would be in the hands of maybe a group of 4 countries is now in the hands of criminal enterprises.
21
00:00:20,000 –> 00:00:21,000
Sean Cairncross [00:08:08]: That’s right. And, and so many times these actors are given safe haven by our adversaries or are working in conjunction with them.
22
00:00:21,000 –> 00:00:22,000
Frank Cilluffo [00:08:19]: The proxies question. Yeah.
23
00:00:22,000 –> 00:00:23,000
Sean Cairncross [00:08:20]: But there, I think there is a lot that can be done to deny them the benefits of their activity, to make life harder for them online and to deny them safe haven.
24
00:00:23,000 –> 00:00:24,000
Frank Cilluffo [00:08:32]: And you know, I saw recognition in the strategy that industry and the private sector, even the biggest companies in the world, didn’t go into business thinking they’re defending themselves against foreign militaries and foreign intelligence.
25
00:00:24,000 –> 00:00:25,000
Sean Cairncross [00:08:47]: That’s right. It’s not their job. That’s not what they’re designed to do. That’s not what they should be doing. They shouldn’t be engaged with a foreign intelligence service or a foreign military component. That’s not, that’s not what they do. And that’s the United States government’s job. And the way this system works, as you well know, our critical infrastructure is almost wholly run by the private sector.
26
00:00:25,000 –> 00:00:26,000
Sean Cairncross [00:09:11]: And so that defense really comes down to private sector actors. And the president has been abundantly clear that we need to lean in to the private sector and work with them. So, you know, you made an initial point about blame being shifted towards the private sector in some of these cases, and I think that’s nuts. I think if you get hit by a foreign adversary, for the USG to turn around and point a finger at you is essentially shifting blame. It’s letting government officials say, well, you should have done something better. But there’s no introspection to say, well, what is it that we could have done to slow this down? And so that’s not, it’s not going to succeed unless both sides of that coin are working together and being collaborative. And so we’re really trying to grow that relationship.
27
00:00:26,000 –> 00:00:27,000
Frank Cilluffo [00:10:02]: And what are some ideas around marshaling and mobilizing some of the private sector? Because they are at the very pointy end of innovation.
28
00:00:27,000 –> 00:00:28,000
Sean Cairncross [00:10:08]: Yep, they are. They have, the innovation, the skill, the competency that the U.S. private sector has is incredible. And they have an enormous insight on the sort of illuminating the battlefield and what they’re seeing. And so what really I think is key to all of this, what’s been key in the past and what could be improved quite a bit is the information sharing and the flow of that information between the USG and the private sector, making sure that that information is actionable and there is an alignment of priorities so that if we are asking them to do something, and by them I mean the private sector to do something, there’s an understanding of why, what the potential threat is, what the priority is, and allow them to work with their resources to protect the assets that they need to. And we’ll talk about it, but that’s also a big part of the second pillar of this, which is streamlining the regulatory environment.
29
00:00:28,000 –> 00:00:29,000
Frank Cilluffo [00:11:16]: You teed it up. Let’s go right there. So as you probably know, and ONCD has been very helpful to some work we’re doing with the US Chamber of Commerce, looking at common sense regulation and making sure that we aren’t just getting a check the box response but rather outcomes that are actually security oriented, anything there you’d like to share?
30
00:00:29,000 –> 00:00:30,000
Sean Cairncross [00:11:40]: Yeah, I think we’re working closely with our colleagues at OMB. We’re working with colleagues at CISA. Working with other regulatory agencies so that things like CIRCIA reflect congressional intent and the SEC rule aren’t, that form follows function so incident reporting doesn’t tie industry down and actually bog down a response, but is as efficient as possible so that, again, so that that function of of denying access and getting the system cleaned up first is taking place. So, and, you know, Frank, the other thing I’d say is, and I’ve made this clear, we’ve been around the country, have been overseas talking to industry. Industry shouldn’t assume that I or my team are the experts in whichever sector it is that they’re working in in that regulatory environment. They’re the ones who have resources in play. They’re the ones practically dealing with those effects day in and day out.
31
00:00:30,000 –> 00:00:31,000
Sean Cairncross [00:12:50]: And so part of the outreach and part of the communication is where can we work to take those friction points and get rid of them? Where can we blow those out of the water? And so we’re really looking for industry engagement as much as possible to identify those spots, and then we can bring a lot of heat onto it.
32
00:00:31,000 –> 00:00:32,000
Frank Cilluffo [00:13:08]: And you know, that’s a great point. So we’ve talked public-private partnership for decades, but now it’s actually getting to where it’s a genuine partnership, right? And they’re going to be informed in ways that no one, no one well-intended could do if they’re not living it day in, day out, right?
33
00:00:32,000 –> 00:00:33,000
Sean Cairncross [00:13:28]: Yeah. Yeah, no, I think in this town, a lot of times things like public-private partnerships get thrown around and—
34
00:00:33,000 –> 00:00:34,000
Frank Cilluffo [00:13:38]: Long on noun, short on verbs.
35
00:00:34,000 –> 00:00:35,000
Sean Cairncross [00:13:39]: Right, right. And so it’s rare to see sort of what the success in that sort of concept is. So we are looking for concrete ways to do that. I’m not talking about it in a theoretical way. Come sit down, let’s figure out what those priorities are and get to work on them together.
36
00:00:35,000 –> 00:00:36,000
Frank Cilluffo [00:14:00]: And I have to say, you’ve been really good at that, putting in the, putting in the time to be able to sit down. Lots of people say that. You guys are actually delivering on that.
37
00:00:36,000 –> 00:00:37,000
Sean Cairncross [00:14:12]: Well, I think, you know, I mean, the president holds 15 press conferences a day with different industry heads. I mean, he’s very active in this regard, and the tone always comes from the top in these things. So it is the direction that we have to go engage and start working together.
38
00:00:37,000 –> 00:00:38,000
Frank Cilluffo [00:14:29]: So to sort of look at the next pillar, which is modernizing and making sure the government gets its own house in order, and any thoughts there that come top of mind?
39
00:00:38,000 –> 00:00:39,000
Sean Cairncross [00:14:39]: Yeah, well, this is going to stun your audience, but sometimes the federal government isn’t as technologically savvy as it, as it should be.
40
00:00:39,000 –> 00:00:40,000
Frank Cilluffo [00:14:46]: We’re getting better.
41
00:00:40,000 –> 00:00:41,000
Sean Cairncross [00:14:47]: We are getting better. There’s been a lot of work done here, but we can work on procurement speed. We can work on technological innovation and adopting that technology much more quickly than we have. And so we have great interagency partners on this. DOW is working on an acquisition matter itself. We’ve been working with GSA and OMB and what we are—
42
00:00:41,000 –> 00:00:42,000
Frank Cilluffo [00:15:14]: Agencies that really matter in this space, right?
43
00:00:42,000 –> 00:00:43,000
Sean Cairncross [00:15:17]: Agencies that matter.
44
00:00:43,000 –> 00:00:44,000
Frank Cilluffo [00:15:18]: You wouldn’t think it, but they are essential.
45
00:00:44,000 –> 00:00:45,000
Sean Cairncross [00:15:21]: Oh no, no, no. They’re great and key to this question. But we are going to launch pilot programs with our interagency colleagues so that we can rapidly test using the national labs and various authorities to get this rolling at speed and then deploy new technology and remove redundancies and make the system much more defensible and resilient than it is right now.
46
00:00:45,000 –> 00:00:46,000
Frank Cilluffo [00:15:51]: And where cyber is not an afterthought, it’s actually part of that acquisition process.
47
00:00:46,000 –> 00:00:47,000
Sean Cairncross [00:15:56]: Yeah, and like I say, in standing this up as its own domain is really getting it thought of not as adjacent to something else, but this is key, a key component of it. I mean, the fifth pillar, we’re talking about maintaining our dominance in emerging technologies. And part of doing that is ensuring that that tech stack, that clean American tech stack is also secure. And so yeah, this is across, that infuses throughout the whole strategy moving forward.
48
00:00:47,000 –> 00:00:48,000
Frank Cilluffo [00:16:32]: And that’s an essential point in terms of the text, especially when we’re dealing with autocracies and authoritarian regimes who are also trying to circle the wagons. So getting our allies here is really important, right?
49
00:00:48,000 –> 00:00:49,000
Sean Cairncross [00:16:46]: No, it’s key. We have great international allies on this. Obviously, our Five Eyes partners are steady state actors. And tremendous to work with. I think we’re seeing internationally there is a lot of hunger to engage in this issue. And we were just over in Munich talking about the importance of a clean tech stack because right now one of the things that we are really focused on fighting is the export of the surveillance state. And the reality of the world as it exists today is there are two tech stacks. There’s the US tech stack and there’s the Chinese tech stack, and the US is a clean stack. Your data is not being piped to a central location in the US government. Your data is secure, and the infusion of that stack into countries and their infrastructure across the world is something that we’re fighting for. It’s important for freedom of speech. It’s important for freedom of thought up and down the line.
50
00:00:49,000 –> 00:00:50,000
Frank Cilluffo [00:17:58]: And we can’t take it for granted.
51
00:00:50,000 –> 00:00:51,000
Sean Cairncross [00:18:00]: We cannot. No, absolutely not. And, and it’s a, you know, look, it’s a resource issue as well, right? The, it’s expensive to do, and, but what I think people are coming to the realization of is buying the cheaper stuff doesn’t save you from a bigger bill on the back end. There’s a huge cost to pay for that.
52
00:00:51,000 –> 00:00:52,000
Frank Cilluffo [00:18:22]: I’m reminded of the old Intel commercial, Intel Inside. You got to be worried about that.
53
00:00:52,000 –> 00:00:53,000
Sean Cairncross [00:18:26]: That’s right.
54
00:00:53,000 –> 00:00:54,000
Frank Cilluffo [00:18:26]: It’s piping right to Beijing, right?
55
00:00:54,000 –> 00:00:55,000
Sean Cairncross [00:18:28]: That’s right.
56
00:00:55,000 –> 00:00:56,000
Frank Cilluffo [00:18:30]: Next pillar is around critical infrastructure and securing that. Anything new and unique that comes top of mind here?
57
00:00:56,000 –> 00:00:57,000
Sean Cairncross [00:18:38]: Yeah, we’re excited about this. You know, there are a lot of these infrastructure sectors, water, rural hospitals—
58
00:00:57,000 –> 00:00:58,000
Frank Cilluffo [00:18:44]: Which are essential.
59
00:00:58,000 –> 00:00:59,000
Sean Cairncross [00:18:45]: That are essential and that are traditionally very hard to uniformly protect in this domain for a couple of reasons. One is just the resources available. Two is the authorities and regulatory schemes governing them are very diffuse. And there’s also a lack of capacity in, in understanding the technology that’s available and what’s being deployed and is that effective. And so to close that delta, we are going to go into specific states on specific sectors to, again, pilot program new technology, testing that again using USG authorities, national labs, working with state authorities, regulators, and delegations and those sectors to find ways to reduce costs, to infuse AI into this sphere more so that it is nimble and agile in its defensive capabilities and really deploy technology that is, that meets the moment.
60
00:00:59,000 –> 00:01:00,000
Frank Cilluffo [00:20:03]: And, you know, I love the emphasis on rural hospitals, water. I mean, the reality is, is they don’t have the same capacity that, say, the electricity subsector has or defense industrial base or financial services, yet they are essential for modern economies, for our public safety, right?
61
00:01:00,000 –> 00:01:01,000
Sean Cairncross [00:20:23]: Sure. Well, two things. Let’s take that in two parts. Yes, they’re vital to daily life, but they’re also defense-adjacent infrastructure sectors. So if you have a base, the base may be secure, but what about the water? What about the rail lines? What about the electricity? I mean, that all needs to be factored into this equation. And so there’s been a lot of talk, let’s just take water, about finding a 50-state solution and a blanket model that works, and I think the intent is correct.
62
00:01:01,000 –> 00:01:02,000
Sean Cairncross [00:20:57]: I don’t know that practically that that has led to great results. And so what we are trying to do is find something that works.
63
00:01:02,000 –> 00:01:03,000
Frank Cilluffo [00:21:06]: Very diplomatic, it hasn’t.
64
00:01:03,000 –> 00:01:04,000
Sean Cairncross [00:21:07]: Well, no, I mean, we’re trying to find something that works. We’re trying to have a concrete success and then scale support for that success and grow it from there.
65
00:01:04,000 –> 00:01:05,000
Frank Cilluffo [00:21:15]: Well said, because at the end of the day, if we want to project power, deploy forces, they are dependent upon critical infrastructure outside the wire, outside the base.
66
00:01:05,000 –> 00:01:06,000
Sean Cairncross [00:21:24]: That’s right.
67
00:01:06,000 –> 00:01:07,000
Frank Cilluffo [00:21:25]: And that is essential, transportation and water and the like, and for transparency, we are doing some work in Alabama on that.
68
00:01:07,000 –> 00:01:08,000
Sean Cairncross [00:21:36]: And let’s just take an example. It shouldn’t be me having to go pitch whatever it is that’s working in water. I think if that’s the case, it’s not working. What it should be is if it’s, I’ll just pull a state, if it’s Texas, TJ White is there Cyber Command down there, it should be him making this case. It should be Governor Abbott saying this, hey, this is working, and making that case in addition with the federal government.
69
00:01:08,000 –> 00:01:09,000
Frank Cilluffo [00:22:04]: TJ understands the Department of Defense needs for sure.
70
00:01:09,000 –> 00:01:10,000
Sean Cairncross [00:22:07]: That’s right. Absolutely.
71
00:01:10,000 –> 00:01:11,000
Frank Cilluffo [00:22:08]: Good, good, good. So after securing critical infrastructure, we get to a big basket of issues, and that’s sustaining superiority in critical and emerging technologies. Obviously, quantum and AI come first to mind, but also UAS and all these other technologies that are blending and blurring, right?
72
00:01:11,000 –> 00:01:12,000
Sean Cairncross [00:22:27]: That’s right. That’s right. And we are, we’re working through the interagency on a post-quantum policy, the PQC AO or EO. So that’s in process where we’re working closely with our colleagues who really have the lead on artificial intelligence, but our lane on this is to make sure, you know, the president’s been very clear on the innovation side and deployment side. We want to move this. It’s what’s best for the country. It’s what’s going to help us win the race in this space.
73
00:01:12,000 –> 00:01:13,000
Sean Cairncross [00:23:01]: But as part of that, unlike the founding of the internet back in the day when security on a baseline level wasn’t really baked in. We’ve been reverse engineering it ever since.
74
00:01:13,000 –> 00:01:14,000
Frank Cilluffo [00:23:11]: It was an afterthought.
75
00:01:14,000 –> 00:01:15,000
Sean Cairncross [00:23:12]: It was an afterthought. And we want to make sure that security is not seen as a friction spot to the innovation and deployment side, and we’ve got great partners in doing that. So I think everyone is embracing it.
76
00:01:15,000 –> 00:01:16,000
Frank Cilluffo [00:23:28]: The quantum question often gets buried, but that could be a real game changer in the intelligence business. If you can secure yours and break everyone else’s, game over. That’s a bad day, so we cannot lose that race.
77
00:01:16,000 –> 00:01:17,000
Sean Cairncross [00:23:40]: That is correct. Everyone is focused on this issue and aware of it, and I think that’s well said.
78
00:01:17,000 –> 00:01:18,000
Frank Cilluffo [00:23:47]: And in the AI side, it’s not only getting to some of these lesser, lesser capacity entities using AI, but it’s also securing the AI itself.
79
00:01:18,000 –> 00:01:19,000
Sean Cairncross [00:23:58]: It’s securing the AI itself, and I think what we’re talking about here is the technical security of AI.
80
00:01:19,000 –> 00:01:20,000
Frank Cilluffo [00:24:06]: Boom, boom. And that comes, this is again, and I don’t want to sound breathy here, but those are two races we cannot afford to lose. And honestly, in some areas we’re losing. So we have to double down.
81
00:01:20,000 –> 00:01:21,000
Sean Cairncross [00:24:21]: No, it’s a fight. But at the end of the day, the talent pool, the ability to scale, the financing behind this, the innovation, honestly, the American mindset in combination with the president’s posture on this is really putting this on a track that I think will be successful.
82
00:01:21,000 –> 00:01:22,000
Frank Cilluffo [00:24:42]: Well said, well said. And we’re sitting down with Alex Fitzsimmons, and you can’t be AI dominant if you’re not energy dominant. Those streams are inextricably interwoven, right?
83
00:01:22,000 –> 00:01:23,000
Sean Cairncross [00:24:53]: That’s right. And Alex is doing a great job with Secretary [Chris] Wright. They are terrific partners of ours and are working, we’re engaged with them, like I say, on the modernization side, on the pilot program piece. Look forward to more.
84
00:01:23,000 –> 00:01:24,000
Frank Cilluffo [00:25:09]: Sean, the last pillar is building the workforce, and it’s the talent and capacity. And I would love if you could shed a little light on some of the pilots you’re thinking about, like the academy. I don’t want to put words in your mouth, but paint us a quick picture on what we’re trying to do there.
85
00:01:24,000 –> 00:01:25,000
Sean Cairncross [00:25:26]: Yeah, of course. Well, you know, President Trump was on this issue in term one. And he identified the cyber workforce as a national strategic advantage for the United States and something that’s worthy of investment. As you know, there’s a tremendous number of openings in cyber. I think it’s, I mean, it’s sort of the conventional number is half a million cyber jobs. I think there’s vastly more than that, and it infuses the federal government as well. We need, we need talent. So what we are trying to do is to align incentives, so the sort of the patriot service component of it with also the market incentive piece. And the way that we’re going about doing that is sort of in 3 steps. The first is an academy, which would be a nonprofit that is, that is a pipeline for training, and what we would be doing is taking the existing federal programs and aligning them more than they are right now to support this broad strategy, pairing that with a, with a foundry, which would be venture capital, an incubator-style organization that would help bring and test technology and concepts, get them up to speed and ready for market, and then an accelerator, which would take the pre-seeded sort of conceptual ideas and move them into a pilot program. So what we’re really—
86
00:01:25,000 –> 00:01:26,000
Frank Cilluffo [00:26:58]: But it’s literally like the ingredients that make America.
87
00:01:26,000 –> 00:01:27,000
Sean Cairncross [00:27:01]: It’s the ingredients that make America unique. I think it’s something that the Israelis do extremely effectively. They’ve created an enormous technological startup.
88
00:01:27,000 –> 00:01:28,000
Frank Cilluffo [00:27:12]: Have you been down to Beersheba?
89
00:01:28,000 –> 00:01:29,000
Sean Cairncross [00:27:14]: No, I haven’t, but I’m—
90
00:01:29,000 –> 00:01:30,000
Frank Cilluffo [00:27:15]: You should, you should.
91
00:01:30,000 –> 00:01:31,000
Sean Cairncross [00:27:16]: I’m looking forward to doing it. But they’ve done a tremendous job. And so we were looking at this and saying, well, why don’t we do that and try to scale it and put some red, white, and blue on it? And that’s, I think that’s what we’re going to do. And there’s a lot of hunger on the industry side of this. I think there’s a lot of capital that will get behind this, and, you know, it squares with the president’s emphasis on let’s put people to work. You don’t necessarily need a 4-year degree. If you have skills in this and you want to upskill, if you need training on this to begin with, let’s get you into a program, get you to work somewhere for the USG, and then become part of an ecosystem that makes you money and defends the United States.
92
00:01:31,000 –> 00:01:32,000
Frank Cilluffo [00:28:08]: And honestly, that’s, so it’s not narrowcasting alone KPI, key performance indicators, yes, NSA, all these different entities are going to need their discrete skills, but this is bringing all three into the mix. I see government, industry, and academia, and the labs playing a role.
93
00:01:32,000 –> 00:01:33,000
Sean Cairncross [00:28:28]: And there are great academic partners on this as well. Yeah.
94
00:01:33,000 –> 00:01:34,000
Frank Cilluffo [00:28:30]: Awesome. Awesome. You know, looking back and a year from now, how will you know that these are not just great ideas, but you’re seeing progress?
95
00:01:34,000 –> 00:01:35,000
Sean Cairncross [00:28:43]: Sure. Metrics. What are the metrics?
96
00:01:35,000 –> 00:01:36,000
Frank Cilluffo [00:28:45]: I don’t want to jump right to metrics, but sure.
97
00:01:36,000 –> 00:01:37,000
Sean Cairncross [00:28:48]: Why not? I mean, this is part of the reason this office exists is to put accountability in place, right? So one way to look at it is it is a single point of policy coordination. The flip side of that coin is it’s a single point of blame, so-
98
00:01:37,000 –> 00:01:38,000
Frank Cilluffo [00:29:04]: One, one throat to choke is the expression. Yeah.
99
00:01:38,000 –> 00:01:39,000
Sean Cairncross [00:29:08]: One throat to choke. So I think a couple of things. I think the first thing, and we’re already seeing it, is among the interagency, greater communication and coordination on what we’re doing in this space tactically and how those tactical efforts can be aligned and coordinated to support a strategy that makes sense. Like, what is the, what are we trying to achieve in the space? Oftentimes there’s a big delta between the very talented technical operators and the policymaking set in cyber. And so we are closing that, that gap. Thing 2 is on the industry side, I would like to see this issue elevated to the CEO level in these, in these industries. This is not something that should sit sub-boardroom or sub-CEO. These are real resources that need to be dedicated to a real problem.
100
00:01:39,000 –> 00:01:40,000
Sean Cairncross [00:30:09]: The USG is ready to do its part and step forward to defend the country, its interests, and its citizens, and private industry needs to also do its part, which isn’t to point fingers at anyone now. It’s just to say this needs to be an issue that is top of mind.
101
00:01:40,000 –> 00:01:41,000
Frank Cilluffo [00:30:26]: One team, one fight.
102
00:01:41,000 –> 00:01:42,000
Sean Cairncross [00:30:27]: One team, one fight. And so those are the two biggest things I would say. And the final thing I would say is, is that we see a shift in mindset from our adversaries, that there is a, I think—
103
00:01:42,000 –> 00:01:43,000
Frank Cilluffo [00:30:46]: They’ll think twice.
104
00:01:43,000 –> 00:01:44,000
Sean Cairncross [00:30:47]: Yeah. Look, this is a difficult space to, you’re not going to stop this activity. It is, it’s asymmetrical. It’s low cost, high reward. We get that. But there are, this has been allowed to go too far and get too far out of whack in that incentive scheme and we need to reset that.
105
00:01:44,000 –> 00:01:45,000
Frank Cilluffo [00:31:09]: You know where I stand on this. I’m thrilled to see that.
106
00:01:45,000 –> 00:01:46,000
Sean Cairncross [00:31:10]: Yeah. No, no, you’ve been clear.
107
00:01:46,000 –> 00:01:47,000
Frank Cilluffo [00:31:11]: Also, the other thing that I love is the pilots, because not to overdo it, but these aren’t the Ten Commandments etched in stone. We’ve got to experiment, right? And the only way to do that is to, is to pilot and see what works.
108
00:01:47,000 –> 00:01:48,000
Sean Cairncross [00:31:27]: Yeah, it’s just—
109
00:01:48,000 –> 00:01:49,000
Frank Cilluffo [00:31:28]: And double down on that.
110
00:01:49,000 –> 00:01:50,000
Sean Cairncross [00:31:29]: This is not a static environment. It’s the, it’s the absolute opposite of that. And so we need innovators. We need, we need thought leaders in this and we need technology to, we need the ability to be able to think out of, out of the box and deploy that thinking practically.
111
00:01:50,000 –> 00:01:51,000
Frank Cilluffo [00:31:47]: With a focused end state.
112
00:01:51,000 –> 00:01:52,000
Sean Cairncross [00:31:48]: With a, with a focused end state. Yep.
113
00:01:52,000 –> 00:01:53,000
Frank Cilluffo [00:31:51]: Sean, what questions didn’t I ask that I should have? What are you most excited about?
114
00:01:53,000 –> 00:01:54,000
Sean Cairncross [00:31:56]: Yeah, I mean, like I say, what I’ve really found most exciting about this whole experience so far is the amount of hunger there is on the private sector and on the interagency side to move in this direction. It’s been virtually universal support for this. When I started working national security issues 10 years ago now, the mindset was shifting, but it hadn’t shifted in this direction totally yet. There were, there were worries about escalation and gray areas that people, people were as yet uncomfortable with. I think over the course of that decade, we’ve decided this is escalating. We know what escalation looks like if we don’t start leaning in a new direction. And so that’s been, it’s just been nice to hear, and it’s been nice to be able to play a part in helping that move, and I’m just grateful that the president is as action-oriented as he is. It’s a tremendous honor to be working in the administration. It’s a lot of fun.
115
00:01:54,000 –> 00:01:55,000
Frank Cilluffo [00:33:04]: Sean, thank you for your leadership. Thank you for spending so much time with us today. Thank you for committing all of these resources to outcomes we can all be proud of. I really appreciate it, and let me leave you with a token of our appreciation, figuratively and literally. Our coin.
116
00:01:55,000 –> 00:01:56,000
Sean Cairncross [00:33:24]: I love it. Thank you. Thanks, Frank.
117
00:01:56,000 –> 00:01:57,000
Frank Cilluffo [00:33:25]: Thank you for joining us for this episode of Cyber Focus. If you liked what you heard, please consider subscribing. Your ratings and reviews help us reach more listeners. Drop us a line if you have any ideas in terms of topics, themes, or individuals you’d like for us to host. Until next time, stay safe, stay informed, and stay curious.