Cyber Leadership, Workforce Morale, and the House Email Breach with Nextgov’s David DiMolfetta

Show Notes

CISA leadership, NSA/Cyber Command staffing, and offensive cyber operations are colliding early in 2026. Frank Cilluffo and reporter David DiMolfetta unpack Sean Plankey’s renomination for CISA Director, and what a prolonged leadership vacuum can mean for agency direction and momentum. They then turn to Lt. Gen. Rudd’s confirmation hearing and the evolving debate over the Title 10/Title 50 “dual hat.” The conversation also examines morale and workforce pressures inside NSA, including reported staffing reductions. It closes with “Absolute Resolve,” what public discussion of cyber “effects” might signal for deterrence, and a China-linked House staff email breach that frames what Molfetta is watching next. 

Main Topics Covered

• What Sean Plankey’s CISA renomination signals about cyber leadership priorities.
• Why “core mission” talk at CISA still depends on who’s in charge.
• Lt. Gen. Rudd’s hearing, and how the dual-hat debate is evolving.
• NSA morale and workforce cuts, and what that means for capability.
• “Absolute Resolve,” cyber effects, and the deterrence value of public signaling.
• House staff email targeting, Salt Typhoon questions, and the midterms-AI threat mix.

Key Quotes

“Cisa’s work does not stop. That said, if you don’t have a permanent leader in place, you don’t have a guy to set direction, and things can’t really go anywhere.” — David DiMolfetta

“When you don’t have people at their desks [because of workforce reductions], that means they may not be tracking adversaries, they may not be doing that work to cultivate relationships with sources on a kind of human intelligence style level. — David DiMolfetta

“[In Venezuela] lights went off, but they also went back on.” — David DiMolfetta

“Authority, accountability, and resources — I found those to be the three criteria to get things done in D.C.” — Frank Cilluffo

Relevant Links and Resources

David DiMolfetta’s stories at Nextgov.com

Guest Bio: David DiMolfetta covers cybersecurity for Nextgov. Previously, he researched The Cybersecurity 202 and The Technology 202 newsletters at The Washington Post and covered AI, cybersecurity and technology policy for S&P Global Market Intelligence. He holds a BBA from The George Washington University and an MS from Georgetown University.

Transcript

1
00:00:00,000 –> 00:00:01,000
David DiMolfetta [00:00:00]: In CISA, there’s all this talk about bringing the agency back to its core mission, its core values. Everybody has a different view of what that means, but regardless, you need a guy at the top to make that happen.

2
00:00:01,000 –> 00:00:02,000
Frank Cilluffo [00:00:12]: Welcome to Cyber Focus from the McCrary Institute, where we explore the people and ideas shaping and defending our digital world. I’m your host, Frank Cilluffo, and this week I get to sit down with a prolific reporter covering the cyber beat who’s mastered that cyber beat, dare I say, David DiMolfetta. David is at FCW and Nextgov and has been doing some amazing reporting in the space. Prior to that, he was with the newsletters at Washington Post, both Cyber202 and Technology202, and also was writing for S&P and others on AI and cyber in the past. A graduate of my alma mater, GW and also Georgetown, the two Georges in D.C. Really excited to sit down with you, David. Thank you for joining us.

3
00:00:02,000 –> 00:00:03,000
David DiMolfetta [00:00:57]: I really appreciate it, Frank. Thanks for having me.

4
00:00:03,000 –> 00:00:04,000
Frank Cilluffo [00:00:59]: So nothing going on in 2026, right? It’s been a quiet start to the, to the year. Yeah. But I’d be curious, so you’ve done a number of articles, and we will share all these with our viewers and listeners, but looking at filling out some of the staffing priorities in the cyber community, and I thought we’d start with perhaps the one that’s breaking biggest this week, and that’s Sean Plankey being renominated to become CISA director. Give me your thoughts on that quickly.

5
00:00:04,000 –> 00:00:05,000
David DiMolfetta [00:01:31]: Yeah, he didn’t make it through the first time. Right? And I think him being renominated so early in the new year right now, it shows that first of all, it puts to rest that there was hesitation that someone else would come along and take up the role. It shows that the Trump administration is confident about him and that industry is confident about him. Because as you know very well, Frank, when the White House makes these decisions, they need input from industry and the stakeholders and people that lean in on this stuff. That’s how you got the job done in cyber. So it puts to rest any hesitation that, you know, that Sean wasn’t the guy for the job. And I was at an event recently and many people are excited that he’s back in the nomination rounds.

6
00:00:05,000 –> 00:00:06,000
David DiMolfetta [00:02:19]: And I, I don’t have a timeline per se on when he’ll go through. I, I, I understand that Senator Tauntillas has holds on all DHS nominees for somewhat unrelated reasons, but for now, we at least know that Sean Plankey is back in the running. And I mean, yeah, we’ll see what happens.

7
00:00:06,000 –> 00:00:07,000
Frank Cilluffo [00:02:39]: And, and Sean is a seasoned veteran and I think, and you tell me, I’m not going to try to lead the witness here. It’s nice to be on the other side of the mic on this. But what impact or implications did not having a permanent director or CISA director have, and what implications do you think it means sort of going forward?

8
00:00:07,000 –> 00:00:08,000
David DiMolfetta [00:03:03]: Yeah, you know, when I ask people about this, I, I think thing to keep in mind is that it’s not that all agency business stops. They still have a job to do. CISA has still brought us into, you know, virtual press conferences to talk about cybersecurity alerts and, you know, warnings they put out. You know, there was the big F5 breach. They had a lot of, had a lot of calls about that.

9
00:00:08,000 –> 00:00:09,000
Frank Cilluffo [00:03:23]: You did good reporting on that too.

10
00:00:09,000 –> 00:00:10,000
David DiMolfetta [00:03:25]: Appreciate that. Thank you. CISA’s work does not stop. That said, if you don’t have a permanent leader in place, you don’t have a guy to set direction, and things can’t really go anywhere. And then you think about, too, how agencies can innovate. Of course, in this administration, there’s this talk about efficiency and being efficient. How do we do our jobs better? And then especially in CISA, there’s all this talk about, you know, bringing the agency back to its core mission, its core values. Everybody has a different view of what that means, but regardless, you need a guy at the top to make that happen.

11
00:00:10,000 –> 00:00:11,000
David DiMolfetta [00:03:58]: If you don’t have him there, you’re not dead in the water, but you’re not moving too fast either.

12
00:00:11,000 –> 00:00:12,000
Frank Cilluffo [00:04:03]: And authority, accountability, and resources, I found those to be the three criteria to get things done in D.C. Without, policy without resources is rhetoric. If you don’t have the authority, difficult to get people moving in the same direction. And obviously accountability is important. So I think those three are part of that. Those are three integers that are important in, in any role in D.C. So your thoughts, and I’m not putting you on the spot, but quicker, we’re not going to be in the same position next year, are we?

13
00:00:12,000 –> 00:00:13,000
David DiMolfetta [00:04:37]: I, I don’t foresee it. That said anything could happen.

14
00:00:13,000 –> 00:00:14,000
Frank Cilluffo [00:04:41]: Anything could happen in D.C.

15
00:00:14,000 –> 00:00:15,000
David DiMolfetta [00:04:43]: It is D.C.

16
00:00:15,000 –> 00:00:16,000
Frank Cilluffo [00:04:44]: Yeah, yeah. Also, just before this taping, General Rudd had his confirmation hearing, and I know you did some coverage on that as well. So anything, firstly, surprising that came out of the hearing, both in terms of how he responded to questions and, or the line of questioning he was getting.

17
00:00:16,000 –> 00:00:17,000
David DiMolfetta [00:05:04]: I think the one thing Fran said to keep in mind about General Rudd, I guess it’s Lieutenant General Rudd, for now.

18
00:00:17,000 –> 00:00:18,000
Frank Cilluffo [00:05:11]: Yes. For now. He’ll get his fourth star.

19
00:00:18,000 –> 00:00:19,000
David DiMolfetta [00:05:12]: Yeah, he’ll get the fourth star, and then he’ll get in there. The thing about him is that he doesn’t have that traditional military cyber and intelligence background that a lot of previous NSA and Cyber Command leaders held. That said, when I phone people up about him being tapped for this, they said, well, it’s not necessarily a bad thing because most of his experience in recent years has been with INDOPACOM, Indo Pacific Command, which includes China.

20
00:00:19,000 –> 00:00:20,000
Frank Cilluffo [00:05:38]: No attention there, right?

21
00:00:20,000 –> 00:00:21,000
David DiMolfetta [00:05:39]: Yeah, it’s very quiet. There’s nothing going on there. No, but that said Rudd being in those shoes, and he said this in his hearing yesterday when I was in the room, and he said, look, I’ve consumed intelligence produced by Cyber Command and NSA as it relates to China. I’ve, I’ve operated with intelligence, like, it’s not like he hasn’t done anything related to intelligence gathering before, especially in the cyber domain.

22
00:00:21,000 –> 00:00:22,000
Frank Cilluffo [00:06:06]: Yep, yep. And any, did Title 10, Title 50, the dual hat issue, did that come up?

23
00:00:22,000 –> 00:00:23,000
David DiMolfetta [00:06:12]: It did come up, yeah. So the dual hat issue did come up. Now, it was interesting. He said, I want to remain objective about it when it comes to policymaking on dual hat structures. But he did kind of hint that the dual hat’s not too bad, at least the way he’s seen it. And he talked about how it’s shown operational efficiency and things of that sort. Frank, outside of his hearing, the dual hat debate is always interesting because…

24
00:00:23,000 –> 00:00:24,000
Frank Cilluffo [00:06:38]: It’s a hot one.

25
00:00:24,000 –> 00:00:25,000
David DiMolfetta [00:06:39]: Yeah. If you split the authorities down the line there, some people argue like, well, Cyber Command has certain title XYZ, NSA has title ABC. If you take them apart, then they’re not gonna be able to work together. A lot of people seem to have been making the argument that you need them to be meshed in order for cyber operations and as we say, I guess, cyber effects in the intelligence world to be carried out. But I mean, back to Rudd in there, he didn’t get much pushback. There was some questioning about his background and experience. On offensive stuff and offensive deterrence, the big standout was, I think, from Senator Angus King, and he had expressed publicly on the mic that he was disappointed in Rudd’s answers to whether we should have, I guess, a policy of offensive deterrence. Senator King asked Rudd, hey, do you think NSA and Cyber Command need to develop a formal offensive deterrence strategy? And Lieutenant General Rudd, he said, well, it’s not necessarily my job to come up with the policy for this stuff.

26
00:00:25,000 –> 00:00:26,000
David DiMolfetta [00:07:47]: It’s my job to have the effects, the effects, you know, the, whatever the hacking capabilities or toolkits or whatever they are, ready to go and then deploy as needed.

27
00:00:26,000 –> 00:00:27,000
Frank Cilluffo [00:07:59]: I was just going to say on the Title 10 and the dual hat issue, General Kane has made, the Chairman of the Joint Staff, very clear that he sees the, the need for the two to, to, to continue to sync. General Hartman, I think, has been relatively supportive of that as well. And for transparency, we’re looking at that issue through some of our task forces. And I got to tell you, it’s a split. Very smart people can disagree on all of this. Intellectually, the split may make a lot of sense.

28
00:00:27,000 –> 00:00:28,000
Frank Cilluffo [00:08:38]: Time-wise, do we have, do we have time to go through another reorganization or is the threat so urgent that that might just deflect and take away from the mission at hand? So that is a hotly discussed issue that very smart people can have very different views even when they were in the same foxhole fighting the same fight at the same time. So just in the for what it’s worth, I’m not sure there’s a right or wrong there, but we got to make sure it works. Right? Has there been a sense of, from your perspective, just like CISA, not having a combatant commander in the permanent role, has that had any negligible effect that you’re aware of?

29
00:00:28,000 –> 00:00:29,000
David DiMolfetta [00:09:27]: It has had a degree of effect. I reported not too long ago that there’s a serious morale issue inside NSA and of course Cyber Command is an effect of that since they share the same space of course. Again, you don’t have a permanent leader in place, you don’t have people to set priorities along the line. And you have decision making coming from the outside about who should be leading the organizations that many people on the inside I know have disagreed with. And then there’s a trickle down effect too on the capability side. Part of what’s made this so difficult for NSA the past year is that you don’t have all the people at their desks to do their jobs because we in the US Government, as part of this broad efficiency plan, have reduced the size of agencies in the workforce. That’s trickled down to the intelligence elements as well.

30
00:00:29,000 –> 00:00:30,000
David DiMolfetta [00:10:25]: So this past year, NSA, I reported, hit their goal to shed around 2,000 people, not just through reductions in force notices, riffs, but through other means, you know, voluntary retirements, other mechanisms to get people to exit their government jobs. When you don’t have people at their desks, that means they may not be tracking adversaries, they may not be doing that work to cultivate relationships with sources on a kind of human intelligence style level. It’s not like the movies where someone points at a screen in a big room and says get me into that person’s system. A lot of the time it’s actually you have to build relationships. These intelligence analysts build relationships with cyber criminals on underground forums and things of that sort. And they trade keys and they might be passing them around to de ransom a system or to get inside someone else’s system. Then of course you have the signals intelligence capabilities too. And you meet people at the desks being able to track that stuff.

31
00:00:30,000 –> 00:00:31,000
David DiMolfetta [00:11:25]: And then there’s legal implications that come with that. NSA skirts the bounds of fourth amendment, fourth amendment rights when you have to tap someone’s phone calls overseas. And what I did report as well is that the legal recruitment programs in NSA, at least at the time, I think they picked up recently, but they were paused. So you didn’t have that top legal talent coming from the law schools to come in and go through the rotation programs and learn about what it means to be a national security attorney, which is really technically complex.

32
00:00:31,000 –> 00:00:32,000
Frank Cilluffo [00:11:59]: You know, you raise a number of good points there and important ones. And I think that get lost sometimes in the day to day. But when you look at the National Security Agency, obviously they’re the world’s premier signals intelligence agency and I still, unclassified, it still accounts for a vast majority of what is in the President’s daily brief.

33
00:00:32,000 –> 00:00:33,000
David DiMolfetta [00:12:25]: Absolutely.

34
00:00:33,000 –> 00:00:34,000
Frank Cilluffo [00:12:25]: The PDB. But it is also all source intelligence. And I’m glad you recognize that because it’s not just the Central Intelligence Agency but National Security Agency and others have important…

35
00:00:34,000 –> 00:00:35,000
David DiMolfetta [00:12:39]: They all piggyback off each other’s work.

36
00:00:35,000 –> 00:00:36,000
Frank Cilluffo [00:12:42]: Exactly. And you’ve also written about a new permanent deputy director in that role, Tim Kosiba. For transparency, a friend and colleague. But, but I think brings a lot of experience, scar tissue, and has been in the foxhole with the women and men at NSA and FBI and others for, for quite some time. What was your take on Tim’s?

37
00:00:36,000 –> 00:00:37,000
David DiMolfetta [00:13:09]: He’s been around the block quite a bit. I mean, I think decades of experience. I think he started at FBI and then he moved to intelligence roles and most recently he was running the Georgia campus, the NSA Georgia campus. People really like him based on who I’ve talked to. And I think what they really like is that Mr. Kosiba with the combination of General Rudd in the role as director and meshing them together, I think they’re really going to like that. Because you have…

38
00:00:37,000 –> 00:00:38,000
Frank Cilluffo [00:13:32]: Good one, two, punch. You’re right about that.

39
00:00:38,000 –> 00:00:39,000
David DiMolfetta [00:13:36]: Because you have that, yeah, he has the experience of leading mainly civilians, civilian organizations. This is Tim Kosiba. And then you have the military experience and the China experience, namely of soon to be General Rudd, based off current trajectory of the confirmation pathway. But that combination, people really like it and I think we’re going to see a lot of action and things take off.

40
00:00:39,000 –> 00:00:40,000
Frank Cilluffo [00:14:04]: And you know, you’ve also written about what I think can only be described, and I don’t have the details, so I’m not disclosing anything I don’t know, but during Absolute Resolve, the operation targeting the Maduro campaign, and one of the first times cyber has been discussed very publicly by the President of the United States and by the Chairman of the Joint Staff. So even if there have been some challenges, they haven’t been sleeping at the wheel, have they?

41
00:00:40,000 –> 00:00:41,000
David DiMolfetta [00:14:35]: No, they haven’t.

42
00:00:41,000 –> 00:00:42,000
Frank Cilluffo [00:14:36]: What were some of your thoughts out of, out of the campaign and the capture of Maduro and where cyber played, and were you surprised to see it discussed publicly the way it was?

43
00:00:42,000 –> 00:00:43,000
David DiMolfetta [00:14:51]: I’m not totally surprised by it. Obviously there’s still, I’m sure, classified aspects.

44
00:00:43,000 –> 00:00:44,000
Frank Cilluffo [00:14:57]: I hope.

45
00:00:44,000 –> 00:00:45,000
David DiMolfetta [00:14:59]: There’s definitely classified aspects to how the cyber capabilities work. But what we do know is that NSA, the National Geospatial Intelligence Agency, they were tracking and monitoring stuff from the outside. We know NSA laid down effects related to radar. I was told that by a person familiar. In terms of the lights going out in Caracas, that was pretty incredible and what is also incredible too, and I credit the New York Times for this. They reported this yesterday.

46
00:00:45,000 –> 00:00:46,000
David DiMolfetta [00:15:32]: Lights went off, but they also went back on. So it really shows how much control that our cyber operators had over the power grid at that one point. How that entirely played out, we’re not sure. I asked some people, some industrial control experts and some telecoms and electronics experts as well. And very casually, it was quick conversations over text. But I said, what do we make of this? And a lot of people seem to conclude that it was a combination of that physical operational technology sabotage and then some remote operational stuff as well, which I think makes sense because we’ve known for months now, Frank, that the CIA has been on the ground doing that more covert stuff, the more human intelligence style stuff. CIA played, you know, the big role in helping to locate Maduro before the extraction. They, they tracked his movements, they tracked what he wore, what he ate.

47
00:00:46,000 –> 00:00:47,000
David DiMolfetta [00:16:20]: I think the chairman of the Joint Chiefs also said that they even tracked what pets Maduro had as well. So they had a pretty good idea of who he was and his, you know, day to day life patterns. I think CIA in combination with NSA and then cyber command effects. It makes sense to me, without knowing all the details that they were able to pull that off.

48
00:00:47,000 –> 00:00:48,000
Frank Cilluffo [00:16:39]: And there’s an argument to be made, and again not to lead the witness, one I’ve been making, some discussion publicly and by all accounts, this was an exquisite operation and some of which need to maintain secrecy out of compromising sources, methods and the like. But some of it is also very valuable for a deterrent effect. Right? It’s not only those in the crosshairs, it’s everyone else watching. And one of the takeaways I would take here, and I think you rightfully referred to it as cyber effects. It’s not cyber on cyber alone, it’s how can cyber be integrated into your broader war fighting strategy and doctrine? And ultimately it’s not just who’s impacted, but it’s everyone else who’s watching.

49
00:00:48,000 –> 00:00:49,000
Frank Cilluffo [00:17:30]: There’s an old Dr. Strangelove, you’re young, so you may not have seen it, but there was an old line, what good is having the doomsday machine if no one knows you got it? So in a way, part of our cyber deterrent, if it’s too cutesy and good, the adversaries directly impacted get it, but not everyone else does. So I kind of feel like that should be part of our signaling. Thoughts on that?

50
00:00:49,000 –> 00:00:50,000
David DiMolfetta [00:17:57]: You’re not the only guy to say that. I was just in a House hearing the other day and many people, many people are saying…

51
00:00:50,000 –> 00:00:51,000
Frank Cilluffo [00:18:04]: For transparency, I was at that hearing and everyone agreed with that.

52
00:00:51,000 –> 00:00:52,000
David DiMolfetta [00:18:09]: Yeah, you were up there. Good job, by the way.

53
00:00:52,000 –> 00:00:53,000
Frank Cilluffo [00:18:11]: Thank you, thank you.

54
00:00:53,000 –> 00:00:54,000
David DiMolfetta [00:18:12]: But in that hearing, I mean, people like yourself made clear that this is serious. We have to take the gloves off a bit and show ourselves.

55
00:00:54,000 –> 00:00:55,000
Frank Cilluffo [00:18:23]: And acknowledge it, right? So not just a black magic, it should be normalized to an extent or another, which could dissuade, deter or compel others from crossing a line that continues to get crossed. So I think, I think the public discussion is part of the discussion and it’s not just the actor that’s impacted, but everyone else watching. So I promise you, Beijing, Moscow, Tehran and others watched.

56
00:00:55,000 –> 00:00:56,000
David DiMolfetta [00:18:54]: I’m sure they did.

57
00:00:56,000 –> 00:00:57,000
Frank Cilluffo [00:18:56]: Any thoughts, and you also did some excellent reporting on a recent significant breach on House staff members. Can you shed some light on that?

58
00:00:57,000 –> 00:00:58,000
David DiMolfetta [00:19:10]: Yeah, yeah, definitely. So, you know, the Financial Times reported it first and you know, I went and confirmed.

59
00:00:58,000 –> 00:00:59,000
Frank Cilluffo [00:19:15]: Dimitri broke that story.

60
00:00:59,000 –> 00:01:00,000
David DiMolfetta [00:19:17]: Dimitri did break that story. He’s very good. He’s very good. Yeah. But I went and confirmed it, and yes, it appears that we could at least say that Chinese hackers targeted the email inboxes of House staffers across several committees, possibly the House Intelligence Committee, Homeland Security, a number of others that China would be interested in.

61
00:01:00,000 –> 00:01:01,000
Frank Cilluffo [00:19:41]: Is that surprising?

62
00:01:01,000 –> 00:01:02,000
David DiMolfetta [00:19:42]: No.

63
00:01:02,000 –> 00:01:03,000
Frank Cilluffo [00:19:42]: I mean, seriously, I’m shocked there’s gambling going on in the casino, to bring up another old movie from Casablanca.

64
00:01:03,000 –> 00:01:04,000
David DiMolfetta [00:19:47]: That one I knew, actually.

65
00:01:04,000 –> 00:01:05,000
Frank Cilluffo [00:19:52]: But, but in all sincerity, we shouldn’t be surprised, right?

66
00:01:05,000 –> 00:01:06,000
David DiMolfetta [00:19:55]: No, of course. I mean, it makes sense, right? If, if, if you’re able to get an advanced look at legislative planning, that’s a huge step up for your geopolitical strategy. It’s, it’s classic, it’s Intelligence Gathering 101. It’s not necessarily wiretapping someone’s phones, but it is trying to get into their emails. I don’t know how they got in. I think investigators are looking into the ins and outs of it right now.

67
00:01:06,000 –> 00:01:07,000
David DiMolfetta [00:20:24]: I tried asking Mr. Andrew Garbarino, the Chairman of House Homeland Security Committee, about it the other day in the hearing that you were at. Stepped out and I went and I chatted with him. He didn’t have much to say, but appeared to acknowledge that something did happen. And I imagine that they’re getting some sensitive briefings on it. But the other thing, too, that we’re trying to figure out is which Chinese hacking collective?

68
00:01:07,000 –> 00:01:08,000
Frank Cilluffo [00:20:45]: Yeah. I was going to ask you, is this part of Salt, isn’t it? What’s the difference?

69
00:01:08,000 –> 00:01:09,000
David DiMolfetta [00:20:49]: Yeah. So, I mean, Salt Typhoon, as you know, was, was the big hacking collective that made waves over the last year for their global reaches into telecom systems and other communications platforms. They’ve certainly spanned out since then. I think the thing to keep in mind, though, is that Salt Typhoon is not just like a telecom hacking group. They could get into anything. As, you know, as we’ve seen here. I haven’t been able to independently confirm that it’s Salt Typhoon. I know there’s mixed messages about who it could be, but what we do know is that it was likely China.

70
00:01:09,000 –> 00:01:10,000
Frank Cilluffo [00:21:19]: And at the end of the day, does it matter which actor at the end of the day?

71
00:01:10,000 –> 00:01:11,000
David DiMolfetta [00:21:23]: Someone else told me that. A source told me that. Doesn’t matter.

72
00:01:11,000 –> 00:01:12,000
Frank Cilluffo [00:21:26]: Yeah. All things said and done, I think we know intent, and that’s pretty significant. And unfortunately, capability that is demonstrated one way or another. But it does matter in terms of how you tactically respond. Right? Anything else you think coming out of that in the future? Anything you’re…

73
00:01:12,000 –> 00:01:13,000
David DiMolfetta [00:21:49]: When I, when I find out more, I’ll let you know.

74
00:01:13,000 –> 00:01:14,000
Frank Cilluffo [00:21:51]: I think you let all your readers know.

75
00:01:14,000 –> 00:01:15,000
David DiMolfetta [00:21:53]: I’ll let everybody know. But it did, it did come, it did come out of the blue. I think it was fairly recent. I think what’s tricky is that, I mean, not to deviate too much, but, you know, this happened around, I think, our holiday break when we had, you know, a lot of people on the hill had stepped away from their machines.

76
00:01:15,000 –> 00:01:16,000
Frank Cilluffo [00:22:09]: Less people looking.

77
00:01:16,000 –> 00:01:17,000
David DiMolfetta [00:22:10]: Yeah. And there are opportune moments for, for hackers of any sort to try and get into systems when people are not at the wheel.

78
00:01:17,000 –> 00:01:18,000
Frank Cilluffo [00:22:18]: And that’s actually a good point. I mean, it’s a 24 by 7 exercise. Right? 365 days and, and the good guys need breaks too. So that’s when, when we start seeing some of this activity, although it’s getting so persistent, always on that I, I think that’s becoming less relevant.

79
00:01:18,000 –> 00:01:19,000
David DiMolfetta [00:22:43]: Yeah, it’s exhausting. Can’t you tell?

80
00:01:19,000 –> 00:01:20,000
Frank Cilluffo [00:22:45]: It used to be pretty easy. You could see at Moscow time X and then Y. But now it’s all the time, all every day. I want to transition. So you asked your readers at the beginning of this year, and I, for transparency, had the privilege to be one of those readers. But you had much smarter people than me, like Morgan Adamski, Madison Horn, a bunch of others weigh in, asking about what they see coming down the pike in 2026.

81
00:01:20,000 –> 00:01:21,000
David DiMolfetta [00:23:15]: Yeah.

82
00:01:21,000 –> 00:01:22,000
Frank Cilluffo [00:23:16]: Firstly, thoughts on what, was there, were there any issues that everyone agreed to, more or less?

83
00:01:22,000 –> 00:01:23,000
David DiMolfetta [00:23:21]: I mean, a dollar for every time AI was mentioned in that story. And I could buy everyone in this room a few cups of coffee.

84
00:01:23,000 –> 00:01:24,000
Frank Cilluffo [00:23:27]: There you go. Coffee is the right answer. Yeah, in the morning.

85
00:01:24,000 –> 00:01:25,000
David DiMolfetta [00:23:30]: But it makes sense though, right? The big theme I picked up from reading through everyone’s input was that you’re going to see a bigger emergence of AI in geopolitics. And the idea being that cyber attacks and responses are going to respond more in force and in line with geopolitical developments around the world. And then on top of that, AI is going to layer into everything and you know, for better or for worse, I think the industry is pushing hard to have AI come in as a good cyber defense tool and a good cyber attack tool. I mean, I hear all the time that AI is, you could use, you know, hey, well, we have to be careful too with how we define AI. The idea of machine learning has been around for a while, but those generative AI tools, the stuff that’s come more on the market in the past 3ish years at this point, that’s really good for cyber defense to run your code, your software through a chatbot and pick up things that a human being may not have picked up or to look at someone else’s system and say, hey, tell me how I can exploit this. Um, that’s going to come in and out a lot of other layers and I imagine that AI is going to aid more in future cyber attacks to come. And we’re, of course that’s a good 10 year estimate, but I think we’re going to see more frequent instances of that in 2026.

86
00:01:25,000 –> 00:01:26,000
Frank Cilluffo [00:24:47]: You know, I’ve had, if I could get a dollar for every time I heard AI on this podcast, I would be very wealthy, so my wife would be happy. But, but, but, but the truth is, is I don’t think we know specifically. We do know it benefits the attacker and it can benefit the defender. And I have asked all the folks who do intelligence and national security collection for a business almost to the T, they will, they say it will benefit the attacker. Then I bring in a number of CSOs and CISOs from US companies and other companies and all of them say it will benefit the defender. It’s kind of both right? And I mean if you think about cyber for the defender, being wrong once could be devastating. So if you look at it through that perspective, then maybe it will benefit the attacker. But bottom line is, is it’s with us now.

87
00:01:26,000 –> 00:01:27,000
Frank Cilluffo [00:25:47]: This isn’t looking out five, seven years from now. And it is incumbent upon the imagination of both the attacker and the defender in terms of how it’s used.

88
00:01:27,000 –> 00:01:28,000
David DiMolfetta [00:25:57]: Absolutely.

89
00:01:28,000 –> 00:01:29,000
Frank Cilluffo [00:25:57]: To one extent or another. Did anyone bring up post quantum encryption or some of the broader quantum sets of issues? Because I think that’s the other big game changer. If you can protect all your secrets and crack everyone else’s, kind of game over.

90
00:01:29,000 –> 00:01:30,000
David DiMolfetta [00:26:15]: There was some quantum mentioned, surprisingly not as much as I thought, but I think it shows that it’s in the back of our heads. But they do have PQC, post quantum cryptography.

91
00:01:30,000 –> 00:01:31,000
Frank Cilluffo [00:26:23]: Do we have time, you think? I’m not sure I agree with that, but that’s okay.

92
00:01:31,000 –> 00:01:32,000
David DiMolfetta [00:26:28]: I think I hear like mix, you know, I guess mixed feelings about timelines for when we’ll get a functioning quantum computer out at a government agency or how it’s going to be deployed, whether it’s cloud or on prem. And I’d imagine we’d start with some cloud deployments because getting an on prem quantum computer at this point, they’re very large and you need a lot of temperature regulation for them to work. So I’d imagine it wouldn’t be physical at this point, but yeah, some people estimate five to 10 years, more or less. So quantum, I believe it came up a number of times, but not as much as I personally thought. But AI was definitely there.

93
00:01:32,000 –> 00:01:33,000
Frank Cilluffo [00:27:06]: And when I look at AI, it’s almost impossible to be AI dominant if you’re not energy dominant. And that gets into the whole data center sorts of questions. And there are significant issues as to how that could impact an American citizen and an energy company that has a responsibility to ensure that power is up, heat is on, AC is on, depending upon what time of year. Any thoughts there?

94
00:01:33,000 –> 00:01:34,000
David DiMolfetta [00:27:36]: I’m no, I’m no data centers expert, but it’s critical infrastructure. It’s critical infrastructure and it’s, it’s kind of like an interesting loop. Like we think about AI as a cyber component or something that could enhance cyber offense and defense. And then you have the critical infrastructure component that’s not necessarily a cyber thing on its own, but it can be used as a weapon if exploited or sabotaged to scare people. And it all connects. It all connects.

95
00:01:34,000 –> 00:01:35,000
Frank Cilluffo [00:28:06]: I’m gonna flip the tables now. 2026, what are the big stories you’re looking?

96
00:01:35,000 –> 00:01:36,000
David DiMolfetta [00:28:09]: I mean this table’s not flipped right now?

97
00:01:36,000 –> 00:01:37,000
Frank Cilluffo [00:28:12]: No, in all sincerity, what do you think the big trends and what are the big stories you’ll be chasing?

98
00:01:37,000 –> 00:01:38,000
David DiMolfetta [00:28:20]: Yeah, I’m thinking a lot about midterm elections. We’ve seen a lot of reductions across the government enterprise and offices that track election security and disinfo. That’s FBI, the Office of the Director of National Intelligence, CISA. I’d like to see how that’s going to shape out. AI tools are getting better. You know, you think of your rank and file AI video generating tools, Deep Sora. I mean, it’s getting really good. Really good. And look, sometimes it’s comedic.

99
00:01:38,000 –> 00:01:39,000
David DiMolfetta [00:28:55]: Like sometimes if I need a laugh, I’ll watch AI generated videos of chiropractor adjustments going wrong.

100
00:01:39,000 –> 00:01:40,000
Frank Cilluffo [00:29:01]: Ouch.

101
00:01:40,000 –> 00:01:41,000
David DiMolfetta [00:29:01]: Yeah, it’s hilarious. But sometimes, but they can be weaponized, they can be exploited. So I’m curious to see how we’re going to be tracking that on the government side and just election, you know, the idea of election security as a cultural thing here in this administration as well.

102
00:01:41,000 –> 00:01:42,000
Frank Cilluffo [00:29:16]: Midterms one.

103
00:01:42,000 –> 00:01:43,000
David DiMolfetta [00:29:17]: Yeah, so there’s that. And then I’m always watching out for workforce and seeing how the workforce is going to change. What we’ve, I’ll just plug my…

104
00:01:43,000 –> 00:01:44,000
Frank Cilluffo [00:29:25]: You’re uniquely positioned at Nextgov to speak for that community, right?

105
00:01:44,000 –> 00:01:45,000
David DiMolfetta [00:29:30]: Yeah, I’ll plug my employer for a second if I can. I mean, we made great strides the past year in covering the federal workforce because we’re the ones covering those in the weeds programs and in the weeds hires that a lot of the other national outlets aren’t, I’m not saying they’re missing that, but it’s not their audience. But when the order comes down to cut programs and to lay people off.

106
00:01:45,000 –> 00:01:46,000
Frank Cilluffo [00:29:54]: These are real people.

107
00:01:46,000 –> 00:01:47,000
David DiMolfetta [00:29:55]: These are real people. And regardless of what you think of how the government should be structured, it’s disheartening when you’re laid off. And a lot of people have come to us. And I will say a good chunk of my coverage over the past year has relied on anonymous people because it’s been so prevalent.

108
00:01:47,000 –> 00:01:48,000
Frank Cilluffo [00:30:11]: You probably have more anonymous people today than you did last year.

109
00:01:48,000 –> 00:01:49,000
David DiMolfetta [00:30:15]: Yeah, yeah. And you know, we, we take that seriously because we know that our audience is the federal workforce. It’s our readers. So we’re going to be watching that really carefully.

110
00:01:49,000 –> 00:01:50,000
Frank Cilluffo [00:30:27]: And dare I say the, the women and men, I mean, we lose the fact that technology will continue to change. Human nature remains relatively consistent.

111
00:01:50,000 –> 00:01:51,000
David DiMolfetta [00:30:38]: Yes.

112
00:01:51,000 –> 00:01:52,000
Frank Cilluffo [00:30:38]: And until we’re looking at pure AGI on AGI, and that may come, but not today. At the end of the day, there’s a person behind the clickety clack of the keyboard. Right? For good and bad.

113
00:01:52,000 –> 00:01:53,000
David DiMolfetta [00:30:51]: Yep. In CISA, in NSA, in Cyber Command, the big thing I’ve been able to focus on in the past year is the workforce. It’s the people. That’s what’s driven a lot of the great coverage that we’ve been able to do across not just Nextgov, across the entire gov exec enterprise. And we’re gonna continue to do that.

114
00:01:53,000 –> 00:01:54,000
Frank Cilluffo [00:31:10]: So midterms workforce, is there a third?

115
00:01:54,000 –> 00:01:55,000
David DiMolfetta [00:31:15]: The next big cyber attack.

116
00:01:55,000 –> 00:01:56,000
Frank Cilluffo [00:31:17]: Blink. We may have missed it between now and…

117
00:01:56,000 –> 00:01:57,000
David DiMolfetta [00:31:22]: Yeah, I don’t know, maybe it’ll be another Salt Typhoon. We won’t pick it up for another few years. But I mean, something’s always happening and we just have to keep our eyes peeled and stay as focused as we can. But the next big cyber attack, I don’t know what that means or how it would shape up, but.

118
00:01:57,000 –> 00:01:58,000
Frank Cilluffo [00:31:41]: David, thank you for your reporting. Thank you, and this is an underappreciated aspect. I’m getting old and probably long in the tooth, but curiosity is really important. Staying curious is important. Staying focused on what matters is important. And thank you for your coverage, for your reporting, and keep those gum shoes on and start doing, and continue to do good work.

119
00:01:58,000 –> 00:01:59,000
David DiMolfetta [00:32:08]: Thank you for all you do here, Frank. I appreciate it.

120
00:01:59,000 –> 00:02:00,000
Frank Cilluffo [00:32:10]: And let me leave you, figuratively and literally, with the token of our appreciation, our coin. Thank you.

121
00:02:00,000 –> 00:02:01,000
David DiMolfetta [00:32:16]: Thank you. Thank you.

122
00:02:01,000 –> 00:02:02,000
Frank Cilluffo [00:32:18]: Thank you for joining us for this episode of Cyber Focus. If you liked what you heard, please consider subscribing. Your ratings and reviews help us reach more listeners. Drop us a line if you have any ideas in terms of topics, themes, or individuals you’d like for us to host. Until next time, stay safe, stay informed, and stay curious.