Q: What are the most pressing trends in cybersecurity today, particularly from a national security perspective?
Mr. Thummala: We’re seeing a convergence of serious threats—from state-sponsored cyberattacks and supply chain compromises to AI-generated misinformation and ransomware campaigns. Cybersecurity isn’t just a tech issue anymore; it’s now a central element of military and economic strategy. Traditional borders don’t apply in cyberspace. An attack can come from anywhere and impact everything, from power grids to personal computers.
Q: How is artificial intelligence transforming cybersecurity, both for attackers and defenders?
Mr. Thummala: AI is a double-edged sword. On the defensive side, it is improving anomaly detection, automating threat responses, and helping secure complex cloud environments. But attackers are using it too. We’ve seen AI-generated phishing, voice cloning, deepfake videos, and even malware that adapts on the fly to avoid detection.
What’s really concerning is how AI is being weaponized for social engineering—mass disinformation, impersonation, and psychological manipulation.
Q: Let’s talk about quantum computing. Some call it a ‘cryptographic time bomb.’ How close are we to that reality, and what should governments do now?
Mr. Thummala: That description is accurate. Quantum computers could break widely used encryption protocols like RSA and ECC, potentially exposing everything from defense secrets to financial records. While we may still be several years away from that level of quantum capability, attackers are already harvesting encrypted data with the intent to decrypt it later—what we call “harvest now, decrypt later.”
Governments should not wait. They need to start migrating to post-quantum cryptography (PQC). NIST has already selected candidate algorithms, but large-scale implementation takes time—especially across legacy systems.
Q: The healthcare sector has become a major target for cyberattacks. Why is it so vulnerable, and how can we protect it?
Mr. Thummala: Healthcare is a perfect storm: it has extremely sensitive data, life-critical systems, and outdated infrastructure. Many hospitals still rely on legacy systems that were never designed with security in mind. Add the complexity of third-party vendors and the growing use of Internet of Medical Things (IoMT) devices, and you have a high-risk environment.
To protect it, we need to modernize infrastructure, implement zero-trust security models, ensure proper segmentation, and secure IoMT endpoints. Lives are literally on the line when ransomware takes down hospital systems.
Q: What about the use of AI in healthcare? Does it help or hurt cybersecurity efforts?
Mr. Thummala: Both. AI has great potential in healthcare—from diagnostics to early detection of outbreaks—but it also introduces new risks. Imagine a scenario where an attacker manipulates AI-generated medical images or corrupts the training data behind diagnostic tools. That could lead to misdiagnosis or even patient harm.
We need clear testing protocols, strong validation procedures, and governance to ensure AI in healthcare is trustworthy and resilient to manipulation. Security must be baked into every model, not added later.
Q: There’s growing concern about scams targeting seniors, especially with AI voice cloning. What’s your take on this, and how can families protect loved ones?
Mr. Thummala: It’s one of the most alarming trends. Scammers are now using AI to mimic the voices of family members and trick seniors into wiring money or revealing sensitive information. These scams are emotionally manipulative and often highly convincing.
The best defense is education. Families should discuss common scam tactics and agree on a “safe word” that must be used in emergencies. Financial institutions and telecom providers also have a role to play in flagging suspicious activity. This isn’t just a cybersecurity issue—it’s a human issue.
Q: If you had to give three top recommendations to policymakers today, what would they be?
Mr. Thummala:
- Prioritize post-quantum readiness across all sectors, especially defense, healthcare, and finance.
- Treat cybersecurity as a strategic imperative, not a technical one. It must be embedded in foreign policy, national defense, and economic planning.
- Invest in the cybersecurity workforce and public-private collaboration. We need more trained professionals and better coordination between sectors to handle the speed and complexity of modern threats.
Q: Are we keeping up with the pace of change—or are we falling behind?
Mr. Thummala: We’re innovating rapidly, but so are our adversaries. The difference is that while attackers only have to be right once, defenders have to be right every time. We’re in a race, not just for cybersecurity, but for trust in our systems, governments, and institutions. The challenge is immense—but not insurmountable. With foresight, collaboration, and urgency, we can meet it.
