Top Sites>HHome - Institute for Security and Technology

Crawl-delay: 10
# START YOAST BLOCK
# ---------------------------
User-agent: *
Disallow:

Sitemap: https://securityandtechnology.org/sitemap_index.xml
# ---------------------------
# END YOAST BLOCK

# Institute for Security and Technology: Institute for Security \+ Technology

> The Institute for Security and Technology \(IST\) is the 501\(c\)\(3\) critical action think tank\. IST unites technology and policy leaders to create actionable solutions to emerging security challenges\.

Generated by Yoast SEO v27.4, this is an llms.txt file, meant for consumption by LLMs.

## Pages
- [About the Institute for Security and Technology](https://securityandtechnology.org/about-ist/): The Critical Action Think Tank
- [Contact](https://securityandtechnology.org/contact/)
- [Privacy Policy](https://securityandtechnology.org/privacy-policy/)
- [AI and Nuclear Command, Control, and Communications](https://securityandtechnology.org/ai-nc3/): Pioneering action\-oriented efforts to explore how advanced AI capabilities will be integrated into NC3 systems

- [AI Antitrust and National Security](https://securityandtechnology.org/ai-antitrust-and-national-security/): Exploring how to more effectively account for national security considerations in AI antitrust cases while respecting precedent, scope, and the core principles of antitrust law
- [AI Chip Export Control Initiative](https://securityandtechnology.org/ai-chip-export-control-initiative/): Safeguarding U\.S\. national competitiveness by closing critical compliance and enforcement gaps
- [AI Risk Reduction Initiative ](https://securityandtechnology.org/ai-risk-reduction-initiative/): Assessing the risks and opportunities of AI foundation models and developing technical and policy\-oriented risk reduction strategies
- [Combating Distributed Denial of Service Attacks](https://securityandtechnology.org/combating-distributed-denial-of-service-attacks/): Clarifying industry incentives and identifying best practices to combat threats posed by DDoS attacks
- [Generative Identity Initiative \(GII\)](https://securityandtechnology.org/generative-identity-initiative/): Exploring how GenAI will affect social cohesion and the protection of public interest
- [Our Team](https://securityandtechnology.org/our-team/): We unite technology and policy leaders to create actionable solutions to emerging security challenges
- [Ransomware Task Force \(RTF\)](https://securityandtechnology.org/ransomwaretaskforce/): Combating the ransomware threat with a cross\-sector approach
- [UnDisruptable27](https://securityandtechnology.org/undisruptable27/): Acting with Urgency to Save Lives in the Face of Unprecedented Cyber Threats

- [Future of Digital Security](https://securityandtechnology.org/future-of-digital-security/): Examining the systemic security risks of societal dependence on digital technologies\.
- [Innovation and Catastrophic Risk](https://securityandtechnology.org/innovation-and-catastrophic-risk/): Integrating novel technical expertise to increase global stability and assess emerging risks
- [The Geopolitics of Technology](https://securityandtechnology.org/democracy-and-the-geopolitics-of-tech/): Taking on the implications of technology for global politics and security, which will shape innovation, supply chains, prosperity, and national and international security\.
- [Analysis](https://securityandtechnology.org/analysis/): Explore our research
- [Events](https://securityandtechnology.org/events/): View the Institute for Security and Technology's upcoming and past events\. 

## Annual Reports
- [2025](https://securityandtechnology.org/annual-report/2025/)
- [2024](https://securityandtechnology.org/annual-report/2024/)
- [2023](https://securityandtechnology.org/annual-report/2023/)
- [2022](https://securityandtechnology.org/annual-report/2022/)

## Blogs
- [Lessons from Moltbook: When Agents Talk to Agents](https://securityandtechnology.org/blog/lessons-from-moltbook-when-agents-talk-to-agents/): Moltbook, a Reddit\-like forum meant solely for AI agents, had already garnered over 1\.5 million users before research suggested that a multi\-agent environment with weak cybersecurity guardrails could be a hotbed for scaling fraud and influence operations\. For the IST blog, Gabrielle Tran outlines what this means for the cyber\-enabled manipulation of tomorrow\.
- [Design Obligation or Third\-Party Liability? The White House Framework and AI's Grey Area](https://securityandtechnology.org/blog/design-obligation-or-third-party-liability/): The White House’s newly\-released National Policy Framework for Artificial Intelligence addresses the boundary between federal and state AI regulation, including a recommendation that states should not hold developers liable for third parties’ unlawful use of their models\. Gabrielle Tran examines what this means for the emerging legal landscape around AI harm\. 
- [Meet the Andrew Carnegie AI\-Nuclear Policy Accelerator Inaugural Cohort](https://securityandtechnology.org/blog/meet-the-andrew-carnegie-ai-nuclear-policy-accelerator-inaugural-cohort/): IST introduces the 26 members of the inaugural Andrew Carnegie AI\-Nuclear Policy Accelerator cohort, a program that will equip mid\-career security practitioners with the tools to confront the intersection between AI and nuclear issues\.
- [Q\&A: Where do we go from here? IST Reflections on RSAC ‘26](https://securityandtechnology.org/blog/qa-where-do-we-go-from-here-ist-reflections-on-rsac-26/): RSAC Post\-conference takeaways with Chief Strategy Officer Megan Stifel, Executive in Residence for Public Safety \& Security Josh Corman, Senior Vice President for Policy Nicholas Leiserson, and Senior Director for Preparedness and Response Michael Klein,\.
- [Announcing the Launch of the México Ransomware Task Force](https://securityandtechnology.org/blog/mexico-rtf/): IST, in collaboration with a coalition of local and global partners, is excited to announce the launch of the México Ransomware Task Force to tackle the growing threat that ransomware poses to Mexican critical infrastructure and the country’s digital economy, made possible through the support of Mastercard, Microsoft, and Sophos\.

## Events
- [Critical Effect DC 2025](https://securityandtechnology.org/event/critical-effect-dc-2025/): The next evolution of Hack the Capitol, Critical Effect DC is a two\-day, annual critical infrastructure\-focused conference connecting policymakers, members of civil society and academia, and OT/ICS stakeholders\. Presented by ICS Village, in partnership with the Institute for Security and Technology, Crowell LLP, and the National Security Institute, this year’s event prioritized timely, solution\-driven content with a sense of urgency, focusing on initiatives that can be implemented in the next two years\.
- [Critical Effect 2026](https://securityandtechnology.org/event/critical-effect-2026/): Mark your calendars\! The two\-day Critical Effect conference is coming back to Washington, DC on June 17 and 18, in partnership with ICS Village and Akin\. With 2027 getting closer, we are prioritizing ideas that lead to real, actionable impact\.

- [Securing Our Autonomy: How AI Fuels Cognitive Warfare \- and How We Can Fight Back](https://securityandtechnology.org/event/securing-our-autonomy-how-ai-fuels-cognitive-warfare-and-how-we-can-fight-back/): In a side event at the SCSP AI Expo, experts on the front lines of policy, industry, and neuroscience unpacked how AI is being weaponized for psychological and influence operations — and how we can build resilience across society\. 
- [The Fight Comes to Our Shores: Breaking Down the Cyber Attack on Stryker](https://securityandtechnology.org/event/the-fight-comes-to-our-shores-breaking-down-the-cyber-attack-on-stryker/): What do we know about what happened, and who carried out this destructive attack? What are the potential motivations behind the targeting? How does it compare to past cyber operations? And how should policymakers and critical infrastructure operators respond?
- [Improving Nuclear Hotlines: Experts Speak](https://securityandtechnology.org/event/improving-nuclear-hotlines-experts-speak/): Should multilateral crisis communications systems be used before, during, or after a crisis? How would nuclear\-armed states benefit most from such a system? What challenges stand between theory and implementation?

## People
- [Jaclyn Goudie](https://securityandtechnology.org/person/jaclyn-goudie/)
- [Dr\. Steven Burns, P\.E\.](https://securityandtechnology.org/person/steven-burns/)
- [Rhiannon Hutton](https://securityandtechnology.org/person/rhiannon-hutton/)
- [Sahil V\. Shah](https://securityandtechnology.org/person/sahil-shah/): Sahil V\. Shah is a Senior Fellow for Nuclear Policy at the Institute for Security and Technology\.
- [Catherine Murphy](https://securityandtechnology.org/person/catherine-murphy/)

## Podcasts
- [Episode 51: Cyber\-Informed Engineering: Moving Beyond the Firewall](https://securityandtechnology.org/podcast/episode-51/): For the last episode of season 5, host Bryson Bort sat down with Andrew Ohrt, Resilience Director at West Yost Associates to walk through the "invisible" nature of water systems, the impact of data centers on utility resilience, and how Cyber\-Informed Engineering protects our most essential resource\.
- [Episode 50: Systems Engineering for Survival: A Physician's Guide to Emergency Management](https://securityandtechnology.org/podcast/episode-50/): Our host Bryson Bort welcomes Dr\. Natalie Sullivan, Medical Director of the Emergency Response Medical Group and an emergency medicine physician at a D\.C\. area hospital\. Trained in EMS and disaster and operational medicine, Natalie turned her attention to the critical intersection of clinical medicine, patient safety, and cybersecurity resilience after experiencing a prolonged ransomware attack on a major hospital\.
- [Episode 49: Bridging the IT/OT Divide in Oil and Gas](https://securityandtechnology.org/podcast/episode-49/): Bryson Bort is joined by Dd Budiharto, Microsoft’s Customer Security Officer for the Oil, Gas, and Energy sectors, as she shares her experience bridging the IT/OT divide in the energy sector\.
- [Episode 48: AI and the Future of Maritime Cybersecurity](https://securityandtechnology.org/podcast/episode-48/): In a new episode of the ICS Village and IST podcast Hack the Plan\[e\]t, retired maritime cybersecurity professor Gary Kessler joins Bryson Bort to walk us through the ins and outs of cybersecurity at sea, automated identification systems, and AI’s current and future role in maritime operations\. What is AIS spoofing, and why is it dangerous? What are the unique challenges posed by cybersecurity at sea? Is the maritime industry ready for artificial intelligence integrations? 
- [Why Venture Capital is Indispensable for U\.S\. Industrial Strategy](https://securityandtechnology.org/podcast/technologist-talks-why-venture-capital-is-indispensable-for-u-s-industrial-strategy/): In the first episode of the TechnologIST Talks series “The Strategic Edge in Techno\-Industrial Competition,” Michael Brown and Pavneet Singh join IST Chief Executive Officer Philip Reiner for a conversation on their plan for harnessing the power of venture capital\.

## Resources
- [Testimony: Online Scams, Crypto Fraud \& Digital Extortion: How Transnational Criminal Networks Target Americans](https://securityandtechnology.org/virtual-library/testimony/testimony-online-scams-crypto-fraud-digital-extortion-how-transnational-criminal-networks-target-americans/): On Tuesday, April 21, IST Chief Strategy Officer Megan Stifel joined the House Committee on Homeland Security for a hearing on online scams, fraud, and digital extortion to examine how transnational criminal networks are targeting Americans\.
- [Counter Ransomware Initiative Tabletop Exercise: After\-Action Report](https://securityandtechnology.org/virtual-library/report/cri-tabletop-exercise-after-action-report/): IST, in partnership with the Australian Department of Home Affairs and the Counter Ransomware Initiative’s Private Sector Advisory Panel—led by Public Safety Canada and BlackBerry—held a multinational ransomware tabletop exercise on the margins of Singapore International Cyber Week and the Fifth CRI Summit\. A new after action report summarizes the discussion and presents 3 key takeaways\.
- [Comparative Analysis of National and Regional Product Cybersecurity Frameworks](https://securityandtechnology.org/virtual-library/report/comparative-analysis-of-product-cybersecurity/): Author Taylor Roberts presents a structured, data\-driven analysis of product cybersecurity frameworks across multiple jurisdictions for policymakers\. 
- [Imminent National Cyber Strategy May Lean on Offense at the Expense of Defense](https://securityandtechnology.org/virtual-library/op-ed/imminent-national-cyber-strategy-may-lean-on-offense-at-the-expense-of-defense/): The Trump administration’s National Cyber Strategy is imminent\. Will it, as rumors suggest, prioritize cyber offense over defense in order to shape adversary behavior? In a new Claroty Nexus op\-ed, IST Chief Strategy Officer Megan Stifel breaks down the history of U\.S\. cyber strategy and the potential drawbacks of an offense\-first approach\.
- [CVE at a Crossroads: A Blueprint for the Next 25 Years](https://securityandtechnology.org/virtual-library/report/cve-at-a-crossroads/): The Common Vulnerabilities and Exposures \(CVE\) Program is a critical public good, yet it is at a crossroads\. Established by MITRE with support from the U\.S\. government, the index of software vulnerability identifiers has been a core element of software security since 1999\. But recent funding issues have laid bare fundamental challenges, and without action, the vulnerability identification landscape will fragment\. This report provides recommendations for global policymakers on how to reimagine the CVE Program for the next 25 years\. 

## Event Types
- [Virtual Webinar](https://securityandtechnology.org/event-type/virtual-webinar/)
- [All\-Day Event](https://securityandtechnology.org/event-type/all-day-event/)
- [Side Event](https://securityandtechnology.org/event-type/side-event/)
- [AMA](https://securityandtechnology.org/event-type/ama/)
- [Cyber Policy Awards](https://securityandtechnology.org/event-type/cyber-policy-awards/)

## Pillars \& Projects
- [Future of Digital Security](https://securityandtechnology.org/pillar_project/future-of-digital-security/)
- [Innovation and Catastrophic Risk](https://securityandtechnology.org/pillar_project/innovation-and-catastrophic-risk/)
- [The Ransomware Task Force \(RTF\)](https://securityandtechnology.org/pillar_project/future-of-digital-security/the-ransomware-task-force-rtf/)
- [CATALINK](https://securityandtechnology.org/pillar_project/innovation-and-catastrophic-risk/catalink/)
- [The Geopolitics of Technology](https://securityandtechnology.org/pillar_project/the-geopolitics-of-technology/)

## Resource Types
- [Report](https://securityandtechnology.org/resource_type/report/)
- [In the News](https://securityandtechnology.org/resource_type/in-the-news/)
- [Op\-ed](https://securityandtechnology.org/resource_type/op-ed/)
- [AAR](https://securityandtechnology.org/resource_type/aar/)
- [Podcast](https://securityandtechnology.org/resource_type/podcast/)

## Sources
- [IST publications](https://securityandtechnology.org/resource_source/ist-publications/)
- [External publications](https://securityandtechnology.org/resource_source/external-publications/)

## Teams
- [Team](https://securityandtechnology.org/team/our-team/)
- [Adjunct Advisors](https://securityandtechnology.org/team/adjunct-senior-advisors/)
- [2026 Andrew Carnegie AI\-Nuclear Policy Accelerator Cohort](https://securityandtechnology.org/team/2026-andrew-carnegie-ai-nuclear-policy-accelerator-cohort/)
- [CATALINK Technical and Policy Advisors](https://securityandtechnology.org/team/initial-technical-and-policy-advisors-catalink/)
- [IST Future of Digital Security Experts](https://securityandtechnology.org/team/future-of-digital-security/)

## Topics
- [cybersecurity](https://securityandtechnology.org/resource_topic/cybersecurity/)
- [Ransomware](https://securityandtechnology.org/resource_topic/ransomware/)
- [NC3](https://securityandtechnology.org/resource_topic/nc3/)
- [artificial intelligence](https://securityandtechnology.org/resource_topic/artificial-intelligence/)
- [critical infrastructure](https://securityandtechnology.org/resource_topic/critical-infrastructure/)

## Years
- [2022](https://securityandtechnology.org/resource_year/2022/)
- [2019](https://securityandtechnology.org/resource_year/2019/)
- [2025](https://securityandtechnology.org/resource_year/2025/)
- [2024](https://securityandtechnology.org/resource_year/2024/)
- [2020](https://securityandtechnology.org/resource_year/2020/)

## Optional
- [Sitemap index](https://securityandtechnology.org/sitemap_index.xml)