About CATALINK
What is CATALINK?
The CATALINK project builds an open source, additive, multilateral crisis communication technology for use by the leaders of nuclear weapons states. If implemented, CATALINK would build on the “hotline” model of previous generations, and rely on internationally-driven open-source technologies to maximize user integrity and trust.
What are the CATALINK components?
The Puck
A simple, secure, and robust device meant for dedicated communication between global leaders and officials during a nuclear crisis or other high-stakes events like disaster response. Designed with an open-source platform, the Puck will send text messages in minutes.
The Broker
An interface between the puck and the ROCCS which determines the path of the Puck message throughout the desired network.
The ROCCS (Resilient Omni Frequency Crisis Communications System)
A permanently active global mesh network, the ROCCS uses multiple channels/wavelengths to ensure reliable message relays; one of a variety of redundant networks for puck messages to use depending on availability, the threat environment, and the type of message sent.
How do states use the CATALINK system?
When the leader of a nuclear-armed state wants to communicate with another leader using the CATALINK system, they type a message using the Puck and can send it to the recipients of their choosing. Once the leader hits send, the Broker automatically finds the quickest, most secure route to deliver the message through the ROCCS global mesh network. Within minutes, the recipient leader(s) receive an alert that would prompt them to authenticate the message using a pre-determined key encryption. Once the identities are authenticated, the recipients confirm receipt of the message and can immediately respond.
Watch this short video about CATALINK that illustrates how the CATALINK components operate.
Why is CATALINK needed?
Not every country with nuclear weapons has a direct leader or military communication line with every other country with nuclear weapons. Additionally, there are no multilateral hotlines between states with nuclear weapons. Unlike the Cold War when security concerns were largely focused on one bilateral conflictual dyad, 21st century challenges are increasingly complex with multiple strategic competitors. CATALINK is an additive measure, not meant to replace existing hotlines but to add other resilient options for leaders to communicate before, during, and after a conflict or nuclear war.
Existing hotlines may be vulnerable to kinetic threats, such as environmental degradation or destruction during conflict, or non-kinetic threats such as cyber attacks and electronic warfare. New technological developments that could further destabilize communications (e.g. AI-generated audio and video) must also now be taken into account when thinking of how to improve resiliency, especially in a degraded security environment where miscommunication and misperceptions can flourish.
What is the Institute for Security and Technology and what do they have to do with CATALINK?
The Institute for Security and Technology (IST), a 501(c)(3) nonprofit think tank, is the home of the CATALINK initiative. Technology has the potential to unlock greater knowledge and opportunities, but insecure, negligent, or exploitative technological advancements can threaten global security and stability. IST’s mission is to unite technology and policy leaders to create actionable solutions to emerging security challenges.
What are the origins of the CATALINK initiative?
CATALINK was conceived during international meetings convened by IST at Stanford University’s Hoover Institution in 2019, where IST (formerly Technology for Global Security, or Tech4GS), Nautilus Institute, and the Preventive Defense Project brought together global nuclear policymakers, academics, current and former senior decisionmakers, and experts from the technology sector for discussions on global nuclear communications. At this workshop, Eric Grosse, former Vice President of Security and Privacy Engineering at Google, suggested a new approach to hotlines that emphasizes security and encryption, thus forming the initial concepts for CATALINK. A synthesis report from that workshop can be read here.
Is this an American initiative?
Although the Institute for Security and Technology is based in the United States, it is actively engaging the international community throughout the development of CATALINK. Nuclear war is a global threat; thus, IST is committed to ensuring that all experts, engineers, scientists, diplomats, and other individuals involved in CATALINK reflect the international community. Looking for examples of how to build international consensus around this concept, we took inspiration from the process that led to the creation of the National Institute of Standards and Technology Advanced Encryption Standard (NIST AES). To ensure the integrity and validity of the technical solution, IST is building a community of passionate global citizens from varying professional backgrounds. CATALINK is truly an international effort, with generous funding and political support from the Swiss Federal Department of Foreign Affairs and the German Federal Foreign Office, and in-kind contributions from experts around the world.
Is this an American initiative?
Although the Institute for Security and Technology is based in the United States, it is actively engaging the international community throughout the development of CATALINK. Nuclear war is a global threat; thus, IST is committed to ensuring that all experts, engineers, scientists, diplomats, and other individuals involved in CATALINK reflect the international community. Looking for examples of how to build international consensus around this concept, we took inspiration from the process that led to the creation of the National Institute of Standards and Technology Advanced Encryption Standard (NIST AES). To ensure the integrity and validity of the technical solution, IST is building a community of passionate global citizens from varying professional backgrounds. CATALINK is truly an international effort, with generous funding and political support from the Swiss Federal Department of Foreign Affairs and the German Federal Foreign Office, and in-kind contributions from experts around the world.
CATALINK and the Strategic Landscape
What are the shortcomings of current hotlines?
- Lack of trust and cooperation: The contemporary security environment has not facilitated the development and implementation of secure hotlines as a security and diplomatic priority. A lack of confidence in the intentions of other states has decreased desire to cooperate and communicate, at a time when the opposite is required to mitigate risks of nuclear war.
- History of ineffectiveness: The current technologies, networks, and systems that hotlines rely on have not to date been sufficient to lessen threats of conflict escalation. The performance of existing systems is often unreliable and not all nuclear states have access to the technology and technical expertise which could increase technological performance.
- Insufficient focus: Broad definitions of hotlines have undermined their implementation. Referring to all unencrypted communications as “hotlines” ignores that in order to reduce nuclear risks, a hotline needs to be a secure and unbreakable network.
- Insufficient breadth: The presence of nine nuclear-armed states (not to mention their allies and adversaries that would undoubtedly be pulled into a potential nuclear crisis) complicates the logistics and technical requirements for designing current hotlines and has prevented the implementation of a global nuclear communication channel.
What bilateral hotlines currently exist between nuclear-armed states?
Only eight bilateral hotlines dedicated to nuclear de-escalation exist between nuclear-armed states. These crisis communication channels have a variety of characteristics, depending on the actors involved (state leaders vs. military officials), the number of links, and the purposes for the direct link. Some hotlines have been upgraded to rely on internet networks and redundant channels to harden against kinetic and non-kinetic threats, while others have been described as “moribund.” For a detailed list of all existing direct communication links between states, read IST’s “Atlas of Crisis Communications: Nuclear States (July 2022).”
There are additional political and military hotlines that exist between nuclear-armed states and non-nuclear states, as well as between two non-nuclear states. Below is a list of known hotlines between nuclear-armed states and their establishment date:
- Russia-United States (1963)
- Russia-France (1966)
- Russia-United Kingdom (1967)
- Russia-China (1998)
- United States-China (1998)
- India-Pakistan (2004)
- India-China (2010)
- United States-India (2015)
*The United States and the United Kingdom have a number of direct channels of communications, though none have been designated officially as a hotline
Is there support for strengthening crisis communications?
There is a current emphasis being placed on the need for risk reduction within the nuclear policy community, which was fully evident during the proceedings at the 2022 Non-Proliferation Treaty Review Conference. All major governmental and non-governmental risk reduction initiatives (e.g. the P5 Process, Global Enterprise, Stockholm Stepping Stones Initiative, and Nonproliferation and Disarmament Initiative) have recognized the need for improving the current crisis communications architecture. The CATALINK initiative has provided important concepts for building a system to meet today’s technical and geopolitical realities.
The CATALINK team continues to engage with nuclear-armed and non-nuclear-armed states in diplomatic contexts to emphasize the need for strengthening crisis communications. The Institute for Security and Technology was a registered non-governmental organization to participate in the 2025 Non-Proliferation Treaty Preparatory Committee, and will host events during the upcoming 2026 Review Conference to advance the concepts of CATALINK.
How can CATALINK fit into a broader toolkit of nuclear crisis control?
CATALINK is only one line of effort among many strategic risk reduction measures. These additional tools include increased data sharing and transparency, launch notification agreements, more frequent strategic dialogues, and other confidence-building measures (CBMs).
The existence of crisis communications between nuclear-armed states has not solved conflict. However, these bilateral channels between heads of state have played a role in limiting escalation between adversaries with nuclear weapons in the midst of violent conflicts–and will continue to play a role going forward. At the very least, these communication lines provide a mechanism for information sharing at a time when misperception and misunderstanding could lead to devastating consequences. The ability to send near-instantaneous secure messages between two states is undoubtedly a stabilizing factor.
How can you factor in the values of differing risk reduction cultures?
States will have the prerogative to use CATALINK how they see fit, consistent with their own strategic cultures, and in agreement with their counterparts.
The CATALINK design concept invites and seeks to integrate feedback from all nuclear-armed states, to encourage the adoption of CATALINK by all states with nuclear weapons. However, IST believes that CATALINK can have additive value even if a few nuclear-armed states adopt it. By welcoming and aiming to leverage the input of experts from nuclear-armed states into the design concept, the CATALINK initiative team is hopeful that even states that have traditionally differed in approaches to risk reduction consider adopting the system.
What are the incentives for nuclear-armed states to consider and work with CATALINK?
Secure, resilient crisis communications systems actively reduce the risk of global nuclear war. Novel risk reduction measures, including additive crisis communication systems like CATALINK, present tangible confidence-building measures that do not necessitate concessions nor acceptance of additional risk from states with nuclear weapons. CATALINK would provide leaders of states with nuclear weapons a secure and resilient thin line crisis communication capability with the option of bilateral or multilateral use.
The CATALINK concept design takes into account environmental and technical specifications necessary for potential use in the lead up to a crisis, during a crisis, and in worst cases, post-nuclear exchange. We cannot wait for the next nuclear crisis to play out to understand the concerning lack of reliable communication mechanisms between states. In the event that all other risk reduction tools fail, the world will ultimately benefit from having a last-resort backup. Nuclear-armed states time and again have asserted that nuclear war cannot be won and must never be fought, so states must explore any tool that could potentially assist in preventing or ceasing a nuclear conflict.
What role can states without nuclear weapons and civil society play?
States without nuclear weapons and civil society groups are critical to the CATALINK initiative and design process. Non-nuclear weapons states can actively contribute to the initiative by taking part in the technical design and proof of concept processes, as well as by providing diplomatic support. The CATALINK team hosts multiple international convenings for political and technical experts throughout the year, which include many experts from allied states and representatives from the Global South. These perspectives are essential to examine all global security considerations and help spread the ideas and concepts of CATALINK. The initiative is currently financially and politically supported by the Swiss Federal Department of Foreign Affairs and the German Federal Foreign Office. If you are interested in supporting the CATALINK initiative financially, please reach out to [email protected].
CATALINK Security
Why should states trust CATALINK?
Cybersecurity is absolutely critical to any system facilitating communication between leaders of states with nuclear weapons. In particular, national and international communication systems face increasing risks as offensive cyber actors, both nation-state and rogue, gain sophistication.
The CATALINK team is acutely aware of these risks and is committed to designing CATALINK with security at the center of the system. Guided by the principle that “complexity is the enemy of security,” CATALINK is designed to be radically simple. CATALINK users will know what every single line of code does, how every piece of hardware interacts, and where any bugs or vulnerabilities may lie. Simpler lines of code mean there are fewer points of entry for any potential malicious actors attempting to infiltrate and manipulate the system.
As an additional form of security, with an eye toward the many supply chain exploits that have emerged in recent years, states will not only build their own CATALINK systems, based on initial design specs and advice provided by the CATALINK team, but will also source all components and hardware for their systems. States will thus be able to source materials from suppliers that they trust. Nuclear-armed states that adopt CATALINK will also be responsible for any maintenance and upkeep of their hardware and software that support their crisis communications needs.
How is CATALINK cyber secure?
Trust was built into the CATALINK initiative from the outset and prioritizes radical transparency. The Puck will use an open-source code that all participating nuclear-armed states can collaborate on and rigorously inspect. In addition, while IST is responsible for the prototype design and proof of concept for the CATALINK system, states that choose to adopt CATALINK will be responsible for its manufacturing and operations using their own supply chains to ensure additional state security and trust.
The CATALINK design team is composed of international experts and technologists and integrates insight from nuclear-armed states. The CATALINK team has briefed a number of states with and without nuclear weapons, as part of a global diplomatic campaign to present the system, answer questions, and encourage engagement with the initiative. CATALINK draws inspiration from the AES competition and looks to it as an excellent example of how trust engendered through international collaboration can increase global security.
How is CATALINK resilient against AI-enabled deepfakes?
CATALINK is designed with radical simplicity, which helps to secure it against deepfakes. The code base is simple, and therefore, there are very few access points for hackers to utilize and manipulate to execute an action such as deposing an AI-enabled deepfake.
In addition, CATALINK prevents voice-enabled deepfakes through the essential implementation of physical key encryption exchanges, such as a PGP security program. Prior to implementing CATALINK, leaders must exchange encryption keys in person, so that the leaders can only communicate using the Puck after their identities have been fully authenticated through the encryption key. A hacker interested in deepfaking CATALINK must physically steal the key from the world leader to successfully gain access to the CATALINK system. These key exchanges are detailed in CATALINK advisor Eric Grosse’s paper, “Hotline Cryptography.”
Does CATALINK pose espionage risks?
CATALINK is designed to be secure and resilient against espionage. First, before parties are able to send messages to each other, the CATALINK design calls for physical key exchanges to enable message encryption. This function authenticates the identity of the parties involved in the exchange to ensure trust and security in the system. See the FAQ on key exchanges.
In addition, the CATALINK system will be hardened against espionage risks at the same high standard that nuclear-armed states apply to their internal communications. States are responsible for building their own systems and will source all components and hardware for their systems. States will thus be able to source materials from those suppliers that they trust and already comply with a state’s security precautions. Likewise, the production of CATALINK system components can happen domestically in each state.
To harden the system against as-yet-unanticipated espionage risks, CATALINK will invite red teams from all around the world to try and break into the prototype system in the testing phase, revealing vulnerabilities prior to deployment. If you are a cryptologist or security enthusiast who would be interested in participating in CATALINK’s upcoming “hackathons,” please email the CATALINK team at [email protected].
CATALINK Use
What mechanisms are available to communicate using CATALINK?
In its initial prototype phase, the Puck is enabled to send only text messages between leaders, not phone or video calls. The message is typed and sent immediately and then will be translated on the other end by the recipient. These mechanisms may be expanded as the states build more trust and transparency with each other and with the CATALINK system.
Why not just use WhatsApp or Signal?
While political and military leaders regularly use platforms like WhatsApp or Signal to communicate in a crisis internally or with other states, CATALINK is meant to serve as a last-resort backstop option for communication when commonly-used systems such as Google Public DNS or Amazon Web Services fail. Importantly, CATALINK is a system that is built to be simple enough to be investigated and re-implemented by nuclear-armed competitors. For national security reasons, these competitors cannot access—and therefore may not fully trust—the security and reliability of communication platforms like WhatsApp, Signal, or any other commercial messaging system.
Is CATALINK an NC3 System?
No. CATALINK is intended to be an additive measure, not to replace any existing national communication systems or capabilities. CATALINK is not meant to act as an alternative NC3 system for any state with nuclear weapons. It should be a parallel and separate crisis communications system between states with nuclear weapons. That being said, the Puck should always be near the state leader, and therefore might have to be transported or stored next to other emergency communication and nuclear crisis systems, like the nuclear “football.”
How does CATALINK connect or relate to national systems?
CATALINK is designed for use in the lead-up to, during, and/or after a conflict, or in the worst case, nuclear war. The way in which this use is realized is up to individual states. As such, states will have the prerogative to connect CATALINK to whatever national systems they deem best. The Puck and Broker will require a connection to at least a handful of national systems for optimized utility.
The ROCCS (Resilient Omni Frequency Crisis Communications System), the resilient fallback network for CATALINK, will necessitate shared ownership because of its global interconnectivity. The maintenance and upgrading of that system will be done via prior agreed joint actions between states.
Do all nuclear-armed states need to adopt CATALINK for it to work?
No. The CATALINK team believes that even if only a few nuclear-armed states adopt CATALINK, it would still substantially contribute to nuclear risk reduction measures and would potentially avoid or cease a nuclear war. However, because of the degree of security and reliability, there is little reason as to why any nuclear-armed state should not consider adopting CATALINK.
Does CATALINK have to be used for multilateral communication?
CATALINK will possess the option for multilateral communication, but states can decide to use it solely for bilateral communication. It will be apparent to states whether they are using bilateral or multilateral channels, should they choose to have both functions. Likewise, states will decide with whom they want to be able to communicate. It will also be up to state leaders to determine which leader is responsible for use of the CATALINK system, be that the President, the Prime Minister, or whoever is designated to have the prerogative of de-escalation negotiation.
If CATALINK is a multilateral system, can every country see every other country’s messages?
No. Via the physical key exchange as well as encryption, each leader using CATALINK will be able to select a recipient or recipients as they deem fit. No one other than the indicated recipients will be able to see a message. The multilateral functionality of CATALINK is optional; leaders can choose whether they send a message to one, two, or several counterparts.
Can CATALINK only be used in a nuclear crisis?
No. While the idea for CATALINK primarily has nuclear risk reduction in mind, there are a number of circumstances where traditional crisis communication channels might fail. CATALINK could be used in the event of natural disasters (floods, earthquakes, wildfires, solar flares, volcanic eruptions, etc.) or human-caused disasters (terrorist attacks, industrial accidents, oil spills, mass political violence, cyberattacks, etc.).
What are key exchanges and how do they work?
Key exchanges add an additional level of security and reliability to the messages exchanged between leaders using CATALINK, particularly to authenticate the identity of the leaders who are communicating. Physical key exchanges have been built into the design of CATALINK, such that no two leaders (or three, or four, etc) may be able to communicate without having exchanged encryption keys in-person during initial setup of the CATALINK system. The keys are made up of a series of characters that must be added before being able to send and receive messages with the relevant counterpart. This process is further detailed in CATALINK advisor Eric Grosse’s paper, “Hotline Cryptography.”
CATALINK Going Forward
What are the next steps for the CATALINK initiative?
The CATALINK initiative going forward will focus on 3 lines of effort: (1) furthering technical development and design; (2) diplomatic coalition building; and (3) increasing public understanding of the need for strategic and nuclear risk reduction.
Is CATALINK a commercial product?
No. The initiative aims to develop a design blueprint—a schematic for the CATALINK system—and then let nuclear-armed states adopt their own technical design and manufacture their own devices. States will also source their own materials for the devices, though IST may provide recommendations on best practices for manufacturing and security.
Does a prototype exist?
IST is in the process of developing a prototype Puck device and ROCCS network that the research team will demonstrate to stakeholders in government, industry, and civil society. The CATALINK team will also host a hackathon to pinpoint vulnerabilities in our existing prototype systems. In our commitment to transparency, all prototypical code for the system is open source and viewable on GitHub at any time.