Future of Digital Security

Examining the systemic security risks of societal dependence on digital technologies.

Stakeholders across the Internet want to improve its security. But no single entity coordinates efforts, implements sustainable cybersecurity, or addresses digital security market failures. IST unites key stakeholders across industry, government, and civil society to innovate new solutions, break down silos, and find effective new methods to advance digital security, including its work to counter the ransomware threat.

IST Initiatives (Current)

The Ransomware Task Force (RTF)

The Ransomware Task Force (RTF) combats the national security threat posed by the ransomware scourge with a cross-sector approach. In April 2021, the Ransomware Task Force launched its foundational report, “Combating Ransomware: A Comprehensive Framework for Action.” The product of over 60 experts, the effort provided 48 recommendations and advocated for a unified, aggressive, comprehensive, public-private anti-ransomware campaign. Three years on, 92% of the 48 RTF recommendations have seen some action, with 50% experiencing significant progress, including through legislation and policy adoption.

AI Foundation Model Access Initiative

As part of its mission to address complex security issues at the forefront of technological innovation, IST is leading an effort to study ways in which increased access to cutting-edge AI foundation models–across a gradient of access from fully closed to fully open–drives risk and enables opportunity. 

Generative Identity Initiative

The Generative Identity Initiative builds upon IST’s initial work through the Digital Cognition and Democracy Initiative, convening a working group to assess how generative AI stands to impact social cohesion and the protection of public interest in the face of these challenges. By fostering an informed, collaborative approach, IST aims to shape the future of GenAI in a way that prioritizes societal well-being, strengthens public trust, and ensures that the benefits of these innovations are widely and equitably shared.

Facial recognition technology to monitor the population on busy street

Applied Trust & Safety Initiative

As technology continues to advance in its capabilities and uses—and plays an increasing role in our lives–we must remain vigilant to the human risks that accompany it. IST in 2023 launched its Applied Trust & Safety Initiative, a long-term effort to ensure technology products and services are safe to use and capabilities such as AI are fully leveraged to address these challenges at scale.

6 layer neural network

Artificial Intelligence and Advanced Computing

IST is engaging deep technical expertise to assess the architectures, tools, opportunities, and risks at the intersection of AI and cybersecurity across national security applications. This work includes analysis of open source models, advanced technique proliferation, and intentional mapping of policy conversations to enable industry and government to effectively provide essential input.

Trust & Safety in Cloud Services

U.S. regulators in early 2024 proposed a rule that would require increased due diligence efforts by IaaS providers of their foreign customers to prevent and address abuse. As an alternative to its know-your-customer requirement, the rule would invite proposals for alternative countermeasures including a “consortium” approach among providers and potentially relevant government agencies. To help advance the development of creative alternatives, the Institute for Security and Technology (IST) in partnership with the Cyber Threat Alliance (CTA) is studying this topic with an aim to provide recommendations for how a consortium could be shaped to best accomplish the government’s overall objective of deterring abuse.

Open-Source Software Security Initiative

Open-source software is the structural building block for the digital infrastructure that supports the modern world. At IST, we believe it is of the utmost importance to develop an approach that anticipates vulnerabilities and other risks such as malicious code before they impact the entire Internet infrastructure.

Cyber Policy Awards

The Institute for Security and Technology (IST), in partnership with the U.S. Chamber of Commerce, is pleased to announce the 2nd annual edition of The Cyber Policy Awards—a gathering of the U.S. cyber policy community to honor and celebrate those who drove significant progress in 2024, and to make resolutions for the new year.

24 in ’24: Doubling Down on the Ransomware Task Force Recommendations

Three years after the original Ransomware Task Force report, ransomware remains a threat to businesses, schools, governments, and individuals. As of May 2023, 50% of the Ransomware Task Force’s original 48 recommendations have seen significant progress–but what about the other 24? On April 24, 2024, the Ransomware Task Force hosts an all-day gathering to zero in on those 24 recommendations.

The Implications of Artificial Intelligence in Cybersecurity: Shifting the Offense-Defense Balance
Advances in AI present key cybersecurity opportunities, but how might malicious actors utilize the same technology? IST’s latest report investigates the state of existing and potential integrations of AI in cybersecurity based on our research & interviews with industry stakeholders and puts forward 7 key recommendations to stay ahead.
June 2024 | Report

A Lifecycle Approach to AI Risk Reduction: Tackling the Risk of Malicious Use Amid Implications of Openness
This report introduces an AI Lifecycle Framework, which breaks down the complex process of AI development into seven distinct stages, and conducts a deep dive into malicious use—one of the risks identified in the December 2023 report as negatively influenced by an increased gradient of model openness.
June 2024 | Report

How Does Access Impact Risk: Assessing AI Foundation Model Risk Along a Gradient of Access
How does access to foundation models and their components impact the risk they pose to individuals, groups, and society?
December 2023 | Report

2022 RTF Global Ransomware Incident Map: Attacks continue worldwide, groups splinter, education sector hit hard
As we mark the third year of the Ransomware Task Force, we continue our efforts to map ransomware incidents worldwide. This year, we focus our efforts on understanding the forces driving changes in victimology and on tracking new trends in previously under-reported geographic areas.
October 2023 | NatSpecs Blog

Castles Built on Sand: Towards Securing the Open-Source Software Ecosystem
Recommendations to reduce the impact of vulnerabilities such as Log4j and prevent future vulnerabilities from arising.
April 2023 | Report

Mapping the Ransomware Payment Ecosystem: A Comprehensive Visualization of the Process and Participants
Central to mitigating the threat of ransomware is the development of a common understanding of the actors, stakeholders, processes, and information, both required for and produced during the ransomware payment process. Yet, when we began this work, such a picture did not exist. IST undertook this effort to fill that gap.
November 2022 | Report

RTF Report: Combating Ransomware
A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force
April 2021 | Report

RTF Progress Reports
As part of our ongoing mission to counter the ransomware threat, the Ransomware Task Force continually reflects on its original recommendations and monitors policy changes across industry and government. We engage with these findings openly, and work with our members to be agile in our ongoing recommendations.

Blueprint for Ransomware Defense
An Action Plan for Ransomware Mitigation, Response, and Recovery for Small- and Medium-sized Enterprises
August 2022 | Report

RTF Year Two: New Map; New Data: Same Mission
We estimate that in 2021 there were well over 4,000 documented ransomware incidents involving at least 60 ransomware “families,” impacting organizations in 109 countries.
July 2022 | NatSpecs Blog