Future of Digital Security

Examining the systemic security risks of societal dependence on digital technologies.

Stakeholders across the Internet want to improve its security. But no single entity coordinates efforts, implements sustainable cybersecurity, or addresses digital security market failures. IST unites key stakeholders across industry, government, and civil society to innovate new solutions, break down silos, and find effective new methods to advance digital security, including its work to counter the ransomware threat.

IST Initiatives (Current)

The Ransomware Task Force (RTF)

The Ransomware Task Force (RTF) combats the national security threat posed by the ransomware scourge with a cross-sector approach. In April 2021, the Ransomware Task Force launched its seminal report, “Combating Ransomware: A Comprehensive Framework for Action.” The product of over sixty (60) experts, the effort provided forty-eight (48) recommendations and advocated for a unified, aggressive, comprehensive, public-private anti-ransomware campaign. Within the first year, 88% of these recommendations saw some degree of implementation, with 25% experiencing significant progress, including among governments and industry. 

AI Foundation Model Access Initiative

As part of its mission to address complex security issues at the forefront of technological innovation, the Institute for Security and Technology (IST) is leading an effort to study ways in which increased access to cutting-edge AI foundation models–across a gradient of access from fully closed to fully open–drives risk and enables opportunity. 

Open-Source Software Security Initiative

Open-source software is the structural building block for the digital infrastructure that supports the modern world. At IST, we believe it is of the utmost importance to develop an approach that anticipates vulnerabilities and other risks such as malicious code before they impact the entire Internet infrastructure.

Facial recognition technology to monitor the population on busy street

Applied Trust & Safety Initiative

As technology continues to advance in its capabilities and uses—and plays an increasing role in our lives–we must remain vigilant to the human risks that accompany it. IST in 2023 launched its Applied Trust & Safety Initiative, a long-term effort to ensure technology products and services are safe to use and capabilities such as AI are fully leveraged to address these challenges at scale

6 layer neural network

Artificial Intelligence and Advanced Computing

IST is engaging deep technical expertise to assess the architectures, tools, opportunities, and risks at the intersection of AI and cybersecurity across national security applications. This work includes analysis of open source models, advanced technique proliferation, and intentional mapping of policy conversations to enable industry and government to effectively provide essential input.

Cyber Policy Awards

The Institute for Security and Technology (IST), in partnership with the Center for Cybersecurity Policy and Law, is pleased to announce the inaugural edition of The Cyber Policy Awards—an annual gathering of the U.S. cyber policy community to honor and celebrate those who drove significant progress in the preceding year, and to make resolutions for the new year.

24 in ’24: Doubling Down on the Ransomware Task Force Recommendations

Three years after the original Ransomware Task Force report, ransomware remains a threat to businesses, schools, governments, and individuals. As of May 2023, 50% of the Ransomware Task Force’s original 48 recommendations have seen significant progress–but what about the other 24? On April 24, 2024, the Ransomware Task Force hosts an all-day gathering to zero in on those 24 recommendations.

How Does Access Impact Risk: Assessing AI Foundation Model Risk Along a Gradient of Access
How does access to foundation models and their components impact the risk they pose to individuals, groups, and society?
December 2023 | Report

2022 RTF Global Ransomware Incident Map: Attacks continue worldwide, groups splinter, education sector hit hard
As we mark the third year of the Ransomware Task Force, we continue our efforts to map ransomware incidents worldwide. This year, we focus our efforts on understanding the forces driving changes in victimology and on tracking new trends in previously under-reported geographic areas.
October 2023 | NatSpecs Blog

Castles Built on Sand: Towards Securing the Open-Source Software Ecosystem
Recommendations to reduce the impact of vulnerabilities such as Log4j and prevent future vulnerabilities from arising.
April 2023 | Report

Mapping the Ransomware Payment Ecosystem: A Comprehensive Visualization of the Process and Participants
Central to mitigating the threat of ransomware is the development of a common understanding of the actors, stakeholders, processes, and information, both required for and produced during the ransomware payment process. Yet, when we began this work, such a picture did not exist. IST undertook this effort to fill that gap.
November 2022 | Report

RTF Report: Combating Ransomware
A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force
April 2021 | Report

RTF Progress Reports
As part of our ongoing mission to counter the ransomware threat, the Ransomware Task Force continually reflects on its original recommendations and monitors policy changes across industry and government. We engage with these findings openly, and work with our members to be agile in our ongoing recommendations.

Blueprint for Ransomware Defense
An Action Plan for Ransomware Mitigation, Response, and Recovery for Small- and Medium-sized Enterprises
August 2022 | Report

RTF Year Two: New Map; New Data: Same Mission
We estimate that in 2021 there were well over 4,000 documented ransomware incidents involving at least 60 ransomware “families,” impacting organizations in 109 countries.
July 2022 | NatSpecs Blog