Improving Nuclear Hotlines: Experts Speak
July 18, 2024 at 10 am ET / 7 am PT
In June, IST released a series of reports on nuclear crisis communications titled Improving Nuclear Hotlines: Relevance and Use Cases. These reports sought to answer the question: when or at what point in time, before or during a crisis, would states want to use a multilateral or bilateral crisis communications mechanism? On Thursday, July 18, at 7 am PT / 10 am ET, IST’s Deputy Director of Nuclear Policy Sylvia Mishra moderated a virtual conversation with report authors Dr. Manpreet Sethi, Dr. Rabia Akhtar, Dmitry Stefanovich, and Daniil Zhukov. IST Technology Policy Analyst Christian Steins began the webinar with an introduction to the CATALINK Initative.
AI Risk Busters: A lifecycle approach to AI risk reduction
June 17, 2024 at 2 pm ET / 11 am PT
The rapid advancement and proliferation of AI technologies has brought forth myriad opportunities and challenges, leading to a flurry of regulatory activities in the United States, United Kingdom, European Union, and beyond. But what risks, precisely, are they correcting for? And what mitigation strategies might be effective?
The Institute for Security and Technology (IST) in December sought to answer the first question in its seminal report entitled, How Does Access Impact Risk? Assessing AI Foundation Model Risk Along a Gradient of Access. In its latest report, entitled A Lifecycle Approach to AI Risk Reduction: Tackling the Risk of Malicious Use Amid Implications of Openness, IST and its multi-stakeholder working group takes on one of the six identified risk categories—malicious use—and proposes mitigation strategies mapped to the appropriate phases of the AI lifecycle.
On Monday, June 17, IST Senior Associate for AI Security Policy Mariami Tkeshelashvili moderated a conversation with panelists IST AI Policy Associate and report author Louie Kangeter, Brookings Instition fellow Valerie Wirtschafter, Executive Director of the Stanford Center for AI Safety Duncan Eddy, and Osavul CMO Andrew Bevz. IST Chief Trust Officer Steve Kelly kicked off the webinar with an introduction to the AI Foundation Model Access Initiative and IST’s latest report.
Building Trust & Safety into AI-Enabled Consumer Products and Services Roundtable
May 7, 2024 at 10:00-11:30 am ET
SCSP AI Expo for National Competitiveness
Room 207B
On May 7, as a special side event at the SCSP AI Expo for National Competitiveness, Chief Trust Officer Steve Kelly moderated a roundtable with Philip Dawson (Armilla AI), Rehan Ehsan (Samsung Electronics), Ani Gevorkian (Microsoft), Jamil Jaffer (Paladin Capital Group), Angela McKay (Google), Philip Reiner (Institute for Security and Technology), Var Shankar (Responsible AI Institute), Govind Shivkumar (Omidyar Network), Belle Torek (Human Rights Campaign), Lauren Wagner (Responsible Innovation Labs), Dave Willner (Stanford University).
Ransomware Roundup: The Latest on Cyber AtTax
April 15, 2024 at 8 am PT / 11 am ET
On Monday, April 15, adjunct advisors and members of the Ransomware Task Force Jen Ellis, Allan Liska, Jason Kikta, Marc Rogers, and Silas Cutler hosted a popup webinar on the latest in ransomware news. What is going on with the Change Healthcare data breach? What latest TTPs are ransomware actors leveraging? How might increased information sharing brought about by CIRCIA impact our understanding of the ransomware ecosystem?
Unpacking a Potential Ban on Ransom Payments: Implications, Alternatives, and What’s Next
February 15, 2024 at 11 am ET / 8 am PT
Ransomware continues to threaten organizations, governments, schools, and even lives. Ransomware actors are primarily profit-motivated. Would a ban meaningfully decrease payments, and if so, would criminals shift away from this tactic?
On Thursday, February 15, IST Chief Strategy Officer Megan Stifel moderated a panel with Allan Liska, Intelligence Analyst at Recorded Future; Sezaneh Seymour, VP and Head of Regulatory Risk and Policy at Coalition; Bill Siegel, CEO and Co-Founder of Coveware; and Rob Knake, Head of Strategy at ActZero. The discussion assessed the ecosystem’s level of preparedness for a ban, unpacked the implications of a ban across industries–including insurance, finance, cybersecurity, and the public sector–and discussed what comes next.
In 2021, the Ransomware Task Force did not recommend a prohibition on paying ransoms. Every RTF working group raised prohibitions on ransom payments as a potential concept, demonstrating its widespread interest–and increasingly pressing nature. However, each group also discussed downsides of a payment ban, including concerns regarding its near-term impact on victims given the relatively low state of resilience across the ecosystem, as well as the potential impact on voluntary incident reporting. In light of continued interest in a government ban of private sector ransom payments, the RTF Co-Chairs have developed a phased approach to potentially reach payment prohibition, with 15 milestones marking progress in ecosystem preparedness, deterrence, disruption, and response.
Would a ban be effective? What other policy steps should accompany a ban? How many of the milestones identified by the RTF have seen significant progress since 2021?
Money Moves: Tech Investment and U.S.-China Relations
October 24, 2023 at 1 pm PT / 4 pm ET
Many people recognize “Silicon Valley” as a technological hotbed, but few understand how tech companies are funded. How much money is required? Who provides the capital? And what information, rights, or other benefits do funders receive in exchange for their support? We are living through an industrial revolution defined by rapid, simultaneous advances in emerging technologies that can serve both military and civilian applications. As such, there is heightened interest in understanding who has access to the technology and by what means.
In the past decade, Chinese capital has flooded U.S. and global technology ecosystems at record levels–buoyed by massive currency reserves and determined Chinese government leadership. For example, in 2015, Chinese sources of venture capital accounted for 16% of all venture deals in the U.S. Since 2018, U.S. policymakers have introduced legislation and executive actions to hone in on vectors for technology transfer to the People’s Republic of China.
On October 24, Michael Brown, Partner at Shield Capital and former Ambassador Craig Allen, President of the U.S.-China Business Council, sat in conversation with IST Advisor Pavneet Singh to discuss the role of investment in the technology competition between the U.S. and China. Vice President for Geostrategic Risk Ben Purser kicked off the discussion with an introduction to IST’s Strategic Balancing Initiative.
What is the concern for U.S. policymakers about Chinese investment in U.S. early stage technology companies? What were the effects of the Foreign Investment Risk Review Modernization Act on Chinese investment? How are U.S. companies faring in the Chinese market? And is the U.S. equipped to compete in the economic and financial domain?
Ransomware Roundup: LockBit, Payment Bans, and Trends
August 23, 2023 at 10 am PT / 1 pm ET
On Wednesday, August 23 at 10 am PT / 1 pm ET, IST adjunct advisors and members of the Ransomware Task Force, Jen Ellis, Marc Rogers, Jason Kikta, and Silas Cutler hosted a popup webinar on the latest ransomware news.
Lots has been going on in the world of ransomware.
Jon DiMaggio published a report this month on LockBit that suggests the once aggressive ransomware gang is faltering: failing to publish and leak victim data, losing affiliates, and even possibly dealing with compromised infrastructure. What should we make of this news? Is LockBit truly out, and what does this mean for the larger ransomware ecosystem?
Meanwhile, discussion around ransomware payment bans continues to proliferate, with the U.S. and Australia both reportedly considering a ban. As Anne Neuberger suggested during IST’s May Ransomware Task Force anniversary event, a ban might include a waiver that could allow the entity to pay if they are delivering critical services. How might such a waiver be carried out in practice? And would it even be feasible? After all, according to stats from ecrime.ch, 1,299 known victims have been hit by a ransomware attack in the United States between January 1 and August 15. But counting all of the federal work days up to August 15, waiver adjudication would have needed to process an average of 8.3 victims per day–not considering attack ebbs and flows, which may further complicate the process.
Lastly, the Ransomware Task Force published its May 2023 progress report, citing significant change across the ransomware landscape. What has been happening in the months since? What should we make of the reports of ransomware on the rise?
Castles Built on Sand: Digging into the Foundation | Towards Securing the Open-Source Software Ecosystem
July 18, 2023 at 12 pm PT / 3 pm ET
Open-source software is critical infrastructure: many of the devices, applications, services, and appliances that permeate our everyday lives run on open-source code. It is also a key driver of innovation: rather than spending hours rebuilding the same foundational codebases, developers can devote precious time to new, cutting-edge aspects of their work.
Yet open-source software is also vulnerable to security risks. In Castles Built on Sand, Zoë Brammer, Silas Cutler, Marc Rogers, and Megan Stifel put forward a series of recommendations to address these vulnerabilities, including shifting open-source software security to a shared responsibility model to distribute the responsibility of securing and maintaining open-source software more evenly, redoubling support for existing secure software development frameworks, policies, and licenses, and reexamining approaches to vulnerability management and mitigation to ensure they account for open-source software.
On July 18, Politico’s John Sakellariadis moderated a conversation with report authors to dig into the foundation of our recommendations to secure the open-source software ecosystem.
How were these recommendations developed, and who played a role in the process? What exactly are the recommendations? What do they mean and what does implementation look like? If these recommendations are successful, what could be the impact on future open-source vulnerabilities, and how might these recommendations help to mitigate such a risk?
Ransomware Task Force: Gaining Ground
Friday, May 5, 2023, 10:00 am – 4:30 pm ET
Ransomware remains a dire threat to businesses, schools, hospitals, individuals, and nations alike. Two years after publishing its groundbreaking report with recommendations to combat the threat of ransomware, the Ransomware Task Force is more active and more prolific than ever, deepening engagement in lines of effort and finding new ways to tackle the problem.
On May 5, 2023, we hosted a day of reflections on the current status of the ransomware threat, the Ransomware Task Force’s efforts, and what’s to come.
During this special event, we were joined by our industry, government, and civil society partners to discuss the ransomware data ecosystem, unpack the drivers behind the illicit crypto ecosystem, dive into the ransomware element of the Russian invasion of Ukraine, and highlight global efforts to tackle ransomware.
Panels also highlighted the Ransomware Task Force’s ongoing work, including efforts to drive international and domestic counter ransomware collaboration, bolster cyber civil defense, prepare small and medium-sized enterprises, and facilitate effective operational collaboration.
In tandem with the event, we released our May 2023 Progress Report, an overview of progress against the original 48 Ransomware Task Force recommendations. In it, we walk readers through the RTF’s second year, acknowledging tremendous shifts in the ecosystem, especially in light of the war in Ukraine, and highlights key areas of progress.
Under Control: How technology is shaping DoD’s approach to autonomous weapons
Averting Catastrophe: Walking the Talk on Nuclear Risk Reduction and Crisis Communications
Although most states agree that the need for nuclear risk reduction is more urgent than ever, the pathways to peace are elusive. On this panel, we explored some of the tangible risk reduction measures that states can adopt. How can states build greater transparency and predictability to prevent or manage crises when prevention fails? What are the Chinese and Russian perspectives on nuclear risks, and how can American policymakers avoid misperceptions, miscalculations, and inadvertent escalation?
The Institute for Security and Technology (IST) hosted a conversation about these issues with Dr. Tong Zhao, Visiting Research Scholar in the Program on Science and Global Security at Princeton University; Dr. Todd Sechser, Professor of Politics and Public Policy at the University of Virginia; and Dmitry Stefanovich, Research Fellow at the Primakov Institute of World Economy and International Relations, moderated by Leah Walker, Senior Defense Associate at IST.
Webinar Series: Blueprint for Ransomware Defense
About the series:
Small and medium-sized businesses (SMBs) have recently been given a tremendous opportunity to ease the process of protecting themselves against the scourge of ransomware by following guidance offered by the Blueprint for Ransomware Defense, released by the Ransomware Task Force (RTF) on August 4th, 2022. The Blueprint provides 40 foundational and actionable Safeguards, intended to be recommendations of defensive actions that SMBs can take to guard against and respond to ransomware, as well as other cyberattacks.
Join members of the Blueprint for Ransomware Defense Working Group, along with a collection of invited cybersecurity experts, for this 5-part webinar series where they’ll guide users and implementation specialists through the Blueprint’s various Safeguards. The sessions will add depth to why each Safeguard was selected, best practices for planning and implementation, as well as discussion on available tools to help.
Webinar 1: Foundational Safeguards
Tips and tricks for building your cybersecurity foundation
Foundational Safeguards are the building blocks necessary to establishing an enterprise’s cyber security program. How can you use them to level up your enterprise’s protections?
On October 25, 2022 at 1 pm ET, Aaron McIntosh (ActZero), Davis Hake (Resilience), Ken Jenkins (SecurityScorecard), and Phyllis Lee (CIS) discussed the set of practices an enterprise must implement in order to effectively understand their environment, their users, and their vulnerabilities.
Webinar 2: Foundational Safeguards
Building resilience in the face of a ransomware attack
If a ransomware attack should occur, are you prepared to respond?
On November 1, 2022 at 1:00 pm ET, Valecia Stocchetti (CIS), Adam Mansour (ActZero), John Banghart (Venable), and Davis Hake (Resilience) discussed best practices for incident reporting processes, cyber hygiene, foundations of data recovery, and the importance of log management processes.
Webinar 3: Actionable Safeguards
Protecting your organization from access control gaps, misconfigurations, and outdated software
Now that you’ve inventoried your assets and built a strong foundation for protecting your devices, network, and people, it’s time to add the next layer of Safeguards. What are the recommended actionable Safeguards to block a ransomware attack and how can they be implemented?
On November 9, 2022 at 10 am ET, Karen Evans (Cyber Readiness Institute), Josh Franklin (CIS), Shehzad Mirza (CyberWA), and Brian Cute (GCA) discussed the set of practices an enterprise must implement in order to effectively manage devices and the people who use them.
Webinar 4: Actionable Safeguards
Containing and recovering from ransomware attacks
After a ransomware attack occurs, what comes next? Our 4th webinar seeks to help you get your business back up and running quickly in the aftermath of an attack.
On November 15, 2022 at 1 pm ET, Daniel Cuthbert (Banco Santander), Deborah (Debbi) Blyth (Crowdstrike), Adnan Baykal (CyberWA), and Valecia Stocchetti (CIS) reviewed how to test and optimize incident reporting processes, who to contact should an incident occur, how to collect and store logs, and how to optimize data recovery.
Webinar 5: Cyber Resilience and Insurance Innovation
With the rise in volume and sophistication of ransomware, insurance companies and their insureds struggle with how to respond. This has driven new underwriting requirements and price changes but also innovation.
On November 30, 2022, Monica Shokrai (Google), Davis Hake (Resilience), Prashant Pai (SecurityScorecard), and John Banghart (Venable LLP) discussed current trends in the cyber insurance space, how the Blueprint can prepare your organization for your next renewal, and how innovation in the market is driving cyber resilience for insureds and smarter underwriting by carriers.
Securing Data Flows: The Importance of an EU-U.S. Agreement on Data Transfers
Examining the Executive Order to Implement the EU-U.S. Data Privacy Framework
October 19, 2022 | 11:00 am ET
Since the July 2020 decision of the European Court of Justice, European concerns about U.S. surveillance have hindered transatlantic data flows. Join us to discuss the legal instruments, types of safeguards incorporated, and the implications of the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, signed on October 7, 2022.
In a conversation moderated by IST’s Megan Stifel, David Kris, founder at Culper Partners LLC, Anitha Ibrahim, Senior Manager for Cybersecurity & Data Protection Policy at Amazon Web Services, and Peter Swire, professor in the School of Cybersecurity and Privacy at the Georgia Institute of Technology, unpacked the new Executive Order and its impact on EU-U.S. data flows.
This event was sponsored by Meta.
Special event:
Combating Ransomware: A Year of Action
Reflections on the Ransomware Task Force’s first year
Hacking in Plain Sight: Offensive Cyber Operations in the Russo-Ukrainian War
May 11, 2022 | 10:00am PT
When Russia invaded Ukraine, much was said about the perceived lack of cyber operations being used in the early part of the war. However, offensive cyber campaigns have indeed been key components of the ongoing conflict, and are important to investigate and understand.
Join the Army Cyber Institute’s Erica D. Lonergan, Stairwell’s Silas Cutler, Okta’s Marc Rogers, and IST’s Megan Stifel for a conversation about the range of cyber operations seen in the Russo-Ukrainian war, how each country responded, the implications for both countries, and what we can learn when it comes to modern cyber operations in wartime.
Russia’s AI Disconnect
The War in Ukraine and the Looming Collapse of Russia’s AI Industry
Join Sam Bendett and Rita Konaev for a discussion with IST’s Leah Walker on the effects of the Russo-Ukrainian war on Russia’s commercial and military AI industry and what the future holds for the sector.
Iran, the JCPOA, and Holding Back a Breakout
Join IST’s Leah Walker, International Crisis Group’s Ali Vaez, and the European Leadership Network’s Sahil Shah as they examine the current state of the Iranian nuclear program and discuss how negotiations have been progressing, reflecting on both the successes and failures of transatlantic policy towards Iran to date—and what’s to come in the decade ahead.
North Korea, Testing, and the Failures of Containment
Nuclear Proliferation in the 2020s Event #2
March 15, 2022 | 12:30pm PT
North Korea is undeniably a nuclear weapons power, having repeatedly demonstrated both its explosive technology and delivery systems—so what is Pyongyang trying to achieve with ongoing tests and provocations? With existential security seemingly on the line, is continued proliferation a give-in, or can new diplomatic approaches be found? And what can be expected in the decade to come?
Join IST’s Leah Walker for a conversation about the world’s most inflammatory nuclear state with Philip Yun, President and CEO of the World Affairs Council of Northern California, and Ankit Panda, Stanton Senior Fellow in the Nuclear Policy Program at the Carnegie Endowment.
Hedges, Technology, & the Future of Proliferation
Nuclear Proliferation in the 2020s Event #1
February 15, 2022 | 11:00am PT
When states seek to bolster their own security, they often consider some degree of nuclear weapons development along the way. More than just “sprinting for a bomb,” states have many paths and degrees of proliferation options available to them.
As a central force in informing and enabling those options, technology holds a special role in nuclear proliferation. Whether it’s advanced engineering technologies that enable a faster or quieter development process, or the digital technologies that support a more theoretical “hedging” approach, leaders should take special note of how available and emerging technologies shape the proliferation landscape.
In his new book, Seeking the Bomb, MIT’s Vipin Narang breaks down these various options and pathways toward nuclear-backed security.
Join IST’s Leah Walker for a incisive look at Dr. Narang’s findings, the role of technology, and looking ahead at the future of nuclear proliferation.
Building for a Tech “Year of Action”
Reflections on The Summit for Democracy and Paths Forward
Tuesday, December 14, 2021 | 11:00am PT
A centerpiece of the Biden administration’s focus on “renewing democracy in the United States and around the world,” the first-ever Summit for Democracy convened government, civil society, and private sector leaders for two agenda-setting days. A major goal of the summit: to kick off a “year of action and consultation” meant to put the pledged commitments into motion before the second Summit takes place.
But when it comes to technology’s role in democracy, what actions can be taken in the year ahead?
How do we ensure that internet freedom aligns with democratic norms and human rights as we collectively push back on digital authoritarianism? How do we build on existing investments to address information manipulation and hate speech, while addressing privacy? How does tech serve the Global South and marginalized communities?
Join IST’s Vera Zakem for a timely post-Summit conversation with Twitter’s Nick Pickles, NDI’s Moira Whelan, and the Atlantic Council’s Rose Jackson on what can be built for the “year of action.”
Intervention or Cooperation?
The Roles for Military and Law Enforcement in Combating Ransomware
Wednesday, December 15, 2021 | 12:00pm PT
Ransomware may be the most visible cybersecurity crisis of the moment, but it’s just one aspect of a broader national security threat landscape. As the pressure builds for greater government-led responses to cyber threats, the Biden Administration has reportedly opted to lean heavily on U.S. Cyber Command.
USCYBERCOM is one element of a comprehensive and diverse whole-of-government approach to cyber threats. As the United States looks to build and fund an effective toolbox of public-private collaboration on cybersecurity risk management, we’ll take a closer look at the role of law enforcement and military authorities in managing the ransomware threat.
The threat landscape is generally known, the cybersecurity best practices are well established though not widely implemented. But what are the rules of engagement for law enforcement and the military in preparing for and responding to threat actors operating overseas, often in jurisdictions that lack the political will to effectively address these actors? What’s at stake in blending these tools and how do and should we work with allies or even adversarial countries in combating ransomware?
Join IST’s Megan Stifel for a conversation with Lauren Zabierek, Gavin Wilde, Gary Corn, and Dmitri Alperovitch on law enforcement and the military’s role in combating national-scale cyber threats.
Addressing the “Valley of Death”
Defense Technology Innovation & The Pentagon Acquisition Landscape
November 9, 2021 | 8:30am PT
Watch the full event:
The United States is in the midst of a technological arms race. As China pursues a strategy of ‘military-civil fusion’ and Russia advances its asymmetric capabilities, the U.S. needs a new defense innovation strategy to keep from falling behind its great power competitors.
One of the key challenges facing the Department of Defense is the “valley of death,” explained by Michèle Flournoy as the gap between a successful prototype and the Pentagon’s ability to support it, fund it, and expand its production at scale within a reasonable timeframe.
How can Congress, using its power of appropriations, work to bridge this gap? What has already been done to increase cooperation between the tech sector and the DoD? What are some of the challenges facing attempts to integrate emerging technologies into the military? What is Congress’ role in encouraging U.S. defense innovation in the age of great power competition?
Join IST and the The Alliance for Commercial Technology in Government for a key discussion on the “valley of death,” defense technology innovation & the pentagon acquisition landscape.
11:30am ET
Introduction by DIU Director Mike Brown in conversation with IST CEO Philip Reiner
12:00pm ET
Panel discussion moderated by Raj Shah, Hoover Visiting Fellow, with:
David Vorland, Executive Director for The Alliance for Commercial Technology in Government
Charlotte Savercool, Senior Director of Government Affairs at the National Venture Capital Association
Meagan Metzger, Founder and CEO, Dcode
Cyber Threats and Nuclear Weapons
A Conversation with Dr. Herb Lin
November 4, 2021 | 1:30 pm PT
Even nuclear weapons are not sheltered from the vulnerabilities of the information age. As almost every aspect of America’s nuclear force management is increasingly dependent on information technology, cyber threats have become an undeniable challenge to NC3.
In his new book, Dr. Herb Lin presents a monumental and foundational body of work, detailing and cataloguing the numerous ways existing and emerging cyber threats jeopardize the security of NC3 systems broadly, and the American NC3 enterprise in particular. Dr. Lin will answer questions about how to better protect the American nuclear arsenal from cyber threats, the flaws in existing nuclear enterprise cybersecurity, the role that nuclear modernization has played in expanding the threat surface, and how new emerging capabilities fit in this complex web of weaponry and vulnerability.
Join IST as CEO Philip Reiner holds a public conversation with Dr. Lin about his book, the latest happenings with American NC3, and what it will take to imagine—and prepare for—a new generation of risks to nuclear weapons.
Speakers:
Herbert Lin – Senior Research Scholar at the Center for International Security and Cooperation; Hank J. Holland Fellow in Cyber Policy and Security, Hoover Institution
Philip Reiner – CEO, Institute for Security and Technology
Prioritizing Hospital Cybersecurity
October 20, 2021 | 12:00 pm PT
Ransomware attacks on hospitals spiked during the pandemic, causing massive disruption to healthcare organizations at a time when they were strained by unprecedented patient demands. Cyberattacks threaten to compromise patient care and private data, yet cybersecurity remains under-prioritized by many hospitals and clinics.
Why are healthcare organizations such vulnerable targets, and how can they increase their cyber-readiness?
Experts in healthcare cybersecurity will provide an overview of the specific cyber challenges facing hospitals today, why hospitals are such attractive targets for cybercriminals, and what measures will be needed to overcome institutional barriers and develop hospital cyber programs that are more resilient against aggressive cyberattacks.
Panel speakers:
Jessica Wilkerson (moderator) – Senior Cyber Policy Advisor, Office of Strategic Partnerships and Technology Innovation, Center for Devices and Radiological Health, U.S. Food and Drug Administration
Stephanie Domas – Director of Security Strategy and Communications, Intel Corporation
Christian Dameff – Medical Director of Cybersecurity, University of California San Diego
Lisa Young – Vice President of Cyber Risk, Axio Global
This event is presented as part of CyberWeek 2021
Centering Cyber Biosecurity
October 13, 2021 | 11:00 am PT
Watch the full event:
Biotechnology has become increasingly reliant on digitization and automation in the past decade, creating new cyber vulnerabilities in biological research processes. Network data systems, laboratory equipment, or engineering controls are vulnerable to attack, which could result in environmental contamination or even threaten human health.
This panel will convene experts in cyber biosecurity, an emerging discipline that seeks to identify and mitigate these new risks. What are the potential public health and national security consequences of cyber biosecurity-related threats?
Panel speakers:
Eleonore Pauwels – Senior Fellow, Global Center on Cooperative Security
Nina Alli – Executive Director, Biohacking Village
Steve Lewis (moderator) – Senior Product Manager, Gene Synthesis & Synthetic Biology, Thermo Fisher Scientific
Host:
Leah Walker, Defense Technology Research Analyst, Institute for Security and Technology
Detangling Nuclear Command and Control
CJCS Milley, Sole Authority, and the Future of American NC2
October 5, 2021 | 12:00 pm PT
Watch the full event:
September’s revelations about CJCS Milley’s actions in the days following the January 6 attack on the Capitol reignited the debate about American nuclear command and control, and renewed questions about the President’s sole authority to launch nuclear weapons:
What is the state of NC2 in the US?
What are the implications of Milley’s action within the known chain of command?
Is there room for legal review and democratic accountability when it comes to nuclear command authorization?
What can come next?
Moderator Loren DeJonge Schulman is joined by Professor Alex Wellerstein, former STRATCOM Staff Judge Advocate Mike Smidt, and Congressional Research Service’s Amy Woolf to help set the record straight and answer key questions in this open conversation.
To Pay A Ransom: Costs and Ethics of Paying Ransomware Demands
August 25, 2021 | 8:30 am PT
When Colonial Pipeline’s systems were hacked, the company decided to pay a ransom of $4.4 million in exchange for a decryption tool to restore their network. The Colonial Pipeline Company is one of many ransomware victims who have chosen to pay ransom demands; in 2020, per Chainalysis, targets of attacks paid an estimated $350 million, up 311% from the previous year.
While some argue that paying ransom only encourages further criminal activity and boosts the profit incentive, others contend that in the moment, payment may be the only way to avoid costly disruptions to business, the shutdown of essential services, or the release of sensitive information. This event will explore the debate on payment of ransoms. Should paying ransoms be prohibited entirely? When faced with an attack, what should victims do? What considerations should victims of ransom attacks weigh when deciding whether or not to pay? And lastly, what should the private sector and government do in order to disrupt the “ransomware as a service” business model?
Jen Ellis, Vice President of Community and Public Affairs, Rapid7
Ari Schwartz, Managing Director of Cybersecurity Services and Policy, Venable
Josephine Wolff, Associate Professor of Cybersecurity Policy, Fletcher School at Tufts University
Moderated by Michael Daniel, President & CEO, Cyber Threat Alliance
This one-hour live virtual event and Q&A took place on Wednesday, August 25 at 8:30 am PT / 10:30 am CT / 11:30 am ET. This event was open to the public.
A Better Future: Empowering Women In Technology and National Security
Women make immense contributions and provide daily leadership within national security and technology across the public, private and civil society sectors. However, there is still work to be done to ensure that women are empowered, have a seat at the decision-making table, and are provided opportunities for upward mobility. IST has the pleasure to welcome the following speakers who have been leading efforts to empower women and increase diversity at the intersection of these fields.
Congresswoman Robin Kelly (IL-2)
Lauren Buitta, Founder and CEO, Girl Security
Camille Stewart, Global Head of Product Security Strategy, Google
Alexa Wehsener, Research and Operations Manager, IST
Moderated by Vera Zakem, Senior Technology and Policy Advisor, IST
This one-hour live virtual event and Q&A took place on Tuesday, June 22 at 0800 PDT / 1000 CT/ 1100 EDT and was open to the public.
IST StratTech
StratTech, IST’s inaugural conference, examined novel, radical, and strategic approaches to the wicked problems facing the diagonals through which security and technology intersect. IST is committed to being a convener, bringing together government, industry, and civil society leaders and practitioners to better understand and advance solutions to the world’s toughest security challenges.
Ransomware is one of society’s most pervasive threats and poses a critical risk to both national and global security. This destructive cybercrime, which results in staggering financial losses and puts human life at risk, will need commitment from every level of government and private industry to mitigate this evolving threat.
The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, civil society, and international organizations who have joined IST’s Ransomware Task Force (RTF) — will deliver a comprehensive framework to combat ransomware on Thursday, April 29. At 10 AM PT/1 PM ET. This online event will feature:
A Keynote from the Honorable Alejandro N. Mayorkas, U.S. Secretary of Homeland Security
Recommendations — A variety of engagements with the RTF Co-Chairs to delve into the challenges posed by the ransomware threat and the comprehensive framework:
Retired U.S. Army Major General John A. Davis, Vice President of Public Sector, Palo Alto Networks
Megan Stifel, Executive Director, Americas, Global Cyber Alliance
Michael Phillips, Chief Claims Officer, Resilience Insurance
Kemba Walden, Assistant General Counsel, Microsoft Digital Crimes Unit
Chris Painter, President, Global Forum on Cyber Expertise Foundation
Jen Ellis, Vice President of Community and Public Affairs, Rapid7
Michael Daniel, President & CEO, Cyber Threat Alliance
Philip Reiner, CEO, Institute for Security and Technology
Join us on Thursday, April 29th, 2021. Register now to save the date for this important conversation.
Balancing Global Innovation and Tech Dominance
Since the end of the last century, America has been the dominant global tech and innovation leader. For the first time in decades, that position is being challenged. In an era of lightning-fast scientific discovery and unprecedented technological innovation, with rising powers and new markets, how can the US better center itself for the coming tech and innovation competitions? What can Silicon Valley do to better position itself and maintain its importance and position as the center for innovation of the world? How can the US government help American tech stay dominant? What are the threats to US tech dominance and how can those be overcome?
For our panel discussion, we are pleased to welcome:
Dr. Sarah Sewall, Executive Vice President for Policy, In-Q-Tel.
Dr. Kori Schake, Director of Foreign and Defense Policy Studies, American Enterprise Institute (AEI)
Dr. Bilal Zuberi, Partner, Lux Capital
Moderated by Will Knight, Senior Writer, WIRED
This one-hour live virtual event and Q&A will take place on Wednesday, April 14 at 1100 PDT/ 1400 EDT.
Ransoms Without Borders: Attribution and Accountability With International Ransomware Threat Actors and Safe Havens
Modern financial crimes like ransomware present novel challenges for attribution and remediation. Where a bank robbery has a clear time, place, and set of actors, a ransomware attack may utilize infrastructure in neighboring countries, and involve threat actors that reside across the globe. So how can we address ransomware as a cross-border crime? This panel will discuss questions of attribution and accountability with international ransomware threat actors and the so-called “safe havens” where they avoid scrutiny, and explore possible interventions, both diplomatic and operational, to mitigate the growing ransomware threat.
For our panel discussion, we are pleased to welcome:
Jaya Baloo, Chief Information Security Officer (CISO) at Avast Software
Philipp Amann, Head of Strategy European Cybercrime Center (EC3), Europol
Josephine Wolff, Assistant Professor of Cybersecurity Policy, Tufts University
Moderated by Christopher Painter, President, Global Forum on Cyber Expertise Foundation
This one-hour live virtual event and Q&A took place on Thursday, March 25 at 1100 PDT/ 1400 EDT and was open to the public.
JADC2: The Complexity of Military Capabilities
As military capabilities continue to grow in complexity, so will the challenge to ensure their resilience. The Department of Defense is seeking to connect sensors from all four services under one network, in what is called JADC2 (Joint All-Domain Command and Control). The initiative is certainly not without criticism, but development, field testing, and deployment efforts continue to move forward as part of the solutions deemed necessary for dealing with increased great power competition in the early 21st century. While the US military is going full steam ahead with JADC2, there are lingering questions about the resilience, security, and potential vulnerabilities of such a vastly complex system of systems.
Is such a complex web of networks the solution to ensuring American military success in the 21st century? Systems and computer science experts state that complexity is the enemy of security, so with this in mind, what are the lessons for militaries looking to gain an advantage from machine learning and artificial intelligence, via massively networked and automated warfare? Even now, Russia, China, and other “insurgents” are able to circumvent the complexity of Western military systems through “grey zone” operations — yet our response is to create ever more complex systems. Are we building the right solutions to the problems we face?
For our panel discussion, we are pleased to welcome:
Jennifer McArdle, Product Strategist, Improbable and Adjunct Senior Fellow, CNAS
Mark Seip, Director for Strategic Development at MITRE’s Center for Technology and National Security, and Adjunct Assistant Professor, Georgetown University
Michael Madsen, Deputy Director and Director of Strategic Engagement at the Defense Innovation Unit (DIU).
Moderated by Heather J. Richman, Founder, Defense Investor Network
This one-hour live virtual event and Q&A took place on Wednesday, March 3 at 1100 PST/ 1400 EST and was open to the public.
Cut Off The Cash: Cryptocurrency and Ransomware Payments
Ransomware is a cybercrime unique in its motivations; threat actors overwhelmingly use it as a tool for financial gain. These actors consistently demand ransom payments in cryptocurrencies, obscuring the ransom payment process and moving it to the digital domain. But how reliant is the success of ransomware on the use of cryptocurrency, and how anonymous are these coins? Our panel of experts will discuss this interaction, analyze elements of this process that help or hinder tracking ransomware payments, and identify possible avenues for intervention.
We are pleased to welcome:
Pamela Clegg, CipherTrace
John Kothanek, Coinbase
Don Spies, Chainalysis
SSA Joel Decapua, Federal Bureau of Investigation (FBI)
Moderated by Neil Jenkins, Cyber Threat Alliance
This one-hour live virtual event and Q&A took place on Thursday, February 25 at 1100 PST/ 1400 EST and was open to the public.
Building Citizen Resilience To Combat Disinformation
The existence of disinformation, conspiracy theories, the growth of online extremism, the role of social media, and the pace at which we consume information, presents enormous challenges to our democratic institutions and processes. Understanding that there is a human element in how disinformation attackers target citizens and how these citizens consume media, new tools are needed for citizens and the next generation to effectively discern everything from inaccurate information to manipulative sources. A key element to addressing challenges posed by disinformation is building resilient democratic societies through essential components including digital literacy and cyber education. IST invites you for this panel discussion to discuss the need for cyber citizenship initiatives as measures to counter disinformation.
We are pleased to welcome:
Kristin Lord, President and CEO, IREX
Lauren Buitta, Founder and CEO, Girl Security
Peter W. Singer, Strategist, New America
Olya Gurevich, Co-founder & Chief Scientist, Marvelous AI
Moderated by Vera Zakem, Senior Technology and Policy Advisor, IST
This one-hour live virtual event and Q&A will take place on Wednesday, February 10 at 1100 PST/ 1400 EST and is open to the public. This event will be hosted on our website at www.securityandtechnology.org. We encourage you to submit your questions via Eventbrite Registration or direct message us with your questions on any social platform before or during the event.
Debate: After SolarWinds: Dual Hatting, and the Implications for A National Cybersecurity Strategy
As one of the biggest cyberattacks to have targeted the US government and private industry in recent years, the ‘SolarWinds hack’ revealed significant implications for future government cybersecurity strategies. Despite SolarWinds software’s broad use across the federal government, private-sector companies including FireEye, Microsoft, and GoDaddy were the first to discover and counter this attack. Was the success of this cyber-espionage a failure of US Cyber Command’s (USCC) “defend forward” strategy? Does the SolarWinds hack support abolishing the practice of dual-hatting the USCC Commander and Director of the NSA? The Institute for Security and Technology (IST) will host this debate on these critical questions and assess the implications of the SolarWinds hack on the U.S. government’s role in cybersecurity defense and a broader national cybersecurity strategy.
We are pleased to welcome:
Susan Hennessey, Senior Fellow – Governance Studies, Brookings Institute and Executive Editor, Lawfare
Bryson Bort, Founder, and CEO, SCYTHE
Erica Borghard, Senior Fellow, Atlantic Council; Senior Director, Cyberspace Solarium Commission.
JD Work, Bren Chair for Cyber Conflict and Security, Marine Corps University
Moderated by Robert Knake, Whitney Shepardson Senior Fellow, Council on Foreign Relations (CFR)
This one-hour live virtual event and Q&A took place Thursday, January 14 at 1300 PST/ 1600 EST and was open to the public. Disclaimer: Views expressed during this public event are personal speaker views and do not represent the organizations they are affiliated with.
Cyber Pop-Up: Kubernetes, DevSecOps, and Security in the DoD
New technologies are making waves in the Department of Defense. With the launch of the DoD Enterprise DevSecOps Initiative, DoD engineers have slashed the software delivery timeline, and what used to take years to develop can now be released in months. The introduction of Kubernetes, an open-source tool for managing and scaling applications, led to the groundbreaking installation of Kubernetes in the legacy hardware of an F-16, and most recently, on a U-2 Dragon Lady aircraft to run machine learning algorithms.
But what does cybersecurity look like in a legacy warfighter? The Institute for Security and Technology invites you to an in-depth discussion with security experts from industry and government on the use of emerging technologies in the DoD, how to bake security into software development, and how to create effective collaborations between public and private partners. We have the pleasure of speaking with;
Amélie Koran, Senior Technology Advocate, Splunk
Dan Tentler, Executive Founder, Phobos Group
Michael Medellin, Director of Engineering, Kessel Run, U.S. Air Force
Moderated by Ali Golshan, Co-Founder and CTO, StackRox
This one-hour live virtual event and Q&A took place on Tuesday, December 15 at 1100 PST/ 1400 EST and was open to the public.
Biden Administration Cyber Agenda Discussion
As the world prepares for the incoming Biden/Harris White House, it is expected that the new U.S. administration will make cybersecurity a top-tier national security priority. The incoming Biden administration has recognized election security as a priority, promising to increase investments to state and local governments for upgraded election technology and increase oversight of private election vendors. Their cybersecurity platform aims to enact stronger consumer privacy and security standards as well as confront foreign election interference, China’s 5G ambitions, and the potential of a future global malware outbreak.
IST is excited to host the following technology and policy experts to discuss the Biden administration’s expected leadership, projected cyber strategies, and the implications for both domestic and international politics:
Chris Painter, President, Global Forum on Cyber Expertise Foundation
Kemba Walden, Attorney in the Digital Security Unit at Microsoft
Mieke Eoyang, Senior Vice President, National Security Program at Third Way
Moderated by Eli Sugarman, Director of the Cyber Initiative at the William and Flora Hewlett Foundation
This one-hour live virtual event and Q&A took place on Wednesday, December 2 at 1130 PST/ 1430 EST and was open to the public.
Nagorno-Karabakh: Tanks, Drones, and Implications for 21st Century Warfare
The current Nagorno-Karabakh conflict between Armenia and Azerbaijan raises interesting questions with potentially broad consequences regarding 21st-century warfare as modern weapon systems are deployed alongside traditional ones. As unmanned weapon systems become more ubiquitous, the role of tanks on the modern battlefield is being questioned. Will tanks continue to maintain the same importance to ground warfare that they’ve had in the past? What changes do relatively cheap drones bring to the battlefield? How does electronic warfare play into these dynamics? IST is hosting this conversation to better understand these questions, with experts on emerging military technologies, tank warfare, and electronic warfare.
Join us for the discussion with:
Sam Bendett, Research Analyst with the Center for Naval Analyses’ International Affairs Group
Ulrike Franke, Policy Fellow at the European Council on Foreign Relations (ECFR)
Whitney McNamara, Electromagnetic Spectrum/Emerging Technologies Policy Subject Matter Expert working with the US Military
Robert Bateman, Writer, Historian, and Former U.S. Army Officer
Moderated by Leah Walker, Defense Technology Associate, IST
This one-hour live virtual event will take place on Friday, October 30 at 1000 PT/ 1300 ET and is open to the public.
Governing AI Effectively – A Bipartisan Discussion
The effective governance of AI is one of the great challenges of the early 21st century. The AI in Government Act of 2020 (HR Bill 2575) represents a much-needed step forward to help address this challenge as the United States prioritizes artificial intelligence across the Federal Government, and embraces broader considerations on the effective adoption and governance of AI. The provision of oversight responsibilities and formalizing of roles reflects the recommendations of both industry leaders, those of the National Security Commission on AI (NSCAI), and academia to centralize efforts, identify resources, and promote equitable best practices in AI across the government. As the AI in Governance Act of 2020 passes the House of Representatives and moves toward becoming law, the Institute for Security and Technology (IST), who works with industry and government experts to solve emerging security threats, is excited to welcome Rep. McNerney (D-CA), Rep. Olson (R-TX) and Safiya Noble, Associate Professor at UCLA for this important high-level public panel discussion on the bill.
SPEAKERS:
Congressman Rep. Jerry McNerney (D-CA),
Congressman Rep. Pete Olson (R-TX),
Safiya Umoja Noble, Ph.D. Associate Professor at UCLA, specializing in issues of algorithmic discrimination and technology bias.
Moderated by Philip Reiner, CEO, Institute for Security and Technology (IST)
This one-hour live virtual event took place on Friday, October 23 at 1100 PST/ 1400 EST. This event was open to the public featuring a live Q&A session. RSVP is required to attend.
Active Measures, Disinformation Campaigns, and Election Security with Nellwyn Thomas and Thomas Rid
The evolution of technology and the use of active measures enables information operations to strike deeper and more efficiently into the heart of democratic systems. These operations target voters, political campaigns, and the very democratic institutions that seek to uphold free speech and freedom of information. Disinformation is not new. However, today’s digitized and networked reality allows for precise targeting of manipulated messaging, at scale, and with lightning speed. This new technology brings unprecedented levels of risk to election security and threatens the integrity of the electoral process.
To speak on the historical and current challenges of political warfare and disinformation and what is being done to address these threats, IST hosted this high-level event featuring Nell Thomas, the Chief Technology Officer for the Democratic National Committee (DNC); Thomas Rid, a renowned expert on disinformation and information technology and author of Active Measures; and Vera Zakem, Senior Technology and Policy Advisor for IST. Moderated by Mike McNerney, IST’s board chair, and the Chief Operating Officer of Arceo, this conversation will cover active measures, the history of information operations, the evolution of modern disinformation campaigns, and their implications for today’s election security.
SPEAKERS:
Nell Thomas, Chief Technology Officer, Democratic National Committee (DNC)
Thomas Rid, Professor of Strategic Studies at Johns Hopkins University’s School of Advanced International Studies and Author of Active Measures
Vera Zakem, Senior Technology and Policy Advisor for IST and Founder and CEO of Zakem Global Strategies
Moderated by: Mike McNerney, Board Chair, IST and Chief Operating Officer of Arceo
The Institute for Security and Technology (IST)’s Election Security Initiative aims to bridge the public and private sector’s leading experts to better understand the implications of disinformation campaigns, cyberattacks on critical election infrastructure, foreign interference, and the exploitation of emerging technologies on the upcoming election. By creating tangible, practical, and impact-driven solutions, this initiative aims to enhance the protection of elections and voting infrastructure for future democratic processes.
REDDIT Ask Me Anything with Whitney McNamara
Virtual Event and Live Q&A with Mr. Nand Mulchandani, Acting Director of the U.S. Department of Defense Joint Artificial Intelligence Center
Reddit Ask Me Anything with Elsa Kania, Adjunct Senior Fellow at the Center for a New American Security and Harvard PhD student
The Institute for Security and Technology is facilitating a Reddit AMA with Elsa Kania, an Adjunct Senior Fellow with the Technology and National Security Program at the Center for a New American Security. Elsa researches Chinese military innovation and the geopolitical implications of emerging technologies like 5G and artificial intelligence.
Online Event: Official Launch of the Institute for Security and Technology (IST)
In celebration of our evolution from Technology for Global Security to The Institute for Security and Technology (IST), we hosted a rebrand and relaunch event on August 4, 2021. The event featured discussions and Q&A sessions with leading experts on emerging security issues, including General Joseph Votel (Ret.), Dr. Sarah Sewall, Dmitri Alperovitch, Craig Newmark, Lauren Buitta, and Camille Stewart.
Ask Me Anything featuring Paul Scharre, Senior Fellow at the Center for a New American Security
The Institute for Security and Technology facilitated an online AMA with Paul Scharre, Senior Fellow and Director of the Technology and National Security Program, Center for a New American Security. This AMA discusses Paul’s research at the intersection of strategy and emerging technologies such as artificial intelligence, robotics, unmanned systems, and autonomy for military use.