Skip to content
Sign Up for Our Newsletter
About
Close About
Open About
About the Institute for Security and Technology
Our Team
Board Of Directors
Careers
Contact Us
Featured Events
Cyber Policy Awards
Critical Effect DC
Projects
Close Projects
Open Projects
AI and NC3
Pioneering action-oriented efforts to explore how advanced AI capabilities will be integrated into nuclear command, control, and communications
AI Antitrust and National Security
Exploring how to more effectively account for national security considerations in AI antitrust cases while respecting precedent, scope, and the core principles of antitrust law
AI Risk Reduction Initiative
Assessing the emerging risks and opportunities of AI foundation models and developing risk reduction strategies
AI Chip Export Control Initiative
Safeguarding U.S. national competitiveness by closing critical compliance and enforcement gaps
AI Risk Barometer
Measuring national security professionals’ perceptions of AI futures through a technically-informed survey
CATALINK
Preventing the onset or escalation of conflict by building a resilient global communications system
Energy FIRST
Powering U.S. and allied security & prosperity through a resilient energy future
Ransomware Task Force (RTF)
Combating the ransomware threat with a cross-sector approach
Religious Voices and Responsible AI
Engaging religious communities on safe and beneficial AI
SL5 Task Force
Strengthening AI security through a multistakeholder approach
UnDisruptable27
Driving more resilient lifeline critical infrastructure for our communities
All Projects
» Explore all of IST's projects, past and current
Focus Areas
Future of Digital Security
Geopolitics of Technology
Innovation and Catastrophic Risk
Events
Insights
Contact
Search
Donate
Archive
software
Report
CVE at a Crossroads: A Blueprint for the Next 25 Years
The Common Vulnerabilities and Exposures (CVE) Program is a critical public good, yet it is at a crossroads. Established by MITRE with support from the U.S. government, the index of software vulnerability identifiers has been a core element of software security since 1999. But recent funding issues have laid bare fundamental challenges, and without action, the vulnerability identification landscape will fragment. This report provides recommendations for global policymakers on how to reimagine the CVE Program for the next 25 years.
Common Vulnerabilities and Exposures
,
CVE
,
Global Vulnerability Catalog
,
National Vulnerability Management Program
,
software
,
vulnerability identification
,
vulnerability management
October 8, 2025
Podcast
Looking Back and Looking Ahead: Deep Dive on the New Cybersecurity Executive Order
“This is the capstone project that really takes and leverages all of the lessons learned that have come out of the administration’s long, ongoing efforts.” In this bonus episode of TechnologIST Talks, Chief Security Officer Megan Stifel and Chief Trust Officer Steve Kelly are joined by Carole House, Special Advisor for Cybersecurity and Critical Infrastructure Policy at the National Security Council. As a member of the lead office responsible for drafting the Biden administration’s final Executive Order on cybersecurity, Carole breaks down the EO’s goals, how we got here, and her hopes for the next...
cybercrime
,
cybersecurity
,
Executive Order
,
software
January 16, 2025
Blog
Cybersecurity Awareness Month at IST: Tips, Tricks, and Takes from the Team
Last month, we shared the IST team’s best tips, tricks, and takes in honor of Cybersecurity Awareness Month. IST Comms Associate Lillian Ilsley-Greene sat down with the team to get their insights on the most pressing cyber issues facing our world.
AI
,
cybersecurity
,
incentives
,
MFA
,
online safety
,
Ransomware
,
software
November 4, 2024
Report
The Implications of Artificial Intelligence in Cybersecurity: Shifting the Offense-Defense Balance
Advances in AI present key cybersecurity opportunities, but how might malicious actors utilize the same technology? IST’s latest report investigates the state of existing and potential integrations of AI in cybersecurity based on our research & interviews with industry stakeholders and puts forward 7 priority recommendations.
agentic
,
AI
,
artificial intelligence
,
cyber
,
cybersecurity
,
deepfakes
,
offense-defense balance
,
software
October 10, 2024
Blog
IST Reviews the 2023 National Cybersecurity Strategy: Analysis and Next Steps
The Biden administration today released its 2023 National Cybersecurity Strategy. We note 3 key priorities from the strategy that have the potential to directly affect our work.
cyber resilience
,
National Cybersecurity Strategy
,
operational collaboration
,
software
March 2, 2023
Blog
IST announces new support from Omidyar Network to develop a framework for a secure open-source software ecosystem
Through a partnership with Omidyar Network, a social change venture that works to reimagine critical systems and the ideas that govern them, IST will work to develop a framework for securing the open-source software ecosystem.
announcements
,
digital infrastructure
,
open-source
,
software
January 23, 2023
Podcast
Assume Vulnerability
In this episode of The Fourth Leg, Philip Reiner and Alexa Wehsener sit down with the High Priest of Coreboot, Ron Minnich. They dive into the substance of his paper, “Hardware that is Less Untrusted: Open Source Down to the Silicon” and discuss software, firmware, and hardware vulnerabilities and the value of open source code.
firmware
,
hardware
,
open source
,
silicon
,
software
,
vulnerability
June 8, 2020
Podcast
When and Why Cede Nuclear Authority
In this segment, Dr. Vipin Narang joins Philip Reiner and Peter Hayes to challenge the delegative/assertive binary, arguing that, while conceptually important, it has hamstrung our thinking of regional powers’ NC3 by forcing them into one bin or another when it is in fact a time-dependent spectrum: all states delegate—that is, cede the ability to use nuclear weapons, irrespective of the authority to do so—at some point.
assertive
,
delegative
,
hardware
,
NC3
,
NC3 architecture
,
nuclear command
,
nuclear control
,
regional powers
,
software
September 18, 2019
Podcast
The Curse of Flexibility
In this segment, Nancy Leveson joins Philip Reiner and Peter Hayes to make the case that using conservative techniques and avoiding unnecessarily complex software in critical functions in NC3 systems circumvented nuclear catastrophe in the past.
complexity
,
NC3
,
nuclear command
,
risk management
,
software
July 25, 2019
Report
Hardware that is Less Untrusted: Open Source Down to the Silicon
In an essay out of the workshop "Last Chance: Communicating at the Nuclear Brink," Ron Minnich argues "We can not build on a foundation that is compromised at all levels. There is no visibility into the system's behavior. The existing model assumes perfect software: 'Trust, but don't verify." We need to start anew, from the gates, and work our way up.
CATALINK
,
central processing unit
,
chip
,
computing
,
CPU
,
firmware
,
hardware
,
IO chips
,
memory chip
,
motherboard
,
NC3
,
open-source
,
PC
,
personal computer
,
silicon
,
software
,
supply chain
,
UV
June 9, 2020
Report
Cyber Operations and Nuclear Weapons
In Cyber Operations and Nuclear Weapons, Jon Lindsay argues that "offensive cyber operations targeting NC3 introduce a number of under-appreciated risks of organizational breakdown, decision making confusion, and rational miscalculation in a nuclear crisis.”
accidental launch
,
arms control
,
attack vector
,
complexity
,
computer
,
control
,
counterattack
,
counterintelligence
,
countermeasure
,
crisis
,
crytographic
,
cyber
,
digital
,
electronic warfare
,
escalation
,
NC3
,
reconnaissance
,
redundant
,
retaliation
,
software
,
stability
,
Stuxnet
,
supercomputer
June 20, 2019
Report
An Engineering Perspective on Avoiding Inadvertent Nuclear War
In "An Engineering Perspective on Avoiding Inadvertent Nuclear War," Nancy Leveson argues that using conservative techniques and avoiding unnecessarily complex software in critical functions in NC3 systems circumvented nuclear catastrophe in the past. She calls for a new approach that avoids gratuitous complexity; emphasizes less, not more technology; and improves NC3 systems.
AI
,
aircraft
,
aviation
,
complexity
,
human operator
,
inoperability
,
interconnection
,
interdependency
,
isolation
,
NC3
,
nuclear
,
software
,
spacecraft
,
Systems Theory
July 25, 2019
Report
Innovation and Adaptive Control in America’s Electric Infrastructure: Parallels to NC3
Providing unique insights into the performance of highly complex command and control systems from a radically different perspective, Mason Willrich describes how each of the major components of electricity infrastructure is interconnected and interactive with the others. How can this be illustrative for thinking about the challenges - and solutions - for nuclear command and control?
climate change
,
cyber
,
distribution
,
electric power
,
energy
,
hardware
,
infrastructure
,
interconnection
,
internet
,
nuclear
,
nuclear energy
,
power plant
,
regulation
,
sensor
,
sensors
,
software
,
stability
,
transmission
,
transportation
October 3, 2019
Search
Search