donate EXPLORE
donate

Virtual Library

Our virtual library is an online repository of all of the reports, papers, and briefings that IST has produced, as well as works that have influenced our thinking.

Submit your Content
Advanced Search

Reports

Enhancing Cyber Resilience through Insurance: Revisiting Anti-Bundling Regulation

Sophia Mauro and Taylor Grossman

viewpdf

Op-ed

ROOST Reminds Us Why Open Source Tools Matter

view

Reports

Navigating AI Compliance, Part 2: Risk Mitigation Strategies for Safeguarding Against Future Failures

Mariami Tkeshelashvili, Tiffany Saade

viewpdf

Reports

Deterring the Abuse of U.S. IaaS Products: Recommendations for a Consortium Approach

Steve Kelly, Tiffany Saade

viewpdf

Podcasts

TechnologIST Talks: Looking Back and Looking Ahead: Deep Dive on the New Cybersecurity Executive Order

Carole House, Megan Stifel, and Steve Kelly

view

Podcasts

TechnologIST Talks: The Offense-Defense Balance

Philip Reiner and Heather Adkins

view

Reports

The Generative Identity Initiative: Exploring Generative AI’s Impact on Cognition, Society, and the Future

Gabrielle Tran, Eric Davis

viewpdf

Contribute to our Library!

We also welcome additional suggestions from readers, and will consider adding further resources as so much of our work has come through crowd-sourced collaboration already. If, for any chance you are an author whose work is listed here and you do not wish it to be listed in our repository, please, let us know.

SUBMIT CONTENT
Playing now

Cyber Resilience and Insurance Innovation

More Videos

Load More

Cyber incident reporting isn’t the problem — ignorance is

Michael Daniel and Megan Stifel

SUMMARY

“For over 20 years, the federal government has urged industry — particularly those operating critical infrastructure systems like water systems and electric grids — to voluntarily secure their digital assets, share relevant threat information within their sectors, and report incidents to the government. This purely voluntary approach initially made sound legal and policy sense. The alternative, such as government monitoring private networks for signs of potential breaches, seemed both extreme and impractical.”


Read more on TheHill.com.