Virtual Library

Our research repositories present a collection of open-source resources that showcase research and analysis that has directly influenced our initiatives. Non-IST publications are copyrighted by external authors not affiliated with IST.

Submit your Content

Reports

Mapping Threat Actor Behavior in the Ransomware Payment Ecosystem: A Mini-Pilot

Zoë Brammer

viewpdf

Reports

May 2023 Progress Report: Ransomware Task Force: Gaining Ground

Ransomware Task Force

viewpdf

Reports

Castles Built on Sand: Towards Securing the Open-Source Software Ecosystem

Zoë Brammer, Silas Cutler, Marc Rogers, Megan Stifel

viewpdf

Reports

Cyber Incident Reporting Framework: Global Edition

Cyber Threat Alliance, Institute for Security and Technology

viewpdf

Reports

AI-NC3 Integration in an Adversarial Context: Strategic Stability Risks and Confidence Building Measures

Alexa Wehsener, Andrew W. Reddie, Leah Walker, Philip Reiner

viewpdf

Op-ed

The Nuclear Risk Reduction Approach: A Useful Path Forward for Crisis Mitigation

Sylvia Mishra

view

Reports

Nuclear Crisis Communications: Mapping Risk Reduction Implementation Pathways

Sylvia Mishra

viewpdf

Contribute to our Library!

We also welcome additional suggestions from readers, and will consider adding further resources as so much of our work has come through crowd-sourced collaboration already. If, for any chance you are an author whose work is listed here and you do not wish it to be listed in our repository, please, let us know.

SUBMIT CONTENT

An Altogether Different Set of Challenges

Philip Reiner and Peter Hayes with Feroz Hassan Khan

SUMMARY

The Pakistani command and control (C2) system evolved over a four-decade period following a national consensus that deemed the development of a nuclear deterrent a critical component of national security. Until the 1998 tests, Pakistan insisted its program was for peaceful purposes only; even two decades later, a culture of secrecy and deliberate ambiguity continues to surround the program. Pakistan political governance vacillates between a presidential system and parliamentary system under constitutional amendments, which has affected the credibility of political control over national security. Military the strongest institution in the country is the keeper of national security. The nuclear domain is the exclusive purview of the Strategic Plans Division (SPD) at the Joint Service Headquarters (JSHQ). After the passage of National Authority Act in 2010, JSHQ and SPD were bestowed with powers as the de jure and de facto authority on all nuclear matters on behalf of the Prime Minister. Providing a fresh historical perspective, Feroz Khan illustrates the unique challenges facing Pakistan’s NC3 systems. When considering the rapid pace of technological advancements, Khan concludes, “as NC3 gains sophistication, control of partial or full pre-delegation regimes would likely be refined to overcome the never/always dilemma of deployed arsenals in the field.”

This podcast is accompanied by Feroz Hassan Khan’s paper “Nuclear Command, Control and Communications (NC3): The Case of Pakistan.”


The Fourth Leg is a series of podcasts focused on one of the most complex systems in the world today – nuclear command and control – and its increasingly complicated future. Within this series we go straight to the experts, across multiple sectors, to discuss the modernization of nuclear command and control systems.

Along with colleagues from the Nautilus Institute and the Preventive Defense Project, IST recently hosted over 50 international experts at Stanford University to anticipate technical challenges that will arise from the modernization of complex nuclear command and control systems. We aim to spotlight some of the vulnerabilities within a modernized NC3 system while furthering the conversation with this series.

​Keep an eye on IST, as we will begin additional podcast series in the coming months focused on how to fix the internet, AI and global stability, and other critical tech and security issues- for now, we have so much more to talk about, so let’s get started.