Virtual Library

Our virtual library is an online repository of all of the reports, papers, and briefings that IST has produced, as well as works that have influenced our thinking.

Submit your Content

Reports

Unlocking U.S. Technological Competitiveness: Public-Private Misalignments in Biotechnology, Energy, and Quantum Sectors

Ben Purser, Pavneet Singh

viewpdf

Reports

Effects of Electromagnetic Pulses on Communication Infrastructure: An IST Primer

viewpdf

Reports

How Does Access Impact Risk? Assessing AI Foundation Model Risk Along a Gradient of Access

Zoë Brammer, along with contributors from the AI Foundation Model Access Working Group

viewpdf

Fact Sheet

DOD and SBA Launch the Small Business Investment Company Critical Technology (SBICCT) Initiative

Strategic Balancing Initiative

viewpdf

Fact Sheet

White House Releases Outbound Investment Executive Order

Strategic Balancing Initiative

viewpdf

Reports

Strengthening Resilience in 21st Century Crisis Communications

Alexa Wehsener, Sylvia Mishra

viewpdf

Fact Sheet

DoD Releases the National Defense Science and Technology Strategy

Strategic Balancing Initiative

viewpdf

Contribute to our Library!

We also welcome additional suggestions from readers, and will consider adding further resources as so much of our work has come through crowd-sourced collaboration already. If, for any chance you are an author whose work is listed here and you do not wish it to be listed in our repository, please, let us know.

SUBMIT CONTENT

Cyber Incident Reporting Framework

Cyber Threat Alliance, Institute for Security and Technology

SUMMARY

A group led by Cyber Threat Alliance and the Institute for Security and Technology that includes CREST, CipherTrace, Coveware, Cybera, Cybercrime Support Network, Cyber Peace Institute, Open Cybersecurity Alliance, and SolarWinds has come together to provide input regarding cyber incident reporting.

This group has identified a set of principles that the incident reporting regulation should incorporate, and we have developed a set of model reporting formats the Cybersecurity and Infrastructure Security Agency (CISA) could use as the foundation for the reporting forms. The report contains 3 sections:

  1. Purpose, Expectations, and Definitions
  2. Principles
  3. Incident Reporting Fields

Framework appendices include an explanation of why the U.S. government should collect the proposed information in the Cyber Incident Reporting Form and a sample, generic CIRF report.

download pdf