Institute for Security and Technology

As AI tech enters the nuclear weapons space, policy debates are accelerating faster than practitioners can keep pace. IST is pleased to announce the Andrew Carnegie AI–Nuclear Policy Accelerator, a new initiative designed to strengthen practitioner decision-making with support from @CarnegieCorp. 🎓Learn more and apply: securityandtechnology.org/blog/ist-launc…

As AI is rapidly reshaping our world, faith traditions are often left out of development discussions. The Religious Voices & Responsible AI Initiative, a joint project between @AIandFaith & IST, aims to include these communities in the future of AI. Today, AIF & IST are honored to announce the members of the new Steering Committee. ❇️ Learn more: securityandtechnology.org/blog/meet-the-…

In his time on the Hill, IST VP Nicholas Leiserson experienced firsthand the “GDPR-ification” of global privacy regulation–because the U.S. did not have a comparable national privacy regime to point to, the EU effectively set the bar. For the #NatSpecs blog, prompted by today’s report, Nicholas reflects on how to avoid a similar fate in global product cybersecurity regulation. 🛡️ Read more: securityandtechnology.org/blog/who-sets-…

In “Comparative Analysis of National and Regional Product Cybersecurity Frameworks,” author Taylor Roberts draws on a consolidated dataset of existing and emerging regulatory schemes to identify substantive areas of convergence and divergence across jurisdictions.

🚨NEW from IST: As cyber threats evolve, nations around the world are working to enhance the security of products & services, but the patchwork of national & regional cybersecurity regulations create challenges. Today’s report provides a structured, comparative analysis of cybersecurity frameworks. 🛡️ Read more: securityandtechnology.org/virtual-librar…

Last week, pro-Iran hackers wiped the devices of medical device manufacturer Stryker, marking the first cyber attack on U.S. soil in the war with Iran. IST convened a webinar with friends & adjuncts to break down the attack, consider its implications, and answer questions from the community. 🛡️ Read the recap: securityandtechnology.org/blog/the-fight…

NEW #HackthePlant civil engineer & water infrastructure expert Andrew Ohrt joins host @BrysonBort for the last episode of season 5 to walk us through the "invisible" nature of water systems, the impact of data centers on utility resilience, and CIE. 🎙️ Listen to episode 51: hack-the-plant.simplecast.com/episodes/cyber…

In the aftermath of last week's attack on a U.S. medical device manufacturer by pro-Iran hackers, this month's edition of the #UnDisruptable27 newsletter reflects on its reason for existence: "to ensure that our communities can take [a] punch...even if it's from our most capable foes." 🛡️ Read more: securityandtechnology.org/blog/undisrupt…

Finally, Alex shared that remote exploitation is likely to be a common form of attack going forward: “The exploitation of remote facing services is still, I think, in my experience, one of the most common ways, especially for Iranian actors, to gain access to targets.”

The choice to target a healthcare supplier, Jason said, tells us something about the actors’ motivations. “If they were focused on regime survival, they would [target defense contractors]…They're going to go after what they perceive, probably correctly, is our soft underbelly.”

This morning, IST hosted a pop-up webinar with friends and partners to respond to the first pro-Iran regime cyber attack on domestic soil. IST CSO Megan Stifel moderated the conversation with panelists Jason Kikta, Alex Orleans, and Christopher Plummer, breaking down what happened at Stryker, advice for at-risk providers, and what the attack means for the future. 🛡️ Watch the full discussion: youtube.com/watch?v=8Zcedm…

V0.1 is not comprehensive, but focuses on the interventions that require the most lead time. 🛜 Network Security 💾 Hardware Trust 👩‍💻 Personnel Security ❇️ AI Model Security 🔐 Physical Security

Implementation of the Task Force’s recommendations directly addresses the need identified in the Trump Administration’s recent National Cyber Strategy, which called for “securing the AI technologies stack, including data centers.”

While AI models continue to advance in both capabilities and scope, efforts to secure them struggle to keep pace. These models and their unique model weights must be protected against threats from the most capable nation-state adversaries and attacks. This week, the @SL5TaskForce, incubated at IST, released a NIST SP 800-53 overlay for frontier AI infrastructure—charting a path for labs to reach Security Level 5 by 2029 or sooner. Learn more: standard.sl5.org

#UnDisruptable27 works to equip communities with the information, tools, and support they need to mitigate cyber threats. Learn more: securityandtechnology.org/undisruptable2…

This week, pro-Iranian hackers leveled the first #cyber attack on U.S. critical infrastructure since the onset of the Iran War. IST Exec @joshcorman spoke to @CNN about the increased risk to healthcare and water providers during wartime. 🛡️Read more: cnn.com/2026/03/11/pol…

What do we know about the attack, and who carried it out? What are the potential motivations behind the targeting? How does it compare to past cyber operations? IST CSO Megan Stifel moderates a discussion with panelists Jason Kikta, Alex Orleans, and more.

Yesterday, pro-Iranian hackers claimed to have wiped 200k devices of a major U.S. medical device manufacturer. While cyber operations in the Middle East have been ongoing, this is the first domestic incident. Tomorrow at 12 PM ET/9 AM PT, IST friends & adjunct advisors break down the attack and its implications. 🛡️ Register now: us02web.zoom.us/webinar/regist…

AI Security Level 5 standards. Defending foundation models against top tier adversaries.

This is the 9th #CriticalEffectDC! We created it years ago, not to have another conference talking about the problem, but to bring together Members of Congress and USG together with the Security Community to build relationships. 🦄⚡️