banner
istorg.bsky.social
Institute for Security and Technology
@istorg.bsky.social
520 followers 140 following 560 posts
We are the 501(c)(3) critical action think tank that unites technology and policy leaders to create solutions to emerging security challenges. https://securityandtechnology.org/
securityandtechnology.org
Posts Media Videos Starter Packs
Pinned
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 7d
As tech evolves across the world, so do #cyber threats. This #CybersecurityAwarenessMonth, IST will share practical resources, novel research & critical insights to help individuals, orgs & communities strengthen their #cybersecurity practices. The NCA’s #Core4 highlights tips to #StaySafeOnline.
1 2
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 5h
This year’s Veil Storm II sought to build an operational plan to further disruptive efforts to reduce cybercrime. Stay tuned for the next after action report!
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 5h
It resulted in an after-action report released earlier this summer that generated valuable takeaways for enhancing operational collaboration and information sharing.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 5h
Veil Storm I, held last year in The Hague, focused on information sharing across international law enforcement agencies and private sector firms in responding to cyber incidents.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 5h
IST Director for Digital Security Taylor Grossman was in The Hague last week to carry out Veil Storm II, the second exercise conducted by the Ransomware Task Force (RTF) in partnership with Europol’s European Cyber Crime Center.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 7h
The exercise brought together key stakeholders in the ransomware information ecosystem and asked them to consider challenges to operational collaboration & info sharing in response to a ransomware attack. IST’s Taylor Grossman summarized the key takeaways of the exercise in her report.
🛡️ Read more:
Exercise VEIL STORM I: After Action Report
In partnership with Europol, the Institute for Security and Technology and the Ransomware Task Force’s International Engagement Working Group designed and delivered Exercise VEIL STORM I, a tabletop e...
securityandtechnology.org
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 7h
Last year, in partnership with Europol’s European Cybercrime Centre, IST and the #RansomwareTaskForce’s International Engagement Working Group designed and delivered Exercise VEIL STORM I with support from the NCA and RCMP.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 7h
Ransomware victims who engage with law enforcement reduced breach costs by $1m, IBM reports. But when your business is hit with a cyber attack, what comes next? This #CybersecurityAwarenessMonth, we’re spotlighting our ongoing work to bolster info sharing & operational collaboration. 🧵
1 1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 9h
🛡️ Read “CVE at a Crossroads: A Blueprint for the Next 25 Years:”
CVE at a Crossroads: A Blueprint for the Next 25 Years
The Common Vulnerabilities and Exposures (CVE) Program is a critical public good, yet it is at a crossroads. Established by MITRE with support from the U.S. government, the index of software vulnerabi...
securityandtechnology.org
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 9h
➡️ Key priorities related to data quality standards for CVE records and technical infrastructure modernization to ensure the program serves as a public good for the next 25 years.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 9h
➡️ National (or Regional) Vulnerability Management Programs, which would handle other key functions related to software vulnerabilities—beyond assigning identifiers—for both software producers and users.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 9h
➡️ A Global Vulnerability Catalog, a multistakeholder successor to the CVE Program that would identify, maintain, and manage access for a catalog of “actionable cybersecurity vulnerabilities.”
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 9h
Noting that the data it provides about the prevalence of software defects is also crucial for driving progress in achieving security-by-design, they propose:
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 9h
In “CVE at a Crossroads: A Blueprint for the Next 25 Years,” authors Nicholas Leiserson, Bob Lord, and Lauren Zabierek build a policy framework that separates the creation and cataloging of universal vulnerability identifiers from other vulnerability management functions that rely on them.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 9h
🚨 NEW from IST: The CVE Program is at a crossroads. Recent funding issues have exposed key challenges, and without action, the vulnerability identification landscape will fragment. Today’s report provides recs for global policymakers to reimagine the CVE Program for the next 25 years.
🛡️ Learn more:
CVE at a Crossroads: A Blueprint for the Next 25 Years
The Common Vulnerabilities and Exposures (CVE) Program is a critical public good, yet it is at a crossroads. Established by MITRE with support from the U.S. government, the index of software vulnerabi...
securityandtechnology.org
1 1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 9h
➡️ National (or Regional) Vulnerability Management Programs, which would handle other key functions related to software vulnerabilities—beyond assigning identifiers—for both software producers and users.
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 9h
➡️ A Global Vulnerability Catalog, a multistakeholder successor to the CVE Program that would identify, maintain, and manage access for a catalog of “actionable cybersecurity vulnerabilities.”
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 9h
Noting that the data it provides about the prevalence of software defects is also crucial for driving progress in achieving security-by-design, they propose:
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 9h
In “CVE at a Crossroads: A Blueprint for the Next 25 Years,” authors Nicholas Leiserson, Bob Lord, and Lauren Zabierek build a policy framework that separates the creation & cataloging of universal vulnerability identifiers from other vulnerability management functions that rely on them.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 10h
LIVE at #CyberNextDC, IST Senior VP for Policy Nicholas Leiserson joins a panel to discuss the Common Vulnerabilities and Exposures Program, the National Vulnerability Database, and how we can close the gaps before adversaries exploit them.
🛡️ Join on Zoom: us02web.zoom.us/webinar/regi...
Welcome! You are invited to join a webinar: CyberNext DC 2025. After registering, you will receive a confirmation email about joining the webinar.
As cyberattacks continue to hammer networks and critical infrastructure — threatening economic stability and global trust — it has never been more important for both the public and private sectors to ...
us02web.zoom.us
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 11h
Happening now at #CyberNextDC, IST Adjunct Advisor Jen Ellis moderates the Cyber Luminaries panel featuring visionaries in the fields of cybersecurity, AI, critical systems, and more – including IST Exec in Residence @joshcorman.bsky.social.
🛡️ Join on Zoom: us02web.zoom.us/webinar/regi...
Welcome! You are invited to join a webinar: CyberNext DC 2025. After registering, you will receive a confirmation email about joining the webinar.
As cyberattacks continue to hammer networks and critical infrastructure — threatening economic stability and global trust — it has never been more important for both the public and private sectors to ...
us02web.zoom.us
1
Reposted by Institute for Security and Technology
cyberseccenter.bsky.social
Center for Cybersecurity Policy and Law @cyberseccenter.bsky.social · 12h
@istorg.bsky.social's @megans.bsky.social
talks about the progress of the Ransomware Task Force at #CyberNextDC. Watch here: www.youtube.com/live/VxtE68R...
CyberNext DC 2025
YouTube video by Center for Cybersecurity Policy and Law
www.youtube.com
2 3
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 12h
LIVE at #CyberNextDC, IST CSO @megans.bsky.social delivers a keynote on the #RansomwareTaskForce, cyber policy, and what we’re facing in the next few years.
🛡️ Join on Zoom: us02web.zoom.us/webinar/regi...
Welcome! You are invited to join a webinar: CyberNext DC 2025. After registering, you will receive a confirmation email about joining the webinar.
As cyberattacks continue to hammer networks and critical infrastructure — threatening economic stability and global trust — it has never been more important for both the public and private sectors to ...
us02web.zoom.us
1 1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
IST is going to #CyberNextDC! @megans.bsky.social delivers a keynote on the #RTF's approach to cyber policy, Nicholas Leiserson sits on a vulnerability management panel, while Jen Ellis moderates the Cyber Luminaries panel ft. @joshcorman.bsky.social.
🛡️ Register to attend in person or online:
2025 CyberNextDC Registration
Please click the link to complete this form.
form.jotform.com
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
IST's Dr. Steven Burns is in DC today to join state officials and experts from industry and academia at a USEA forum on the strategic, economic, and humanitarian implications of the recent peace declaration and transit agreement between Armenia and Azerbaijan.
⚡ Learn more: usea.org/event/naviga...
Navigating the Nexus: New Horizons for Peace & Trade in the South Caucasus
The South Caucasus is at a pivotal moment. The recent peace declaration between Armenia and Azerbaijan, alongside a new transit route agreement, is poised to reshape the region. Join us for a dynamic…
usea.org
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 2d
“From cyber-physical attacks and extreme weather to demand growth and fragile supply chains, our energy supply is under growing strain,” said Dr. Burns. “Energy FIRST is about bringing the right groups together from across the value chain to foresee and address the evolving and escalating risks.”
Fuel & Supply Chains – Ensuring reliable access to fuels, components, and critical materials; Infrastructure Modernization – Upgrading generation, transmission, and storage to meet future demand; Resilience – Preparing for disasters and speeding recovery; Security (Cyber-Physical) – Defending against evolving threats in both the digital and physical domains; and Technology & Adaptation – Leveraging AI and innovation while managing new risks.