For decades, the approach to building technology has operated on an implicit assumption that security could be addressed after the fact...This created an environment in which building technology that simply worked was sufficient, and the cost of building technology that was engineered to be secure was treated as an unnecessary burden on development timelines and budgets... The capabilities demonstrated by recent advances in artificial intelligence have fundamentally altered t

The Mythos moment is significant for reasons that extend beyond its immediate cybersecurity implications. It establishes, with unusual clarity, that AI capability has crossed a threshold in the offensive domain — and that the defensive and governance infrastructure available to most institutions has not kept pace. That gap is not a projected risk. It is a present condition.

Create a paper that guides the financial services sector and other sectors to evolve practices toward identity security (and away from identity governance platforms) as an essential component for AI Agent deployment at enterprise scale. Identify alignment with the practical approach used by Wells Fargo.

Acquisition reform returns as a familiar Washington ritual, yet change is often only seen at the margins. The task at hand has simply been too monumental to effectively revamp the entire system: Reforming how the Pentagon buys alone isn’t enough, any meaningful transformation depends on revitalizing the industrial base, strengthening supply chain security, giving industry the capital and demand certainty to invest, requirements-setting, and sustained workforce development and

Examine how U.S. and PRC approaches to post-quantum cryptography (PQC) and quantum key distribution (QKD) reveal divergent risk strategies for protecting critical infrastructure. This ICIT perspective explores why relying solely on PQC may leave Tier-1 systems exposed—and whether a defense-in-depth model is needed for the quantum era.

As AI systems and LEO satellite networks scale, quantum risk grows. Dr. David Mussington, ICIT Fellow outlines why post-quantum cryptography must be embedded now — not retrofitted later — to secure the infrastructure of the 2030s.

Explore the challenges and opportunities of quantum cryptography in this SC Media perspective. Learn why transitioning from theoretical roadmaps to real-world deployment is critical for securing communications, defending sensitive data, and preparing infrastructure for the quantum era.

Learn why cyber risk is a critical concern for the U.S. water sector and how the Sector Risk Management Agency (EPA) and public-private partners are working to protect utilities from cyber threats. This SC Media perspective highlights evolving risks, resource gaps, and collaborative solutions that help keep water safe and flowing.

ICIT organizes its focus area on critical infrastructure into three interdependent pillars that incorporate four of the sixteen critical infrastructure sectors: Energy & Grid, Water & Wastewater, and Transportation & Telecommunications. In 2026, we will be examining these pillars through the lens of topics like Defense Critical Infrastructure, Cyber Force, Drones, Federal Civilian Executive Branch, and Data Centers & Artificial Intelligence.

In this SC Media perspectives piece, Dr. David Mussington, demonstrates that with deeply converged infrastructure—extending across hyperscale data centers, global cloud services, and AI-powered supply chains—risk must also be considered as converged.

As cyber-threats evolve, so must our mindset. In his recent article at SC Media, Jim Routh (an esteemed Institute for Critical Infrastructure Technology Fellow) poses a powerful question: Should enterprises offer personal data protection to employees as a benefit?