• CHINA WATCHIf We Can’t Name China’s Cyberattacks, We Lose Trust in Ourselves

    By Justin Bassi

    In the space of just a few days, two big US tech companies took different approaches to China’s cyberattacks. Palo Alto Networks generically referred to a global cyber espionage operation by unnamed actors while Google specifically named China as the globe’s leading cyber security threat. That inconsistency hurts everyone but China.

  • CHINA WATCHAllfare: China’s Whole-of-Nation Strategy

    By Michael Margolius

    To analyze how states exert their influence, scholars often compartmentalize actions into rigid analytical frameworks, which obscures the holistic scope of the challenge.

  • POWER GRIDOn Plum Island, DOE Trains Utilities, Protection Teams to Defend the Grid

    By Ethan Huffman

    Plum Island, just off New York’s northeastern coast, is a sparsely populated outpost with a century-long legacy, stretching back to the Spanish-American War, of playing an important role in helping protect the nation. More recently, scientists have used Plum Island to research lethal pathogens – threatening both humans and farm animals — for which there is no vaccines or treatment. Now, the island hosts exercises which train power companies, industry experts, and government officials to respond to disruptive cyberattacks.

  • POWER-GRID SABOTAGEHacking the Grid: How Digital Sabotage Turns Infrastructure into a Weapon

    By Saman Zonouz

    The darkness that swept over the Venezuelan capital in the predawn hours of Jan. 3, 2026, signaled a profound shift in the nature of modern conflict: the convergence of physical and cyber warfare. The blackout was the result of a precise and invisible manipulation of the industrial control systems that manage the flow of electricity. This synchronization of traditional military action with advanced cyber warfare represents a new chapter in international conflict, one where lines of computer code that manipulate critical infrastructure are among the most potent weapons.

  • NUCLEAR SAFETYProtecting Next-Gen Reactors

    By Sarah Lusk

    As the United States accelerates deployment of advanced and small modular reactors (A/SMRs), the nuclear energy sector is embracing a digital future. While digital systems provide operators with big benefits, they can also create vulnerabilities that enable criminals to access critical infrastructure.

  • AI RISKS: UNSETTLING DEMONSTRATION AI-enabled Intrusions: What Anthropic’s Disclosure Really Means

    By ASPI contributors and External contributors

    Last week, AI company Anthropic reported with ‘high confidence’ that a Chinese state-sponsored hacking group had weaponized Anthropic’s own AI tools to run a largely automated cyberattack on several technology firms and government agencies. The September operation is the first publicly known case of an AI system conducting target reconnaissance with only minimal human direction.

  • AIResearchers Unveil First-Ever Defense Against Cryptanalytic Attacks on AI

    By Matt Shipman

    Security researchers have developed the first functional defense mechanism capable of protecting against “cryptanalytic” attacks used to “steal” the model parameters that define how an AI system works.

  • TECH SECURITYBuilding Trust into Tech: A Framework for Sovereign Resilience

    By Jason Van der Schyff and James Corera

    Governments are facing a critical question: who can be trusted to build and manage their countries’ most sensitive systems? Vendor choices, for everything from cloud infrastructure to identity platforms, are no longer just commercial; they are strategic.

  • CHINA WATCHU.S.–China Cyber Relations and the Weaponization of Microsoft Platforms

    By Ishanya Sharma

    Cyber tensions between the United States and China show Microsoft’s central yet fragile role in global cybersecurity, where its platforms serve as both assets and targets. While both nations have exploited vulnerabilities within the platform to conduct cyber-espionage against each other, China has been particularly persistent in its operations.

  • CYBERSECURITYStudy Finds Smarter Way to Train Employees to Thwart Phishing Scams

    Companies often send out simulated—or fake—phishing emails to employees to see who takes the bait and click. Those who fall for such scams typically receive an on-the-spot lesson meant to help them recognize suspicious messages the next time. But new research finds that approach might not be the best way to help employees learn from their mistakes.

  • CRITICAL INFRASTRUCTUREThe Invisible Siege: Securing the Indo-Pacific’s Telecom Backbone

    By James Corera and Jason Van der Schyff

    Telecommunications once seemed like the passive layer of critical infrastructure—pipes and switches that connected everything yet rarely drew attention. That perception ended long ago. The stability of countries will depend on whether they can keep the lights on and the lines open when pressure comes.

  • CYBERSECURITYHow Secure Is Video Conferences—Really?

    Since the COVID-19 pandemic, video conferencing platforms like Zoom and Microsoft Teams have become essential for work, education, and social connections. While these platforms offer controls such as disabling cameras and muting microphones to safeguard user privacy, a new study suggests that video conferencing may not be as secure as many assume.

  • CYBERSECURITYRemote Work Has Opened Australia’s Cyber Backdoor

    By Isaac Sharp

    The choice is stark. Either we treat remote-work infiltration as a national security priority now, or hostile operatives will continue slipping into networks under the cover of legitimate employment. By modernizing vetting, tightening oversight and raising awareness, we can turn the remote workforce from a vulnerability into a frontline defense.

  • SURVEILLANCEThe Spy Who Came in from the Wi-Fi: Beware of Radio Network Surveillance

    New technology is able to infer the identity of persons with no WiFi device on them through signals in radio networks. Researchers warn of risks to privacy and call for protective measures.

  • CYBERSECURITYMultitasking Raises Risk of Phishing

    By Michael Parker

    In the information age, multitasking is often worn as a badge of honor. But according to new research, multitasking may also blind us to hidden threats, thereby increasing our chances of falling victim to cybercrime.