Common Good Cyber Advocacy is Critical for Civil Defense

SAN FRANCISCO -- RSA CONFERENCE -- Cybersecurity funding is extremely hard to get and generally unavailable to entities that need it most. Since it remains largely unregulated, the power of the internet can be magical, but extremely vulnerable to security issues.

In its early days, the thought of stifling innovation kept the reins loose on the web and rightfully so. The strategy led to massive economic and social growth and as a result we’ve become reliant on it.

The “Common Good Cyber” panel discussion on Monday at the RSA Conference in San Francisco revealed solutions to institutionalize support for common good cybersecurity that can build adequate funding into law and policy, business processes, and government.

The panel included Camille Stewart Gloster, former deputy national cyber director, technology, and ecosystem Security of The White House; Craig Newmark, philanthropist and founder of Craigslist; Megan Stifel, chief strategy officer of the Institute for Security and Technology; and Mike Lashlee, chief security officer of Mastercard.

Philip Reitinger, president and CEO of the Global Cyber Alliance, served as the moderator for the discussion. On February 27, The Common Good Cyber Initiative was launched at a workshop at the National Press Club in D.C. Its mission is to identify and implement funding models to support those who secure the internet for everyone.

Related:Tracking Pixels and Another Big Health Care Breach

Challenges for Nonprofit Cybersecurity Funding

Stifel said that after the internet’s inception, we haven’t really focused on security, so now, this great capability that we’re dependent upon is often riddled with vulnerabilities. “As a result, we have nonprofits that are often stepping in to clean up vulnerabilities. We have a range of vulnerabilities and Log4J comes to mind. Can we identify all the potential organizations and entities that are vulnerable to that? Well, shadow servers play a role in that.”

The internet is a highway of sorts, but the potholes on the web are drastically different than the ones filled with concrete provided by the hires made by states and governments via taxpayers. When it comes to cybersecurity, why doesn’t the government solve this problem?

Governments are subject to ever-changing priorities of the moment, leadership, and threat landscape, which are the factors that drive priority setting for a federal organization Gloster said. “First, many of the organizations that we’re talking about, Shadowserver for example, you would not want any one government to fund it in totality,” she said.

Related:The Tug-of-War for Cyber Resilience to Guard Water Utilities

“It’s working across the globe; it supports several different governments. So, it would need to be this multinational effort to inject funding into the organization. Governments are looking to make investments that scale easily.”

Another challenge of non-profits is the ability to narrate what these organizations do and the benefits they bring. Securing the technical foundations of the internet is a priority globally.

Public vs. Private Sector: Who’s Responsible for Security?

The people and entities using and needing secure networking most can rarely afford to suffer from a cyberattack. Small water systems, electricity companies, and hospitals are becoming larger targets in relation to the overall threat landscape.

Their lack of infrastructure and adequate funding continues to leave them susceptible to devastating hacks. Cybersecurity should be a collaborative effort amongst public and private sectors to achieve a comprehensive solution.

Lashlee said that Mastercard works with the Global Cyber Alliance and the Cyber Readiness Institute to enable small businesses to find cybersecurity solutions to fit their needs. “We have a lot more to offer than just money. We have experts, expertise, and insights into cyber threats. The private sector should bring those to the table and share them with the non-profits.”

Related:‘They’re Coming After Us’: RSA Panel Explores CISO Legal Pressure

Cybersecurity threats can have serious effects on philanthropists like Newmark, who said that he heavily funds Shadowserver, which is a nonprofit security organization that gathers and analyzes data on malicious internet activity.

“I ask regular people to do things like ask their boss what is being done to keep their company safe from ransomware? As civilians, we need to go to local governments and ask them what is being done to protect our water and electrical supplies? Because some of these systems have already been compromised by foreign adversaries.”

Solutions as a Result of The Common Good Cyber Initiative

Clearly articulating the work of nonprofit organizations that combat cyber-attacks will be crucial building blocks when identifying and leveraging ways to get funding. During a vote that took place to eventually shape the initiative at the National Press Club, the following four solutions were settled on:

The value around these approaches is collaboration, which can enable success. Visibility is key in addressing these challenges plaguing secure internet for everyone.

The Common Good Cyber’s drafted advocacy plan is set to arrive by July 1, while its next workshop launches in Europe on September 30.