It’s time for cybersecurity to go pro bono

Cybersecurity

(Petter Lagson, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Daniel Dobrygowski, Head of Governance and Policy, Global Centre for Cybersecurity, World Economic Forum


As asylum seekers and other vulnerable people are required to give up more and more of their personal information to agencies charged with protecting them, the human rights organizations that work to help such populations become targets of cyberattacks themselves.

Cyber abusers see them as a portal to get to their victims. The recent discovery of a significant messaging app vulnerability used to target human rights groups is just one example of these malicious efforts, but provides significant cause for alarm.

While law enforcement and international bodies must work hard to prevent these digital attacks, leaders in civil society can start acting now to ensure the security of their organizations and of the people who come to them for protection and help.

Unfortunately, for many organizations, it’s hard to prioritize and fund cybersecurity. Very often, the cost of cybersecurity is a constraining factor for all organizations, and those who protect vulnerable populations have limited resources to fund the security of their networks. Additionally, most organizations focus their resources on direct services or driving impact, rather than on “back office” issues like network protection, data security or cybersecurity more generally.

Percentage of organizations providing different types of cybersecurity assistance to civil society
Image: Center for Long-Term Cybersecurity

A security breach for public-serving entities could have a profound impact on the lives of vulnerable people, but these organizations lack the resources to fund cybersecurity in the same way as large corporates.

That is why the time has come to introduce pro bono cybersecurity models. At the same time, non-profits, human rights groups and their funders must come together to recognize the importance of protecting and funding the infrastructure of civil society.

The first step is to recognize and broaden the cybersecurity applications and services available free of charge, or at reduced cost, to human rights groups. The pro bono arrangements in other sectors can serve as a good model.

Generally associated with the legal system, lawyers and law firms take on pro bono cases free of charge because they relate to issues so critical to the rule of law, or justice in society, that they cannot be left to silence or inaction. These efforts run the gamut, from criminal to social justice, and from individual protection to the defence of social and political norms. All aim to ensure that the rule of law is active in support of a just society and strong social institutions.

Cybersecurity, like the rule of law, is a public good and supports a wide array of other benefits. The security of the digital networks that underlie our economic and social institutions is a vital component that must be protected and developed. Additionally, robust cybersecurity technologies, practices and culture support democratic advocacy, individual privacy, effective journalism, and the protection of victims of crime or abuse, among others.

To create a culture of effective pro bono cybersecurity, companies and organizations should make these services as accessible as possible. This means that programmes designed to support cybersecurity public goods must a) exist and b) be readily accessible to the entities that need them.

Already, there are excellent programmes available at reduced cost or free of charge to public-serving organizations. For decades, the Electronic Frontier Foundation has offered free security tools for nonprofits in addition to its advocacy mission.

Similar efforts are on the rise in the private sector as well. For example, Symantec has, for many years, offered a Software Donation Program to help nonprofits secure their data. Cloudflare maintains its Project Galileo, offering free protection against distributed denial-of-service (DDoS) attacks for at risk public interest websites run by organizations that defend and promote the arts, human rights, civil society or democracy.

Microsoft offers a service called AccountGuard to protect US political campaign organizations and others from spoofing in order to limit the avenues for disinformation. Similarly, Security Scorecard offers access to its security rating platform to “nonprofits focused on human rights, social justice, democracy, economic equality, animal welfare and community engagement” through its Project Escher.

Even with the existence of some of these excellent programmes, very often leaders in civil society organizations have difficulty finding them or even knowing that they need such programmes. Visibility is important. Most public organizations have a mission that is not directly related to cybersecurity, so cybersecurity providers have an obligation to make these programmes known.

At the very least, adopting the well-understood language of pro bono services will make these programmes more visible to simple search engine research by cybersecurity novices. Beyond the creation of the services themselves (or the development of a free/low cost option), pro bono cybersecurity doesn’t require significant “sales” efforts, rather just some thought around visibility and outreach.

Ensuring that public-serving organizations know what they need in terms of cybersecurity is a greater challenge. Even in private sector companies, where cybersecurity failures are well publicized and have led to tangible consequences for executives and managers, there is still a lot of confusion around how to mitigate cyber risk.

For nonprofits and other public organizations, there is usually less time, fewer resources and less public information to help guide decision makers. This is where capacity building for the leaders of such organizations is crucial. The World Economic Forum, its Centre for Cybersecurity, and our partners at leading companies and internet rights organizations are working to fill this knowledge gap.

Understanding what organizations need to ensure their cybersecurity, and knowing where to find technology and education are necessary, but only go so far. Unless civil society and advocacy organizations have the internal resources to support their digital infrastructure, they can’t take advantage of such products and services, free or otherwise (and not everything can be free).

Part of the problem here is that donors often fail to set aside funds for infrastructure, preferring instead to directly fund services without understanding how servers, end-points and other technology are vital to ensuring an organization’s mission.

Infrastructure security is a crucial, albeit often neglected part of the mission. Take the example of an organization dedicated to protecting endangered minority groups in a hostile nation. If that organization’s mechanisms of identifying, communicating with and tracking the individuals it works to protect are compromised by cyber attackers, the victims are doubly endangered – first by their oppressors, then again, inadvertently via their “defenders’” lack of security. Likewise, even an organization that is set up to inform and educate can see its entire mission destroyed by a DDoS attack.

This is why donors need to recognize that entities protecting human rights must have the capacity to protect themselves from malicious actors aiming to destabilize institutions or harm the people they serve.

Just as cybersecurity providers are recognizing that their pro bono efforts can help serve a variety of meaningful ends, donors should recognize that digital infrastructure is vital to serving an organization’s mission.

The protection and promotion of human rights is an important responsibility taken on by many dedicated and effective organizations around the world. In the digital age, this means all these organizations have new responsibilities as stewards of people’s data, to ensure the cybersecurity of their own systems against malicious attackers. This means it is incumbent upon all stakeholders – tech, civil society, donors – to share our strengths and resources pro bono – for the public good.

Advertising

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

As Marvel’s first comic book fetches $1.26 million, here are five things to know about the superhero business

Top UN court orders Myanmar to protect Rohingya from genocide

UN rights chief bemoans unilateral sanctions on Venezuela, fearing ‘far-reaching implications’

The Sino-American trade conflict may be resolved soon

What does reimagining our energy system look like?

5G in Russia: a local and global view on the way forward, in association with The European Sting

This app lets you plant trees to fight deforestation

Foreign direct investments the success secrete of Eurozone

Dear Davos: time to declare an emergency opportunity for people and planet

What is ‘South-South cooperation’ and why does it matter?

Viktor Orbán, Hungarian Prime Minister, at a 2015 event in Brussels, Berlaymont. (Copyright: European Union , 2015; Source: EC - Audiovisual Service; Photo: Lieven Creemers)

Hungary and Ireland build front to say no to EU tax harmonisation plan

UN sees progress in fight against tobacco, warns more action needed to help people quit deadly product

Innovative urban financing can make our cities stronger

Europe’s top court hears Intel and sends € 1.06 bn antitrust fine to review

United States: UN chief ‘deeply saddened’ by deadly California wildfires

State aid: Commission approves €200 million Danish loan in support of the Travel Guarantee Fund for travel cancellations due to coronavirus outbreak

Resilience and efficient doctor-patient relationship nowadays

EU Youth Report casts stark light on life for young Europeans

Opening – EP remembers Nelson Mandela and mourns attacks on Roma in Ukraine

This Chinese tech giant’s latest gadget is… a bus

The US Congress and European Parliament vote are TTIP’s 10th round’s lucky cards

CDU-SPD agree the terms for EU’s Banking Union

Human rights breaches in Iran, Egypt and Tanzania

Review on ethics and technological development

Civilians ‘must never be a target,’ says UN in Afghanistan, amid troubling number of casualties during Ramadan

Lockdown is the world’s biggest psychological experiment – and we will pay the price

6 surprising side effects of this year’s global heatwave

Combatting terrorism: EP special committee calls for closer EU cooperation

Fashion’s hot new trend: clothes you don’t need to wash (very often)

EU and Japan agree on free-trade deal and fill the post-TPP void

Economic Outlook: Weak trade and investment threaten long-term growth

Seeing through the mist of myths of Coronavirus

Haitian President at General Assembly calls for essential development aid as UN mission shifts away from peacekeeping

The world’s coastal cities are going under. Here’s how some are fighting back

New UN Syria envoy pledges to work ‘impartially and diligently’ towards peace

Climate change and health: an everyday solution

Libya on verge of civil war, threatening ‘permanent division’, top UN official warns Security Council

5 times people predicted the future and got it really wrong

How revealing the cost of coal makes us all better off

Turning waste into wealth: World Habitat Day focus on cleaning up cities

The digital transformation is a skills and education opportunity for all. Companies must use it

This is the human impact of COVID-19 – and how business can help

Deutsche Bank: the next financial crisis is here and the lenders need €150 billion from taxpayers

Microplastic and nanoplastic pollution threatens our enviroment. How should we respond?

Learn from the margin, not the center: digital innovation with social impact as transformative force bridging digital divide

This is how we can feed the planet while saving the ocean

rescEU assets mobilised to help Greece fight devastating forest fires

UN-based World Summit Award (WSA) presents its master list on digital innovation with impact on society from 24 countries

The Tears of lovely Memories

The Eurogroup+ is born to govern the EU Banking Union

UN chief ‘deeply alarmed’ over military offensive in south-west Syria

TTIP is not dead as of yet, the 15th round of negotiations in New York shouts

We can use plastics to change the world for the better

Reform of road use charges to spur cleaner transport and ensure fairness

Making Europe’s businesses future-ready: A new Industrial Strategy for a globally competitive, green and digital Europe

UN rights experts call on Russia to release Ukrainian film-maker whose life is in ‘imminent danger’

‘Building back better’ – here’s how we can navigate the risks we face after COVID-19

LED lights could stop turtles and birds from drowning in fishing nets

UN chief welcomes establishment of inclusive government in Central African Republic

Largest joint UN humanitarian convoy of the war, reaches remote Syrian settlement

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s