Funding the Organizations That Secure the Internet

Much of our everyday lives, from banking to turning on the lights, would be impossible if the elaborate infrastructure underpinning the Internet were unavailable. However, unlike the electrical grid or financial institutions, there's no single entity responsible for maintaining and securing the Internet.

Instead, that task falls upon a diverse group of organizations and individuals that preserve this public utility with little funding or subsisting on tight budgets. The stakes are incredibly high, but the amount of resources available for keeping this infrastructure secure falls short.

"Everybody thinks it's somebody else's responsibility," says Philip Reitinger, president and CEO of the Global Cyber Alliance. "We agree that cybersecurity requires a whole-of-society effort, but the challenge for us is that there's so little funding available to keep the Internet trustworthy and secure."

Exploring a New Funding Model

In an effort to combat this dilution of responsibility and dearth of financial support, global policymakers and representatives from nonprofits, philanthropy, and fundraising organizations recently launched Common Good Cyber, an initiative aimed at building sustainable funding models to support those that secure the Internet for everyone. These stakeholders also took part in a February workshop in Washington, DC, to discuss the critical role of under-resourced organizations that safeguard the Internet. The workshop emphasized the need for collaboration and alignment in funding efforts to sustain cybersecurity initiatives.

"Key components of the Internet are maintained by volunteers, nonprofits, and NGOs, and others who work with razor-thin budgets and resources," said Kemba Walden, president of Paladin Global Institute and former US acting national cyber director, in her keynote address at the workshop. "Consider this: The underpinnings of our digital infrastructure, the infrastructure that enables civil society to thrive in our economy today and to grow, rest on a network of volunteers, nonprofits, NGOs and others.

The goal of Common Good Cyber is to find new ways to build adequate funding into law and policy, business policies and government, and other funding vehicles sufficient to meet the common need for cybersecurity. Supporting organizations include the Cyber Civil Defense Initiative, the Global Cyber Alliance, the Cyber Threat Alliance, the CyberPeace Institute, the Forum of Incident Response and Security Teams, the Institute for Security and Technology, and the Shadowserver Foundation.

Craig Newmark, philanthropist and founder of Craigslist and the Cyber Civil Defense Initiative, says funding and supporting Internet security projects is a patriotic duty.

"So many people have sacrificed a lot to defend us all. I have been pushing people like the folks at Global Cyber Alliance, the folks at the Aspen cybersecurity group, and people at Consumer Reports," Newmark says, listing three organizations that are part of the Cyber Civil Defense Initiative. "The notion is that we work together — to fight the fight together — to complement what the government does, kind of like what my parents did during World War II, when everyone was expected to play a role."

While governments can do some things very well, there are some areas where the government can’t do the whole job and citizens have to step up, Newmark adds.

"People like me who think of ourselves as genuine patriots, we need to help out the people who are doing the actual work, who are sometimes sacrificing a lot," he says. "In my case, while I'm trying to figure out how to mobilize the whole country, it's time to fund some organizations that are going to be doing the hard, tedious work, figuring out how regular people can protect themselves."

For Newmark, the greatest challenge lies in getting the message out and making people take action.

"The message is the big hard part — working together to protect the country," he said. "We need to protect our water and power supplies and transportation. We need to work together on making those things really happen, and I think that's a big contribution of Common Good Cyber."

Four Action Items to Take

Four actionable ideas came out of the workshop, Reitinger says.

Participants will seek to create joint funding organizations that have the capacity to collect money from multiple organizations and distribute them through a governance mechanism to organizations in need. Funding sources could come from government or private entities, he says, and be modeled after organizations that fight infectious diseases like HIV or malaria.

In line with the joint fund concept, nonprofits could be connected for federated fundraising, "a little like the United Way," Reitinger says. The fund could then be divided among the nonprofit entities, giving each "a little more bang for your buck, and a little bit stronger of an overall message."

Common Good Cyber also wants organizations to work together to build its business case by collecting data on who is doing what to support the Internet's infrastructure. There is a genuine need to understand the size of the sector "and the value that all these organizations provide … I think that's going to be essential," Reitinger says. "The business case to say, this is what this infrastructure does."

The creation of a hub or accelerator to provide resources to the groups securing the Internet was the final piece of the puzzle discussed. "All of these nonprofits that do critical things have to sort of start up from ground zero," Reitinger says. "And there are some resources that they can pull on. But maybe we start to aggregate those so we can help nonprofits do things like fundraising. Everybody wants to use money in the most effective way possible. So let's make that a little easier to do."

Common Good Cyber's next steps include producing a report on the workshop and speaking at this year's RSA Conference in San Francisco and a workshop in Europe in October. The group hopes to have a set of implemented solutions people can rely on in about a year.

"This is a problem that really needs solving, because we're all suffering from inadequate funding for cybersecurity supporting the common good. Cybersecurity really needs to be a fundamental human right," Rettinger says. "It's just a problem that really requires solving, and I hope we can continue to get the focus from government, industry, and nonprofit stakeholders. It's not going to get better on its own. It's going to get worse."