Introduction
Today, digital resilience stands as an unprecedented priority amid escalating cyberattacks on critical infrastructure which pose grave risks to individuals and society. Malicious actors exploit vulnerabilities and wage cyberattacks to disrupt operations, causing economic havoc and the spread of disinformation, ultimately impacting society’s trust in infrastructure and organizations. Despite the prevalence of these events, the prevailing discourse on cyberattacks primarily revolves around high-profile assaults on governments and multinational corporations, obscuring a crucial reality: cyberattacks affect us all. The wide-ranging repercussions of cyberattacks on people and society highlight the importance of prioritizing cybersecurity as a shared responsibility and as global public good, much like global peace, environmental preservation, and elements of global health.
The collective response and collaboration witnessed worldwide in combating COVID-19 point to the need for a similar united front in safeguarding cyberspace. Upholding cyberpeace entails prioritizing human security and rights, necessitating collaborative involvement from various stakeholders, including NGOs, corporations, states, academia, and the media to fortify the digital landscape for the benefit of all.
The CyberPeace Institute understands cyberpeace as a cyberspace where human security, dignity, and equity are ensured. Cyberpeace mandates that people and their rights are at the center of the story, not technology. Therefore each entity and its people have a crucial role to play in upholding cyberpeace and fortifying the digital landscape for the benefit of all.
As no single organization can address all the challenges related to cyberspace, the CyberPeace Institute is using a cooperative model to tackle cyberspace challenges, emphasizing collaboration for peace and stability. Foundational to the Institute’s mandate is connecting resources and acting as a force multiplier through leveraging partnerships and collaborations, and sustaining them over time. This post will explore the different roles each of these stakeholders plays and how we can harness their strengths to protect and ensure digital resilience for all.
Securing the Most Vulnerable: Our Collaborations with NGOs
Addressing the cybersecurity challenges faced by nonprofits, such as limited awareness and resources, by pairing them with corporate volunteers and offering a comprehensive approach to creating a secure digital environment.
Nonprofits, driven by their crucial missions and prioritizing their remit of activity (e.g. environment, education, racial/social justice, etc.), often struggle to protect themselves from malicious cyber activities due to limited awareness, resources, and expertise. Acknowledging this pressing need for support, the CyberPeace Institute pairs up NGOs with corporate volunteers through its CyberPeace Builders program, which supports NGOs in preventing and dealing with cyberattacks. Currently, the program works with over 200 NGOs across the world, pairing them with over 670 volunteers from 45 companies to provide cybersecurity training and guidance.
To create a secure digital environment where organizations can thrive, the Institute is collaborating with other civil society organizations to best integrate respective capabilities. As an example, the Institute has recently become a member of the ShadowServer Alliance, a globally recognized cybersecurity nonprofit organization with a steadfast mission to promote a safer digital space. This strategic partnership aims to strengthen nonprofits by granting them access to vital cybersecurity services. Through joining ‘Nonprofit Cyber’, together with our partner Global Cyber Alliance, we work on developing, sharing, deploying, and increasing the awareness of cybersecurity best practices, tools, standards, and services. The collaborative ‘Nonprofit Cyber Solutions Index’ provided the first comprehensive index of cybersecurity capabilities provided by the NGO community, identifying a large selection of free or low-cost cybersecurity capabilities for those left behind in the current environment.
The Institute also conducts in-depth case studies of cyberattacks that have occurred against NGOs, exploring how such attacks can be mitigated. Through collaborating with the International Civil Society Centre, the CyberPeace Institute has created in-depth reports about how to regain access to a social media account, resist six weeks of sustained phishing attacks, retrieve access to a hacked IT server, deflect a sophisticated brute-force and phishing attack, and a guidance report for professionals at the organization.
Fostering Cyberpeace through Academic Collaboration: Initiatives with Students and Research Partnerships
Collaborating with academia and engaging students in innovative initiatives like the CyberPeace Builders program fosters practical cybersecurity projects to enhance students’ skills while addressing real-world challenges.
Another important stakeholder in building cyberpeace is within the field of academia. The CyberPeace Institute benefits from academics’ expertise in the field of research and knowledge production, developing innovative collaboration initiatives. The CyberPeace Institute successfully concluded the pilot phase of its first Students’ Initiative through the CyberPeace Builders program. Running from February to June 2023, the Initiative offered students a valuable combination of learning opportunities and social impact. The students participated in meaningful cybersecurity activities benefiting Geneva-based nonprofits while enhancing their prospects for a career in cybersecurity. The Initiative adopted a cyberclinic approach, the first in Geneva and Switzerland, providing students from diverse backgrounds with the opportunity to acquire hands-on experience, from awareness training to website vulnerability scanning. Building on this successful experience, in October 2023, the Institute initiated as well a cooperation with students from ETH Zurich who have put together a cyber clinic (Cyber Group) to assist a Swiss NGO that focuses on alleviating poverty.
Since 2023, the Institute has engaged in a partnership with the Geneva Graduate Institute through their “Applied Research Project” (ARP) program for master students. Master students collaborated with colleagues at the CyberPeace Institute on an applied research study aimed at understanding and enhancing engagement levels in digital volunteering programs for positive social impact.
Promoting Cybersecurity Through Think Tank Collaborations: A Strategic Approach to Knowledge Exchange, Network Building, and Transparency Advocacy
Strategic collaborations with various think tanks position the CyberPeace Institute to enhance cybersecurity goals, promote knowledge exchange, and advocate for transparency in addressing cyber threats through data-driven and evidence-based approaches.
Collaboration with various think tanks can support a cooperative platform for knowledge exchange, resource sharing, and coordinated efforts toward achieving cybersecurity goals. Partnering with these institutions encourages the sharing of knowledge and access to a wider network that includes academia, NGOs, and the private sector. The CyberPeace Institute has been collaborating with the Aspen Global Cyber Group by sharing expert advice and contributing to events such as the RSA Conference and Singapore International Cyber Week, and publications including a recent paper on AI. The Institute recently joined the Royal United Services Institute (RUSI) Global Partnerships for Responsible Cyber Behaviour as a partner of the initiative.
Furthermore, the joint report by the Institute and the Hague Centre for Strategic Studies (HCSS) emphasizes the critical role of transparency in addressing cyber threats, advocating for a data-driven and evidence-based approach to fortify cybersecurity. Entitled “Cyber Transparency Value Chain,” the report focuses on building awareness of the necessary steps to build transparency including, leveraging publicly accessible monitors and observatories to broaden understanding of threat actors, cyber incidents’ impact, and accountability efforts. By leveraging expertise, such as through the publishing of specific online monitors and analysis on the cyber threat landscape, both organizations can enhance transparency and accountability in cyberspace. This also reflects a shared ambition to contribute to the stability of cyberspace, demonstrating how partnerships can bridge the gap between cybersecurity and cyber policy.
Sourcing Expertise Through Private Sector Collaboration: The Crucial Role of Corporate Knowledge and Data Partnerships
Corporate partnerships not only provide essential expertise and resources but also recognize the importance of collaborative partnerships in accessing and converting data into actionable insights.
The private sector’s expertise and resources are essential contributions that support cyberpeace, making collaboration with this sector crucial. Within the framework of the CyberPeace Builders program, collaborating with NGOs to provide cybersecurity and support cyberpeace not only benefits both the NGO and the corporation, but also aligns with both the Corporate Social Responsibility goals (CSR) and with the promotion of ESG (environmental, social, and corporate governance). The CyberPeace Institute’s corporate partners not only provide volunteers for the program, but also provide the funding to enable the provision of this support, allowing a wide range of NGOs acting locally, regionally, and internationally to be assisted. Corporate volunteers also support threat analysis by helping the Institute detect and monitor cyber threats, investigate how attacks have unfolded, and identify who is behind the attacks.
As an example of joining forces with the corporate sector, following the negotiations at the UN for a Cybercrime Convention, in 2021 the Institute collaborated with the Cybersecurity TechAccord to publish the ‘Multi-Stakeholder Manifesto.’ This manifesto was supported by over 50 civil society and industry representatives, advocating for the international community to reflect human-centric principles in any cybercrime legislation.
Furthermore, the Cyberpeace Institute recognizes that collaborative partnerships are key to accessing and converting data into actionable insights. Collaboration with companies like BitSight, Kaduu, Prodaft, and others, enables the Institute to enrich its datasets. Such partnerships provide the Institute with access to a diverse range of information, including telemetry data, cybersecurity ratings, and information on specific data breaches or leaks. By integrating these data sources, the Institute gains greater visibility on current and emerging cyber threats, which is crucial for building cyber resilience and implementing countermeasures amongst our beneficiaries.
Protecting Critical Infrastructure: Commitment to State Collaboration and Multi-Stakeholder Initiatives
The CyberPeace Institute has demonstrated a multifaceted commitment to fostering cyberpeace by actively engaging with the international community, various states, and high-level multi-stakeholder initiatives to advance the rules-based order in cyberspace.
Over the past decade, the international community has made clear that the international rules-based order should guide state behavior in cyberspace. States play a crucial role as a significant stakeholder in fostering cyberpeace and the Institute, as an independent and neutral organization, is engaging at the international, regional, national, and local levels to leverage at best respective expertise, experiences, and resources. The Institute has primarily engaged in high-level multi-stakeholder initiatives like the OEWG on security in information and communication technologies. The Institute has submitted several position papers to ensure that negotiations recognize the impact of cyber-related issues on people’s lives, respect human rights, and promote accountability.
Further examples of the importance of state collaboration have been exemplified within the healthcare sector. In October 2021, the Institute, the Ministry of Foreign Affairs of the Czech Republic, and Microsoft partnered togetherto identify critical gaps that need to be addressed to protect the healthcare sector from cyber harm.
The CyberPeace Institute has also partnered with the Hague Humanity Hub, the Dutch Institute for Vulnerability Disclosure, and CSIRT.global in a project to offer free cybersecurity support to over 200 NGOs in The Hague. This project funded by The Hague municipality will help strengthen the cyber ecosystem in the region by building a solid cyber capacity for the vulnerable sector. Moreover, in the UNDERSERVED project funded by the European Union, the CyberPeace Institute embarked on an initiative with distinguished partners to establish a threat reporting and analysis platform targeting NGOs in the EU.
Fostering Digital Security Through Responsible Donorship: The Crucial Role of Donors and Grantmakers in CyberPeace Advocacy
Donors and grantmakers play a vital role in supporting organizations’ secure operations through discussions on digital security threats, strategies, and the incorporation of cybersecurity in grantmaking processes, ultimately contributing to the creation of a more secure digital environment.
Donors and grantmakers play a fundamental role in assisting organizations to conduct their operations securely by initiating discussions with grantees regarding digital security threats and strategies to minimize their impact. Effective and responsible philanthropy requires donors to ensure their beneficiaries can safely carry out their crucial missions, which includes supporting the digital resilience efforts of their beneficiaries. Also, by setting a precedent with the adoption of strong cybersecurity practices, donors can advocate for the importance of digital resilience among their beneficiaries. Some initial digitally responsible grantmaking frameworks have been developed, and the CyberPeace Institute is actively working to further develop this concept.
The CyberPeace Institute views donors as partners to the organization, acting as fundamental stakeholders supporting the Institute and helping to create a more secure digital environment for all stakeholders. Through engaging in responsible donorship, donors act as vital stakeholders, supporting a safe cyberspace. Our Donor Series highlights the importance of cooperation between donors and the Institute, illustrating the importance of promoting cyberpeace at the global scale.
Global Impact: Media Aids in Productive Information Sharing about Cyberpeace
Collaboration with the media allows the community to receive reputable information on cybersecurity and receive updates on cyberpeace efforts.
Collaboration with the media is an integral part of maintaining a robust cybersecurity ecosystem and advancing responsible behavior in cyberspace via awareness-raising and knowledge dissemination. In today’s interconnected world, the media plays a crucial role in serving as a vital channel for the exchange of information.
By collaborating with the media, the CyberPeace Institute can amplify its mission to understand the impact of cyberattacks first and foremost in terms of societal harm: cyberattacks directly affect people and society. As an illustration, since 2022, the CyberPeace Institute has been aggregating data on cyberattacks against critical infrastructure essential for the survival of the civilian population and civilian objects, which are all protected under international humanitarian law during situations of armed conflict through the Cyber Attacks in Times of Conflict Platform #Ukraine. In March 2022, the New York Times, the second-largest newspaper by print circulation in the United States referenced the platform in an article titled, “Volunteer Hackers Converge on Ukraine Conflict With No One in Charge.” More recently, after the release of our CyberPeace Analytical Report in November 2023, titled “NGOs serving Humanity at risk: Cyber Threats affecting ‘International Geneva,” which offered insights into the preparedness of NGOs to address and recover from cyberattacks, Le Temps, a prominent Geneva daily newspaper, published an article titled “Le faible niveau de cybersécurité de la Genève internationale est jugé alarmant.” This collaborative partnership fosters a sense of shared responsibility and collective action. It empowers the community to become better equipped to navigate the ever-changing cyber landscape.
Conclusion: The Power of Multi-Stakeholder Collaboration
Leveraging a diverse array of stakeholders provides significant strengths and perspectives, leading to the creation of a more resilient and comprehensive strategy for addressing cybersecurity challenges. States wield authority to establish laws and invest in critical infrastructure protection, while private companies drive technological innovation and manage essential infrastructure. This sector can develop and implement cybersecurity solutions, fostering threat intelligence exchange to strengthen collective defenses. Academia contributes to research and education, informing policies and practices for both governments and the private sector. NGOs advocate for cybersecurity awareness and human rights protection in cyberspace, evaluating policy implementations, and holding entities accountable.
Ultimately, diverse stakeholders can share expertise and resources, leading to a more comprehensive and coordinated approach to achieving digital resilience. This multi-stakeholder approach has been exemplified in the first edition of the Global Conference on Cyber Capacity Building (GC3B), a forum where all countries and stakeholders could share experiences and shape the future of international development cooperation for a safer digital future and the achievement of the Sustainable Development Goals (SDGs). The event was co-organized by the Global Forum on Cyber Expertise, the World Bank, the CyberPeace Institute, World Economic Forum, and hosted by the Government of Ghana, working to energize an actionable dialogue for an effective, sustainable, and inclusive international cooperation for cyber resilient development, and acting as a key strategic initiative.
Given cybersecurity’s nature as a public good, universal participation in supporting cyberpeace is essential. Encouraging collective efforts remains crucial for keeping everyone safe.