Microsoft and the Hewlett Foundation are chief among a group of “core funders” each pledging up to $5 million to launch the international CyberPeace Institute to assist victims of cyber attacks.
No organization among the initial funders has provided more than one-third of the institute’s total funding with other backers contributing smaller amounts, a spokesperson told The Hill. Facebook is listed as a contributor on the organization’s website. Eighteen organizations, including the Cyber Threat Alliance and a number of security-focused groups worldwide are among the institute’s partners.
The institute not only aims to help hacking victims but also to promote adherence to international rules and norms in cyberspace. Along those lines, last week 27 United Nations-member countries issued a joint statement calling on all states to support greater accountability and stability in cyberspace by sticking to a set of international standards. For example, all agreed that state-sponsored adversaries’ intelligence services engaged in surveillance and attacking military targets is fair game but attacking civilian infrastructure or hobbling a country’s economy is not.
“The escalating attacks we’ve seen in recent years are not just about computers attacking computers – these attacks threaten and often harm the lives and livelihoods of real people, including their ability to access basic services like health care, banking and electricity,” said Tom Burt, Microsoft customer security and trust corporate vice president, in a blog post introducing the institute.
A multi-stakeholder effort is needed to address the threats posed by cybersecurity attacks, Burt said. “Governments, the private sector, civil society and academia must be part of discussing solutions and taking concrete steps to protect people. Badly needed in the fight against cyberattacks is a credible source of research and analysis about the impact of cyberattacks around the globe on world citizens.”
Stéphane Duguin, who heads Europol’s European Internet Referral Unit, will serve as the organization’s chief executive, and Marietje Schaake, Stanford University’s Cyber Policy Center’s international policy director, is its president. Brad Smith, Microsoft’s president, is a member of the institute’s eight-person executive board. The institute will operate independently and will function in three core areas:
- Assistance: Coordinating recovery efforts for the most vulnerable victims of cyberattacks.
- Accountability: Facilitating the collective analysis, research and investigation of cyberattacks.
- Advancement: Promoting responsible behavior in cyberspace and advancing international laws and rules.
Burt said that this group will help fill a gap for victims of cyberattacks. “For years, nongovernmental organizations around the world have provided on-the-ground help and vocal advocacy for victims of wars and natural disasters, and have convened important discussions about protecting the victims they serve,” he wrote. “It’s become clear that victims of attacks originating on the internet deserve similar assistance, and the CyberPeace Institute will do just that.”
As an example of how the institute would respond to a global cyber event, it has posted a fictional case study on its website of a ransomware attack. You can see the document here.
A network of international outfits dedicated to securing the internet and safeguarding users is taking shape. For example, the Cybersecurity Tech Accord includes more than 100 companies whose collective goal is to protect customers worldwide, while the Paris Peace Call for Trust & Security in Cyberspace has signatories from 67 countries, 139 international and civil society organizations, and 358 private companies and entities.