Microsoft, Mastercard and the Hewlett Foundation are funding a new organisation that is planning to help dissidents and other vulnerable groups across the world defend against hackers.
The CyberPeace Institute, headquartered in Geneva, will get started on Thursday with the aim of working with the international community to stop the Internet from becoming “weaponised”, according to an institute statement.
The organisation, which plans to employ as many as 20 staff members in its first year, will work with a network of volunteers and experts in the public sector, academia, and civil society to respond to major cyberattacks that inflict harm on people, such as those that shut down hospitals, cripple businesses or suppress the work of advocacy organisations, said Marietje Schaake, the Institute’s president.
“We read about cyberattacks every day and people frown and worry, but there’s little understanding of the impact on civilians and how in this space the lines blur between states and the private sector,” said Schaake, who formerly served as a member of the European Parliament. “We want to bring more transparency and accountability, and we want to focus on helping civilians who may have experienced harm or become the collateral damage of the cyberattack.”
Microsoft president Brad Smith said cyberattacks can have a “real world impact” on people’s ability to access basic services like health care, banking and electricity.
“We need to bring together people across civil society and the tech sector to share data, best practices and technology to better protect citizens and increase the world’s resiliency against cyberattacks,” he said, in a statement. “The CyberPeace Institute will help do just that.”
‘Responsible behaviour’
The institute will work to influence global policy and international law on cyberattacks and hopes to promote “responsible behaviour” among state and non-state actors, said CEO Stéphane Duguin. The organisation will also publish public reports on specific incidents and may provide technical support to groups that have been identified as victims of a hack.
The Institute’s experts won’t publicly name who is responsible for a particular attack — a process known as attribution — though they plan to release technical details they uncover that may help others track down the hacker’s identity.
“There are many different elements of information that form a puzzle that can lead to attribution. It is very difficult,” Schaake said. Even when there are strong indicators suggesting who was responsible for an attack, “there can be political hesitation or other sensitivities for calling out the perpetrator”, she said.
Microsoft, Mastercard and the Hewlett Foundation are among the institute’s core funders. The organisation has an eight-member executive board and 14-member advisory board, which includes technical and legal experts as well as human rights advocates.
Danny Sriskandarajah, a member of the advisory board and CEO of the UK-based charitable organisation Oxfam GB, said he was concerned about the rising spate of cyberattacks against pro-democracy advocates in parts of Eastern Europe and the Middle East.
“It’s never been easier to organise and mobilise political dissent,” said Sriskandarajah. “The downside is that the online world comes with huge threats for activists. In Oxfam, we are really conscious of making sure our own systems are as secure as they can be, but we are even more worried about smaller NGOs and protesters and dissidents who need to have the right to speak out. They are being targeted very clearly by malevolent forces.”
Eli Sugarman, a member of the institute’s executive board and programme officer for the Hewlett Foundation’s Cyber Initiative, said his foundation was supporting the initiative because it “tackles three separate but connected pieces of this challenge”.
“First, it analyses and investigates harmful attacks, helping to draw attention to them and hold those responsible to account,” he said. “Second, it promotes international norms of behaviour that help protect civilians and delegitimise cyberattacks against them. And third, it will help victims of these destructive attacks recover and stay safe moving forward.” — Reported by Ryan Gallagher and Alyza Sebenius, (c) 2019 Bloomberg LP
