good afternoon good morning or goodevening depending on where you arejoining us from in the world today thankyou so much for coming to celebrate thesecond anniversary of cyber civildefense an all of society approachstarted by Craig new Mark philanthropiesmeant to give Americans and peopleeverywhere the tools and services theyneed to be safe in a connected world myname is Katie Brooks and I’m director ofglobal cyber policy here at Aspendigital we alongside several dozen cybersecurity nonprofit organizations areworking to create a safer digital futureunder the banner of cyber civil defensethe vision for this initiative and theCoalition that supports it is driven byCraig Newark founder of Craigslist andCraig Newarkphilanthropies Craig’s idea for cybercivil defense is simple it’s thateveryone has a role to play in securingour nation from cyber attacks whetherthat’s securing your own home routerteaching your family and others aboutcyber security best practices testingout new new low and no cost cybersecurity tools holding companies to asecure by design standards standard orpursuing cyber security as a careerthere are many ways to get involved incyber civil defense since its launchcyber civil defense has become more thanjust an idea it’s actually a wholecommunity and it’s a coalition but onething that I want to highlight is thatit’s a huge and a very real commitmentnot just by the organizations that are apart of it but by Craig himself to dateCraig has committed a hundred million doto these causes and has been a vocalsupporter encouraging others to do thesame who have theability because of Craig’s support we’veseen everything from more cyber securitycurricul curriculum development for K12students to important research on cybersecurity Workforce Development to betterteacher and School District support forcyber security programming to real-timecyber assistance and much much morewe’re thrilled that Craig can join us toprovide remarks at the end of ourprogram today to share a bit more aboutthis effort in his ownwords a bit about today’s program sincewe only have an hour and the Cyber civildefense effort covers many differentcomponents we’re going to focus today onCyber tools and services so these arethe low and noost offerings to peopleand to organizations that need it themost particularly those that otherwisewould not have access to cyber securityassistance monitoring tools or thosethat might not have the expertise inhouse to even know where to start duringour hour together we’ll hear a keynotefrom Stacy higen bottom about the stateof consumer attitudes about these cybersecurity tools services and bestpractices and then we’ll turn to a panelof leaders who do quite a bit of work inthe tools and services part of cybercivil defense they’ll share informationabout what makes their unique approacheswork and how they fill an important GapGap or a need for the communities thatthey serve finally we’ll close withremarks from Craig himself as Imentioned where he’ll reflect on thiseffort and what the future holds quicklythough a bit of housekeeping please feelfree to use the audience Q&A feature tosubmit questions for any of our speakersthroughout the program today we’llProctor those out at the end uh end ofthe excuse me end of the panel uh timeallowing and then again at the end ofthe program of course if you’d like tojoin the conversation on social media wewelcome you to tag us at Aspen digitalor to use the hashtag cyber civildefense so without further Ado let’sDive Right In over the past two years asa part of cyber civil defense ConsumerReports the global cyber Alliance andAspen digital have co-produced an annualreport called the Cyber Readiness reviewthis report tracks Americans attitudesabout cyber security and the data usedand analyzed in these reports is fromrepresentative surveys of the USpopulation conducted by Consumer Reportsyearly joining us to cover some of thesefindings and more is Stacy higen bottomStacy has been writing about technologyfor over 20 years in major Publicationssuch as Fortune PC bag and More in 2015Stacy founded the Internet of Thingspodcast and she regularly writes aboutthe latest iot news and the latest inconsumer iotdevices um she most recently is workingvery closely with consumer reports andtoday she’ll be sharing a bit more aboutthe trends and observations she sees inthis space Stacey thank you so much forjoining us over toyou awesome thank you so much Katie asshe told you I am Stacy Hig balam I’m apolicy fellow from consumer reports anda former technology reporter so for myentire career I have spent time parsingthe difference between the tools andservices that technologists are buildingand how consumers view those tools andservicesand I can tell you today that while wehave a desperate need to focus onimproving the overall quality ofconsumer cyber security the partiesinvolved are talking about two verydifferent things and so when I thinkabout this I think about that silly bookfrom the 90s and it’s cyber SecurityExperts Are from Mars and consumers Arefrom Venus and for our cyber civildefense it’s actually really importantthat we get this this right the attackservice has never been greater us homesand Broadband us homes with Broadbandhad 17 connected devices as of September20123 according to Parks Associates thatincludes your tablets your printerscomputers your car your phones yourAlexa devices and connected lighting andas more and more consumer data iscollected and stored by businesses it isincreasingly targeted by attackers thismonth the 2024 Horizon data breachreport told us that it now sorry that wenow have triple the vulnerabilities thatare being exploited from the prior yearand it takes about 55 days to remediate50% of those critical vulnerabilities sowhat we have right now is more devicesmore data in the cloud more attacks andit takes longer to fixthem so this is a big deal and we needto be talking and working at the samelevel so when I say cyber SecurityExperts Are from Mars what I’m thinkingis they are focused on preventingattacks their concern is locking downinfrastructure so hackers can’t shutdown municipal water plants or insertransomware into a hospital chain thatgrounds those operations to a halt andwhen it comes to Consumer devices theyworry about things like insecure SmartHome Products or ransomware getting onPCS that can be part of a botn net thatcould be used to take down criticalinfrastructure so cyber Security Expertsthey want to preventaccess but what we’ve learned throughour research at Consumer Reports isconsumers don’t think about cybersecurity that way they think about itsimply as security as feeling safe andthey think mostly about their data whichis stored on millions of computers andthe cloud or on Smart Home devices andthey want to know that no one can usetheir their smart home devices to spy onthem or infiltrate their homenetwork consumers want to protect theirdata andure they care about the bigpicture that the Cyber Security Expertsare trying to prevent but to getconsumers to takeaction we have to make it easy for themand we have to give them a reason towant to do it and that reason isincreasingly related to protecting theirdata and theirprivacy and because from a consumer’sfirst itive cyber security ishard you often have to force them to doitso to get consumers to beef up securitytechnologists and government actionneeds to focus on making it as easy aspossible and giving consumers a winwhere they want it around their dataprotection and privacy so a really greatexample of success can be seen in theconsumer adoption of passwords and thisis data from our cyber Readiness reportthat we produced with all of theseorganizations back in October butbasically consumers are adoptingpasswords at an excellent rate andthey’re doing this for a coupledifferent reasons mostly becausemanufacturers have started forcingconsumers to change their passwords weall remember because it comes up inevery one of these discussions back in2016 with the Mari botnet when thatshown a light on poor cyber securitypractices on equipment that wasubiquitous in homes and small businessesthese devices had default passwords andthus were easy to access and then thosedevices were used in a botn net attackthat took down websites and criticalinfrastructure so to protect againstthat we saw a big push for passwordadoption in forcing password changes andthat has ultimately been reallysuccessful according to our our datafromthat cyber Readiness report we’ve seenthat 87% of consumers have changed thedefault password on their routerprobably because it’s forced 83% ofconsumers password protect access totheir phone using some kind of pin orbiometric and that’s also because it hasbecome increasingly easy for them to dothat a little more than 34s of consumersso that’s 76% of us are using multiactorauthentication we may not want to but alot of device companies and services areforcing it in 67% of us are usingdifferent passwords across each of ourservices this is an incredible win andit has come because consumers or becausemanufacturers and governments haverealized that to talk to Consumers theyneeded to make it easy and I would sayunavoidable so forcing the change makingit easyby helping push things like passwordservices and you’ll see with multiactorauthentication data that consumersincreasingly choose the easiest way todo it and so we see with multiactorauthentication 82% of consumers chooseSMS texting or some sort oftext-based uh adoption and they do thatbecause they’ve got their phone rightthere where they’re trying to log in uh50% will use the multiactorauthentication app which kudos toeverybody else and then usage drops offincredibly after that 26% will do averifying phone call and only 6% willuse a physical security key so the keythat we’ve learned from both passwordadoption and the way that consumerschoose their multiactor authenticationis that forcing it understanding thatconsumers want to protect their data anddrawing a clear line between that dataprotection and a good password hashelped and as a win for the CyberSecurity Experts we actually preventingaccess tosystems that will help prevent botnetsso I think we can learn a lot of this aswe talk about anotherupcoming program from the governmentthat’s aimed at boosting overallconsumer cyber security and that is theUS cyber trust Mark program this is aprogram that was launched last year bythe FCC and the idea is that smart homedevices will get a label that says thatsays that this device has gone throughsome sort of certification program tomake it secure and it will be easy forconsumers because consumers just have tolook for the label now where I think wecould take some of the lessons welearned from password adoption is weneed to make sure that this program isnot just talking to the Cyber SecurityExperts and preventing access and doingthose cyber security elements but it isalso giving consumers a win and by thatI mean helping them protect their dataand privacyso we did some research around whatconsumers want hereand with the Cyber trust Mark programtoday as it stands it requires to obtainthe mark companies have have to do aboutfive cyber security things and they haveto disclose how they handle passwordsthey have to tell consumers how tosecurely configure the device they haveto disclose the update strategy and giveconsumers a support time frame thatthose updates will be given to them sohow long that their device will actuallystay secure in their home and then theythey need to let consumers know if ithas a list of Hardware or software usedin the device like an sbom or an hbombnow most consumers probably won’t gothat in depth but what I think would adda lot of value to this program thoseprior elements help prevent access andkeep a device secure which is a totalwin from the Cyber Security Expertsperspective from the consumerperspective I think it’s a little hardersell unless we start talking aboutprotecting their data which is somethingthey care deeply about we did researchwith consumers about this program and67% of consumer consumers that weinterviewed about cyber labelsnamed understanding who has access totheir data as the top priority that wasfollowed by the length of time that thedevice will get security support so yayso I think what we can take away fromthisis that as we’re building out thisprogram and any other cyber securityprogram designed to appeal to Consumersand get them to adopt things that weneed to focus on giving them ease ofimplementation and something that helpsthem draw clear line betweenimplementing the program and protectingtheir data which is actually whatconsumers really want thank you back toyou excellent thanks Stacy and I lovethe case that you made about makingsecurity easy for consumers and actuallymaking it a default wherever possibleit’s really the perfect segue into ourpanel um and I’m sure our panelists willbe excited to touch on on this theme aswell uh I’ll now hand it over to NicoleTisdale senior adviser to Aspen digitalcyber security program to introduce andto moderate the panel Nicole over to youthanks so much Katie so I’m Nicoletisdel I’m the senior advisor to theCyber programs at Aspen digital and justas a single P pigeon can’t carry theload alone our Collective efforts forthe Cyber civil defense network ensurethat we all fly safely together withthat in mind we’re going to hear fromour distinguished panelists who areleading these collaborative efforts itto work to enhance our cyber security sofirst up we have an Cleveland who trulywears who truly has figured out how tokill two birds with one stone by wearingtwo hats um at the Berkeley Center forlong-term cyber security and theConsortium of cyber civil clinics andkick us off and tell us a little bitabout the significant impact that youhave been able to deploy with theConsortium of the Cyber civilclinics thanks Nicole and thanks so muchAspen digital for hosting I’m loving thebird puns already um my name is anCleveland I am the executive director ofthe center for long-term cyber securityat UC Berkeley and also the co-chair andco-founder of the Consortium of cybersecurity clinics um so Nicole thanks forthe question and I’ll go back to Stacy’scomments talking about you know it takes55 days I think you said on average toremediate a vulnerability and that’sreally for organizations that have uhcyber security department or it supportor some professionals in thatorganization who are thinking aboutcyber security all the time but imagineall of the millions of small businessessmall nonprofits in our communitiesmaybe your local food bank smallcritical infrastructure providersincluding maybe your small towns localgovernment that don’t have an IT personor a cyber security person um sodefinitely not the ability to remediatethose vulnerabilities and often haven’teven taken the first step on their cybersecurity maturity Journey because it’sintimidating so that is whereuniversity-based cyber security clinicscome in um people are really familiarwith this model from schools of Law andschools of medicine so you know think ofa clinic in a law school that providespro bono legal defense to clients whocan’t afford representation a cybersecurity Clinic is that model um justapplied straight to cyber security soour students and um there are soon goingto be over 30 cyber security clinicsNationwide so students in several dozenstate are taking a class and providingcyber security services and assistanceto organizations in their communitiesthat otherwise wouldn’t have access tothese Services um it’s a win-win Iforget what you said about flying withtwo flocks or something like that butyes it’s a win-win um because thesecritical organizations in ourcommunities get cyber security servicesand then our students get that handsonlearning which helps prepare them betterfor the workforce puts um a real worldexperience on their resumés and teachesthem about cyber security for defendingcritical public infrastructure andCommunity organizationsum so we think this is a really excitingmodel um and as I said we now have anationwide consor of cyber securityclinics that is even expandinginternationally um thanks in large partto Craig support um and our goal is tohave at least one University College orCommunity Based Community College basedcyber security Clinic um in every statein the country and the District ofColumbia by2030 great well thank you and I will sayum as someone who in law school servedin a legal clinic that was some of themost rewarding Community work that I’vedone and so not only are you providingaccess and tools to the nonprofits thatare using your services today you aremaking lifelong Learners and Communityact uh Community servants from thestudents so we really like the work thatyou all are doing at the Consortium ofclinics and so we’re talking aboutremediating vulnerability so I feel likethat is the perfect set way to turn itover to Todd who is the alliancedirector at the shadow server foundationso Todd talk to us a little bit aboutthe shadowiness that is the shadowserver Foundation what are the primarytools and services that the shadowserver Foundation currently provides andhow are we adapting these tools tocurrent cyber threats right thanksNicole it’s it’s great to be here andthanks to Aspen for hosting um this agreat event so uh yes as Nicole said myname is Todd Eberly I’m the alliancedirector at the shadow server foundationand we are a nonprofit organization witha very simple Mission and that is tomake the internet safer and more securefor everyone as we all know security canbe very costly uh so we aim to try tohelp those regardless of of ability topay for for network security and forInternet Security so we are the world’slargest provider of free uh qualitycyber threat intelligence so we use thisand and give this intelligence away forfree to help Network owners uh secureand protect their Network so how we dothat um we operate and staff a datacenter in California and we we collectcyber threat data at scale so thinkmassive uh quantities massive amounts ofdata and we collect this data through avariety of technical means from malwarecollection and analysis to scanning theinternet 150 times a day and and andother other ways as well um and then weshare out this information this data forfree every day with Network owners whosign up who subscribe to receive our ourdaily reports and these reports willtell Network owners um what we see froman external vantage point about theirnetworks and so therefore we’reproviding them with with their whattheir attack surface looks like uh to acyber Criminal and so we can point outto Network owners where we see exposeddevices um unnecessarily exposed to theinternet or misconfigured devicesvulnerabilities vulnerable devices uhcompromised parts of of the networksthat need patched or or cleaned up uhand so we serve about 8,000 Networkowners around the world um and this issmall small networks with single IPaddresses or a single domain to largenetworks uh run by internet serviceproviders and and governments um weservice every type of organization fromlocal state and federal governments umuh K through 12 school districts up touniversities nonprofitorganizations um critical infrastructurehospitals we also provide that dataevery day to National Sears in uh 175countries so National searchs designateduh to be responsible for the networks ofthat particular country so in the UnitedStates for example every day we provideour data to siza the cyber security andinfrastructure Security Agency uh whichinvolves hundreds of millions of eventsthat we’re seeing every day um we alsoprovide free assistance to lawenforcement and this is a a benefit tothe public because it means lawenforcement agencies don’t have to spendtaxpayer money um uh on technicalassistance that they need for theirinvestigations and so earlier justactually a few minutes ago uh it wasannounced that uh Department of Justicethat shadow server was part of aninvestigation uh to take down one of theworld’s largest uh largest spot Nets uhwith with the in support of the FBI dojand other partners um and so how we’readapting to these uh new threatsbasically adapting to these the newCyber threats is really at the heart ofwhat we do because when a new threatsand new software vulnerabilities areidentified uh within about a day or sowe can react very quickly uh we can SCcreate scan signatures to look for theseuh instances of of new threats and newvulnerabilities and we it allows us tohelp track these emerging threats makethe public better aware of it and makesubscribers aware of whether theirnetworks are are at risk for thatparticularvulnerability great well thank you somuch for explaining that Tai I I willsay to to understand exactly how muchthreat information you are providing thescans that you are doing congratulationson your work also congratulations on theannouncement from doj um I will say it’sa perfect transition so we talked abouthow we’re getting students involved onthe tools and services we are nowtalking about what you all are doing howyour partnering how Shadow server ispartnering with law enforcement but alsocommunities critical infrastructuresowners and operators big to small and soI want to turn it over to Francesca whois the chief strategy Chief strategy andpartner sh officer at Cyber peaceInstitute to talk to us a little bitabout what is the role that cyber peacehas in tools and services as part of thecollective especially as it as you allwork on initiatives to enhance thedigital safety and protect vulnerablecommunitiesFranchesca thank you so much Nicole andthanks Aspen for this great opportunityas mentioned I’m Franchesco bco Chiefstrategy officer at The cyberp Instituteum so I I think that no profits is smallorganizations have been mentioned beforefor example by by an and um it’s keybecause they are what we callunderresourced organizations but theyare also critical actors in our societyspecifically nonprofits um play acentral role in providing reliefessential Services I think about forexample uh Healthcare food water andalso protecting the human rights of overone billion uh vulnerable individuals umacross the globe um however I meanthere’s there’s a particularvulnerability because as nonprofitscollect and retain beneficiary data uhfor example they receive donor fundsthrough digital channels or for exampleum they manage um key operations viainternet connected systems theirvulnerability to cyber attacks hasincreased in the past years and this isdue to the fact that no profits comeacross as a sort of like cyber poor butTarget reach to cyber Criminaland while cyber security we heard alsofrom the previous speakers is a is a isa problem for all sectors of oursocieties for all Industries it hasbecome a particular challenge fornonprofits so we develop the Cyber peaceBuilders program which is aninternational network of corporate cybersecurity volunteers who help no profitsdefending themselves in cyberspace itprovides um I would say both asustainable but also scalable solutionto bring cyber expertise to nonprofitamidst the Global Talentshortage that was already addressed andI mean just to give some some some somequick pointers we’re currently uhsupporting 283 nonprofits with more than100 800 volunteers from companies aroundthe world um I think that there are alsotwo other um tools and services that Iwould like to mention so thanks to thisprogram we also start started seeing thefree the increasing frequency andsophistication of cyber attacks andnonprofits often being I would say kindof like virtually blind to what goes onin their Network as many otherorganizations So within the Builderframework we launched two specificServices very recently to help thembetter protect themselves um for examplewe partner with with Cloud flare toblock uh fishing attempts and as at TheInstitute basically we get a view on theongoing campaigns we are also able toalert um the the community into time andum uh for example another example oflike a collaboration with uh cybersecurity feits providers like forexample indicators of compromise um I’mthinking uh um for example withMicrosoft with bitsight um and and andsimilar entities We Gather all the datathat they have about nonprofits wesupport in one place so we we are ableto alert the nonprofits whenever theyhave for example their credential leakedor um a vulnerability on a web page andso on and so forth the difference justwith let’s say with the with thealerting is that um other than beingfree for the nonprofit We are also ableto use the volunteers mentioned in thecyberp builders program to help thenonprofit in order to address thesituation so not just to know about itand often they feel help l so weactually provide the human resources todo it and and and lastly um we are alsoleveraging um AI for a variety ofpurposes but specifically to improveboth the matchmaking processes and driveup basically the volunteer engagementultimately increasing cyber security fornon profits but also for example to totrain nonprofits on um for example Imean recently we we helped with the helpof AI um we are training on profits onhow to negotiate ransoms so just to givesome some some quick ideas on on howbasically um to make a difference whenit comes to to supporting the nonprofitsworld thank you that’s really good interms of explaining exactly what what itis that you all do I’m very thankfulthat we all have that we have you all aspart of the collective especially whenwe talk about organizations that are toto the quote of being cyber poor butalso Target rich I think there has to bean acknowledgement and a focus thatbased off some of the mission workespecially as it relates to Human Rightsand protecting the rights globally thereare some organizations that are going tobe targeted because of their missionsand so we’re very appreciative that youall are doing that work okay I’m goingto transition us to field because thisis the perfect time to talk to Philwho’s the president and C CEO of theglobal cyber Alliance because we have alot of tools we have a lot of servicesand I want you feel to discuss some ofthe latest advancements for tools andservices that are provided by the globalcyber Alliance and how you’re usingthese tools and collecting these toolsso that we can make sure that thecommunities that need the most haveaccess to them sure Nicole thanks verymuch and uh it’s good to see you againand the whole team because we as a partof Craigs Network we partner with Ithink everybody who’s on this call um Iguess I’d like to start with what Stacysaid about you know the Men Are fromMars Women Are from Venus experiencewhich I think is a really good analogyI’ll just pick a different probably 90srelated book analogy for those of youwho parents you might remember no Davidright and so uh no David is a book thatum involves it’s for kids the parentsalways telling no David don’t do thisand we we often in cyber security to goback to again to what Stacy was talkingabout you know are in that position umyou know no David don’t reuse yourpassword no David don’t inst connectthat unupdated computer to the networkand in point of fact that’s just notusable for the audiences we’ve got youknow I’ve heard Nicole you talk aboutthis a lot we’ve got to meet peoplewhere they are right we’ve got to givethem advice that they can actually useand so that’s the impetus behind thethings that the global cyber Alliancetries to do uh cyber civil defense isall about really ensuring we have awhole of society e and our goal is tomake sure that all of those pieces havetools and services to protect themselvesand so the primary effort I would callout in that areas our uh our cyber securtoolkits so we have a set of five cybersecurity toolkits for small businessesindividuals elections officials missionsbased organizations and journalists thatare really designed to help people usinglanguage and capabilities that meet themwhere they are to protect their ownbasic cyber security so instead ofsaying you need to you know you need touse the second Factor you actually givethem not just the description about whatthey need to do but a tool or a serviceor information that will enable them todo it so it’s more like uh a cookbookwith the kitchen than it is a generalset of guidelines and we’ve workedreally hard on that we’re up to aboutabout we’re getting near 2 million usesof those toolkits and in terms of aroundthe world the cyber security toolkit forsmall business is now available in sixlanguages English French Spanish Germanbahas which is the national language ofIndonesia and now um Portuguese as wellum in terms of making tools available toeveryone in building the community thatwill make those tools available we acouple years ago launched the firstcyber security tools Wiki um which is atact. Global cyber alliance.org which nowcontains 2500 tools um that are designedto help people do the specific thingsthey need to do um and are specificallydesigned to reach people in vulnerablecommunities so what are the tools thatare needed by nonprofits what are thetools that are needed by parents andfamilies and deliver them in a languagethat’s usable to them the other thingI’d say about that actionable cybersecurity tools Wiki is it’s all done onan open content license so anybody isfree to take the stuff that we’ve doneand assembled and use it in puttingtogether their own Services because thisabsolutely is a broad Community effortthat requires everybody to be involvedhappy to talk about other stuff we dobut that’s a you know a core piece isactually reaching people where they areand giving them exactly what they needto get the jobdone thanks pH I love that I I love thework that you all are doing to make surethis information is not only free butaccessible um especially the we knowthat a lot of the Cyber terms don’ttranslate very easily and the conceptsare also new to people so huge shout outto you and your team for always makingsure that the language is accessible thejargon is accessible but also speakingto the communities based on the jargonand the the language that they know sowe really appreciate that I like it acookbook with a kitchen I think I mightactually use that um and so okay I’mcognizant of time and we’re getting alot of audience questions but I do didwant to kind of circle back withpanelists because we’re we’re talking alot about what you all do in yourorganizations as individuals but I wantus to talk about how we do this worktogether as a collective and so Ann I’llgo back to you first and let’s talkabout what the the the Cyber civildefensenetwork does in terms of helping withthe Consortium of cyber clinics can youshare an example of how thiscollaboration has advanced your missionand improved thecommunity yeah thanks Nicole and Craigalways says brevity is the soul of witso I will be quick um I mean in short werely on every single organizationrepresented in this panel including youfolks at Aspen digital Nicole um tocomplement and amplify by our work everyday so just one example with the Cyberpeace Builders our students go on towork in their professional volunteerprogram and together we’re trying topatch together a network of cybervolunteers that will meet everybody youknow where they need it and how theyneed it um Global cyber Alliance is akey Ally in the Consortium helpingexpand clinics internationally andproviding tools to the kinds of clientswe serve um but as Katie said at thebeginning it’s a community um and theCoalition that Craig Newarkphilanthropies has built has a few dozenorganizations but there’s really agrowing movement of cyber civilDefenders from all walks of lifegovernment Academia industry civilsociety and I’ll give a quick plugthere’s a link in the chat if you areinterested in getting more involved incyber civil defense there’s a cybercivil defense Summit that we are hostingin Washington DC on June 14th and wewould love to have you joinus thanks an and you’re right Craigloves when we’re very brief and SCE so Iappreciate that um I will say I thinkwhat you’re highlighting is thecollective of the people who are a partof our panel today and a part of ourwebinar but also this is a group of morethan 40 organizations so thank you alsofor reminding folks that there our flockis very big and very diverse so I wantto turn to youI don’t know if we’re going to be able Idon’t know if you’re going to be able totalk to us about anything that you’recurrently working on with Partners inour network but I’ll ask you to LookBackwards as you look forward can youshare a specific instance where acollaboration with some with anotherorganization within the network hashelped to successfully mitigate cybercyber threats or a specific cyber threatyeah sure so I I think it’s important toknow that that this cyber civil DefenseInitiative has really created this thisnetwork network where where like-mindednonprofit and volunteer organizationscan can come together um all with acommon mission to improve InternetSecurity um for the public good um andand to be able to collaborate on to toaddress issues um in this space and andthat’s important because our respectiveorganizations are really not nearly aseffective when we’re working alone andwe’re working in our own silos so um andand the reason for that is each of ourorganizations have its own Specialtiesits own its own skills um and and toolsand services that we bring to the tableand it’s only through this collaborativeeffort um really brought together Ithink by by the Cyber Civil DefenseInitiative that this network has been uhcreated to allow us to come together ina collaborative way and and really workmost effectively to achieve success inthis space so I think there are lots ofexamples but just a couple I’ll I’llmention is uh I think here for uh withthe uh Center for so one of the issuesthat we have is we have greatinformation and great data to share atShadow server but we don’t have enoughbandwidth in terms of the people on theground to work directly with those whowho might use our data so that’s wherethe center for long-term cyber securitycomes in with its clinics uh the cyberInstitute uh comes into play with theCyber peace Builders uh so boots on theground Personnel who are able to workdirect directly with differentorganizations such as the nonprofitorganizations that that Franchescamentioned um uh who can work directlywith those individuals um and use Shadowserver data and and the tools from theglobal cyber Alliance um and and otherum tools and services from otherorganizationsand and I think it really shows that youknow we’re each filling a gap here anduh and and so we all really need to relyon on each other to be most effectiveand so I I can point to that that veryexample where we’re partnering with theCyber peace Institute um uh to wheretheir their cyber peace Builders areusing our uh Shadow server data to umhelp um nonprofit organizations sort ofassess their network security issues umand prioritize what needs uh fixed or umuh and and um uh patched on theirNetwork so I think that’s a that that’sa good example we also work with globalcyber Alliance on on other projects likethe common uh common good cyberinitiative to help funding theseorganizations um uh Honeypot sensorproject that we’ve done together so Ithink um you know the opportunities arereally endless and I think this we’rereally at at the beginning of of the thegreat possibilities that can be achievedhere yeah I think that’s so great to I Ilove that you I love that you all areproviding or and collecting the threatinformation and using the network tomake sure that the threat informationgets to the people who need to be warnedbut also need to respond to it and so asI turn it over to Franchesca I feel likethis is going to be very hard for youFranchesca because an has talked abouthow students are joining the peaceBuilders volunteer network and Toddtalked about how they’re sharinginformation with you all to also makesure that folks that are within thevolunteer network have information so Iwant to say you have to come up withanother example Franchesca or you canelaborate if it’s a little bit easierbut I would love to know about aspecific success success story that theccdn partnership has you has had thathelped you have a significant differencein preventing and mitigating cyberthreats okay so let me give you stilllet’s say one example of someone that ishere in the panel it’s a b because Icould have elaborated more on on onShadow server and the uh and cltcbecause they are amazing Partners um butum again let’s say inspired by thegravity on one hand but also by thecomplementarity um another great exampleand Phil mentioned it before so we arecollaborating with the global cyberAlliance um for example to train over300,000 micro small and mediumEnterprises and socialEnterprises um in in the abak region andso we were s for example I mean how wecomplement each other is that weresearch a cyber threat landscape in 12countries in the region whilst the GCAis training a set of trainers so thecollaboration is really unique becauseagain we’re building on let’s say eachother’s strengths so our research helpedthem tailoring the training manualbringing us to more tangible impact Imean I know the shadow server wasmentioned but again very muchcomplimentarity in the sense that umthanks to uh basically detectingmachines evolved in malicious traffic wecan basically through the buildersactively support the Civil Societyorganization and we then obviously weare connecting the student volunteeringinitiative with our expert volunteeringinitiative let me just say one superquick thing um we we’ve also seen thecollateral effect meaning growing thenetwork into a movement with a sort oflike virtual spillover effectpractically speaking thanks to thenetwork we’ve done a lot of work withcesa for example in the US supportingtheir work on high-risk communities andbringing our volunteering model acrossthe country um or for example togetherwith uh with net hope we’ launched theglobal humanitarian Isaac and thanks tothis we’ve been recently uh startingworking with NGO Isaac as wellspecifically to support the Democracynonprofits so all these Partnerships areare really made possible thanks to theCyber Civil Defense Initiative so thanksalot yeah of course all right Phil so Ihave a question for you um similar toFranchesca you can also elaborate alittle bit on the work that shementioned I will say I love that you allare working together on the train thetrain models I think that is how wescale information and how we make surethat communities who may nottraditionally be a part of some of ourcyber networks have the information thatthey need so I’m a fan of train thetrainer that in the partnership that youall have with cyber peace Institute butPhil I wanted to ask if there’s anyother programs or specific achievementsthat have resulted in the collaborationwith other organizations outside of theCyber civil defense network and if youwant to go beyond the panelist you canum just make sure you give us a littlebit of information if you’re bringing ina new or that’s a part of ourNetwork so thanks Nicole I just I couldgo on at nauseum about the ways we allwork together you know it’sum uh Secretary of State Clinton was youknow fous for saying it famous forsaying it takes a village right cybersecurity just does take a village and umI think Craig’s perhaps greatest effectis helping to build that Global Villageto help to bring together all of thesedifferent organizations which westarting to work together already buthave continued to grow even more closelywith the support and you know to befrank um rather direct advice that hewants us to work together you know it’sCommunity has always been a part of hismessage and so that’s been superimportant I mean I could go on with whatwe’ve done with Aspen um what we’ve donewith consumer reports and you alreadyheard from um Shadows server and theCyber peace Institute and an at um theConsortium about all the differentpieces that we do I’ll call out just acouple of quick ones um one is that youknow while it’s uh most of theorganizations here and about 35 otherorganizations significantly inspired bywhat Craig was doing and what civilcyber defense was formed an organizationcalled nonprofit cyber um which isorganization is too strong it’s reallyjust it’s a coalition of nonprofits allof whom work in this space that areworking to more align what they do sothey can collaborate more effectivelythe other thing I’d mention um Toddmentioned briefly which is common goodcyber you know Craig’s given a hundredmillion um to this effort but you knowthat’s a lot more people need to givethat level of resourcing and so um anumber of nonprofits have groupedtogether to try and drive greater uhresourcing for that broad Communityagain including pretty much all of theorganizations here um and what peoplemay not know and that’s if people wantto know more about that effort it’s acommon good cyber.org but if people wantto know more about that effort to drivefunding models that will enable cyberCil defense to endure in the long termwhat they may not know is common goodcyber was actually developed out ofcyber civil defense because the ideafirst came up at a meeting we hosted inback in2022 on Cyber civil defense in Brusselsto talk to European organizations aboutit so you know I’m happy to go intodifferent examples I will just say thatyou know we are all partners and youknow IU an and Stacy and Todd and you umand Katie and Francesca we’re part of aglobal Enterprise right it’s not GCA andShadow server it’s the organizationsthat are working on Cyber civil defenseand Craig’s made thatpossible agree 100% and having a a funerlike Craig kind of step in and do thework and provide the resources thatorganizations need are a perfect segueto one of our audience questions I wantto so the audience question um is framedaround our conversation where we keeptalking about the work that we’re alldoing is part of an all of society orwhole of society um effect and so thequestion is what would we like to seemore from industry and government tohelp support the Cyber civil defensenetwork and I think keeping it along thetheme of our webinar let’s try to answerthat in terms of what other resourcescould be helpful so that we can makesure that tools and services are beingprovided to the communities mostvulnerable and you’re close to this workon the ground I don’t want to put you onthe spot but if you have a a responsemaybe you can respond and if anyoneelse sure I mean you’ve probably allheard this before but Time treasure andtalent are all greatly needed andgreatly welcome I’ll keep it to thatbecause I know we’re close totime thank you so much an um I will saythe other question that we got from theaudience again I think we have some ofour government partners and some of ourindustry Partners who’ve joined us todaywhich we really appreciate and so I alsowant to just leave that question open tomaybe one more person who can be almostas brief as anwas um if I may quickly quickly andcoming with the Civil Society head umcodesign solutions for example both withgovernment and with the private sectorPartners so it’s great to consult with alot of the people that are here on thecall but let’s co-design Solutionstogether that are really meaningful andimpactful for basically the mostvulnerable thanks Franchesca I reallyappreciate that and with that I’m goingto close us out because not only doesCraig like brevity he likes succinctanswers and so I want to thank all ofour panelists for their invaluablecontributions to the to our conversationtoday I’m going to use one more bir punand say it’s clear that the Cyber civildefense network is like a flock of birswe’re soaring together to new heights toprotect our most vulnerable populationsfrom cyber security threats I’ll turn itover toKatie excellent thanks Nicole um for nowwe’re really excited to welcome theperson who started all of this um CraigNewark as mentioned is the far founderof both Craigslist and Craig Newarkphilanthropies um when I think he kickedall of this off he had kind of focusedmostly on cyber security education cyberWorkforce and what we just talked aboutcyber tools and services but really it’staken on so much more than that so Craigover to you for some Reflections andthoughts on theinitiative folks I really appreciate itI keep thinking about well things likeWorld War II where the country a countryis under threat and people were expectedto play whatever role they could todefending everyone else you would uhprotect your family your homes you woulddo what you can to protect people aroundyou and the whole country and that’swhat all this stuff is really about wecan make it more comp complicated butsince I now have a reputation aboutbrevity I need topreserve um that’s just the essence ofthings we got to do what we can to helpprotect each other and to that end thissystem that I’m talking to you on is nowtelling me it needs to be updated soI’ll go ahead and do that in momentseveryone thanks I really appreciateit excellent thanks Craig and thank youfor modeling that great cyber securityuh hygiene practice of updating yoursystems when prompted we do appreciatethat um thank you so much to ourpanelists and all of our speakers todayfor joining us and also Al thanks to theaudience who joined us I think we had areally excellent representation fromacross sectors um from different stagesof career Etc um and really appreciatethose who submitted questions andcomments now I’m sure the big questionon everyone’s mind is how I C how can Icontinue to be involved in cyber civildefense well um as an mentioned there’sa great opportunity coming up in justabout two weeks in DC that is the Cybercivil defense Summit on Thursday June13th I think my colleague will put alink in the chat where you can learnmore and you can register another bigpublic event with uh cyber civil defensethemes in it is our annual Aspen cyberSummit uh a registration was justlaunched that is coming up on September18th at the reach at the uh JFK Centerfor Performing Arts in Washington DC youcan find out more at Aspen cyerssummit.org um again please feel free toreach out to any of the organizations umon that were featured today if you havequestions we’ll continue our cyber civilprogramming to Spotlight all of thegreat organizations and work across thenetwork and again we really thank youfor joining us here today have a greatafternoon thanks
With cyberattacks on the rise, it’s more important than ever for each of us to protect ourselves and educate our communities about cybersecurity threats. Two years after Craig Newmark’s launch of the Cyber Civil Defense (CCD) initiative, a coalition of nonprofits and civil society groups working to safeguard our digital future, the challenges and opportunities within the cybersecurity landscape continue to evolve. On May 29 craig newmark philanthropies and Aspen Digital commemorated the second anniversary of CCD.
Stacey Higginbotham has been writing about technology for 20 years in major publications such as Fortune, PCMag, IEEE Spectrum and MIT Technology Review. In 2015, Stacey founded “The Internet of Things Podcast” and a weekly IoT newsletter where she explained the latest IoT news, and tested the latest in consumer IoT devices. She has recently started her own consulting practice, and is working with Consumer Reports on public policy work around security for connected devices.
PANELISTS
Francesca Bosco Chief Strategy and Partnerships Officer, CyberPeace Institute
Read about Francesca Bosco
Francesca has an International Law and Human Rights background and 15+ years’ experience in working for international organizations (United Nations and World Economic Forum) on action-oriented research, capacity building and technical assistance in international justice, crime, peace and security. She has developed her expertise on countering and preventing cybercrime (from hackers profiling to protection of critical infrastructure), crime-tech convergence and misuse of technology, focusing on opportunities, systemic risks and threats created by new technologies (e.g. artificial intelligence, robotics, immersive technologies). She has a long standing expertise on leading programs to foster cybersecurity and increase cyber resilience, including cyber capacity building, and diversity and inclusion initiatives. More recently she has been working on securing digital transformation of contextually vulnerable organizations, in developing countries and in fragile contexts, to foster the achievement of the SDGs. At the Institute, she is leading the strategic engagement in programs and initiatives leveraging multistakeholder cooperation with civil society, academia, corporates, philanthropy and public institutions, to reduce the harms from cyberattack and to promote sustainable cyberpeace.
Ann Cleaveland Executive Director, Center for Long-Term Cybersecurity
Read about Ann Cleaveland
Ann Cleaveland has been guiding UC Berkeley’s Center for Long-Term Cybersecurity since 2018, helping fulfill its mission of anticipating and addressing tomorrow’s cybersecurity challenges in order to amplify the upside of the digital revolution. Her expertise in non-profit management, philanthropy, and industry informs CLTC’s success as a research and collaboration hub that helps decision-makers act with foresight, and expand who has access to and participates in cybersecurity.
Ann was previously the Senior Director of Strategic Planning at the ClimateWorks Foundation and architect of its learning and evaluation systems, focused on advancing a more strategic, effective, and science-based response to global climate change. She is fluent in Spanish and received her BA from Rice University and her MBA in sustainable management from the Presidio Graduate School.
Tod Eberle Alliance Director, The Shadowserver Foundation
Read about Tod Eberle
Tod Eberle is the Alliance Director at The Shadowserver Foundation, a nonprofit organization whose mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. As the world’s largest provider of free cyber threat intelligence, Shadowserver serves 8,000 network owners and National CERTs/CSIRTs in 175 countries. Before joining Shadowserver in January 2023, Tod served as a federal prosecutor for 19 years with the U.S. Attorney’s Office for the Western District of Pennsylvania. He specialized in cybercrime activities committed by transnational organized crime groups and nation-state threat actors. Tod was the 2019 recipient of the United States Attorney General’s Award for Excellence in Furthering the Interests of U.S. National Security. He also received the 2019 JD Falk Award presented by the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG) for his forward-thinking approach to investigating and prosecuting the GozNym Malware Criminal Organization.
Phil Reitinger President and CEO, Global Cyber Alliance
Read about Phil Reitinger
Philip R. Reitinger has served as the President and CEO of the Global Cyber Alliance (GCA) since December 2015. GCA is an international nonprofit organization focused on delivering a secure and trustworthy internet for everyone, build communities to deploy tools, services, and programs that provide cybersecurity at global scale. Unlike many non-profits, GCA does not focus on reports but builds practical, measurable solutions and tools that are easy to use.
In 2009, Mr. Reitinger was appointed to serve as the Deputy Under Secretary for the National Protection and Programs Directorate and the Director of the National Cyber Security Center in the U.S. Department of Homeland Security. In these roles, he led the Department’s efforts to reduce risks across physical and cyber infrastructures and coordinated public and private sector responses to cyber security incidents. Earlier in his government career, Mr. Reitinger was the first Executive Director of the U.S. Department of Defense’s Cyber Crime Center, which provides electronic forensic services and supports cyber investigative functions. He also served as Deputy Chief of the Computer Crime and Intellectual Property Section at the U.S. Department of Justice, where he was one of the first dedicated cybercrime prosecutors in the Criminal Division.
In the private sector, Mr. Reitinger was Sony’s Senior Vice President and Chief Information Security Officer from September 2011 to September 2014. Mr. Reitinger was also the Chief Trustworthy Infrastructure Strategist at Microsoft Corporation.
Mr. Reitinger has served on a number of advisory boards, including the New York Governor’s Cyber Security Advisory Board, the American Bar Association Standing Committee on Law and National Security Advisory Committee, and the advisory boards of several companies. He volunteers as well, having been a Stars Mentor for the MACH37 Cyber Accelerator and a member of the Falls Church City School Board.
Mr. Reitinger was awarded the Secretary of Homeland Security’s Distinguished Service Medal in June 2011, and the Attorney General’s John Marshall Award in July 1999. Mr. Reitinger holds a Bachelor of Engineering in Electrical Engineering and Computer Science from Vanderbilt University and a J.D. from Yale Law School.
Moderator
Nicole Tisdale Senior Advisor for Cyber Workforce and Education, Aspen Digital
Read about Nicole Tisdale
For more than a dozen years, Nicole Tisdale has served as a national security expert at The White House – National Security Council and the U.S. Congress’s House Committee on Homeland Security. Recently, she led The White House’s cybersecurity advocacy efforts before Congress. She is an expert on issues of cybersecurity, intelligence, foreign malign influence campaigns, disinformation, and election security. Nicole wrote and published a book, Right To Petition, to help others exercise their First Amendment right to advocate. Originally from Nettleton, MS, Nicole is a barred attorney and graduate of The University of Mississippi (BA, 2006; JD, 2009).
Craig Newmark is a Web pioneer and philanthropist, best known for creating the online classified ads service craigslist. Craig’s full-time philanthropic work focuses on organizations on the frontlines of protecting America’s security and democracy. He has given more than $300 million in support of veterans and military families, trustworthy journalism and civic engagement campaigns, cyber security education programs, hunger relief, and pigeon rescue. Craig was influenced by his Sunday School teachers who escaped the Holocaust, set his moral compass, and taught him to treat people like you want to be treated – and how to know when enough is enough. He stepped away from the day-to-running of craigslist almost two decades ago, but he still occasionally volunteers as a customer service representative.
{"includes":[{"object":"taxonomy","value":"134"}],"excludes":[{"object":"page","value":"203892"},{"object":"type","value":"callout"},{"object":"type","value":"form"},{"object":"type","value":"page"},{"object":"type","value":"article"},{"object":"type","value":"company"},{"object":"type","value":"person"},{"object":"type","value":"press"},{"object":"type","value":"report"},{"object":"type","value":"workstream"}],"order":[],"meta":"","rules":[],"property":"","details":["title"],"title":"Browse More Events","description":"","columns":2,"total":4,"filters":[],"filtering":[],"abilities":[],"action":"swipe","buttons":[],"pagination":[],"search":"","className":"random","sorts":[]}
Facebook
Twitter
LinkedIn
Email
