By Aimée Larsen Kirkpatrick
Happy Anniversary Global Cyber Alliance! Today is a milestone anniversary for GCA: FIVE YEARS!! Five years of action. Five years of impact. Five years of making a difference.
GCA started as a scrappy nonprofit of a few people with a big idea: reduce systemic cyber risk. The organization was blessed with influential founders – the Manhattan District Attorney’s Office, the City of London Police, and the Center for Internet Security (CIS) with the gift of seed funding thanks to the Manhattan DA and a handful of passionate people who were determined to make things happen. Since those first days, GCA has swelled its ranks to include a full executive team, regional directorates, a development team, a marketing and communications team, and a business team. We are a diverse group of people located across North America and Europe with varied backgrounds – all with a drive to make the world a better place.
GCA has a big vision: a secure and trustworthy Internet. An Internet that is reliable and that enables social and economic progress for everyone – no matter who or where they are. Our mission is to reduce cyber risk and improve our connected world. Will we ever achieve this vision? I hope so. We live our mission every day with programs and projects that are making a difference.
On the new GCA website you can see a timeline of our impact. It undoubtedly will expand each year!
Community and Collaboration
GCA has built an impressive global community of partners committed to our mission and engaged to help us achieve it through direct engagement in projects, as an amplifying voice, as champions of our cause, and through financial contributions. Won’t you join us?
Quad9: A Protective DNS Service
Quad9 is a prime example of big thinking and collaboration. GCA built and launched (in November 2017) this protective DNS service in collaboration with IBM and Packet Clearing House. Now its own nonprofit organization, Quad9 is a free, privacy preserving, global service that blocks access to malicious sites, significantly limiting/reducing the impact of phishing and malicious software. Since its initial launch, Quad9 has grown to include a presence on six continents, in 90 countries, and in 150 cities blocking access to malicious sites an average of 60 million times each day.
We’ve calculated that global use of Quad9 or other protective DNS services could save approximately $150-200 billion per year.
DMARC Implementation, Training, and Advocacy
GCA has driven global implementation of Domain-based Message Authentication, Reporting, and Conformance (DMARC), an email authentication protocol that prevents spoofing of domains in email, stopping the most virulent kind of phishing. To ease implementation of DMARC, GCA built a setup guide and suite of training materials that are free to use. The guide is available in 18 languages and has been accessed by organizations from 200 countries and more than 9,500 cities.
Since GCA’s efforts to increase DMARC adoption beginning in 2016, there has been a global increase of DMARC adoption of 2,257% going from just over 80,000 verified DMARC records at the end of 2019 to almost 1.9 million verified records by the end of 2019. GCA’s advocacy of DMARC played an important role in the decision by the U.S. government to adopt DMARC as a government standard across all federal civilian agencies and likely influenced similar decisions by the governments of Australia and New Zealand. Since then even more governments have followed suit – Canada, Denmark, the Netherlands – and we hope there are many more to come!
GCA Cybersecurity Toolkits
Another example of why partnership is so highly valued at GCA are the GCA Cybersecurity Toolkits. A toolkit to help small businesses was an idea brought forward by one of our partners whose organization was keenly interested in helping secure the supply chain. The idea resonated with many GCA partners, so we decided to take on the challenge. We focused on building a toolkit to reduce the barriers to action: understanding what needs to be done, which tools to use, and making sure cost was not a barrier. Thus, the GCA Cybersecurity Toolkit for Business, sponsored by Mastercard, was born in early 2019.
We built a toolkit that includes free tools that are easy to understand and map to the guidance of the Center for Internet Security, the National Cyber Security Centre, and Australia’s Cyber Security Centre. The toolkit has been accessed more than 77,000 times since February 2019 and is offered as a resource by Mastercard, Salesforce (Trailhead), and the National Institute of Standards and Technology Small Business Cybersecurity Guide, the UK’s Action Fraud, and ICTswitzerland. The toolkit is available in English, French, German, and Spanish.
Following on the heels of the small business toolkit was the release of the GCA Cybersecurity Toolkit for Elections in collaboration with CIS. Thanks to a generous gift from Craig Newmark Philanthropies, GCA was able to build a toolkit designed to help election offices shore up their cybersecurity defenses with free cybersecurity tools and resources. The elections toolkit has been accessed more than 309,000 times since June 2019.
What’s on the horizon for GCA? In the immediate future GCA will continue to work on championing DMARC, release a toolkit for journalists, and continue to make improvement to all of the toolkits.
Looking farther down the road, GCA continues to work on projects that have global reach and impact. Among them are IoT security – GCA continues its work on the Automated IoT Defence Ecosystem (AIDE). We are also investigating routing security and how to improve trustworthiness in the domain name system (DNS). And we continue our quest with metrics – both how to evaluate the impact of the projects we take on and how to measure cybersecurity health so that as a community we can make better, more informed decisions about what will reduce cyber risk.
It’s been five amazing years. But this is just the beginning. Join us and help us as we navigate the next five years of doing big things to make the Internet a better place.
Do Something. Measure It. Here’s to the next five years!
The author, Aimée Larsen Kirkpatrick, is the Global Communications Officer at the Global Cyber Alliance. You can connect with her on LinkedIn.