By Phil Reitinger
This week we join thousands of our colleagues at RSA Conference 2020. It’s my fifth RSA Conference as part of the Global Cyber Alliance, and a good time to reflect.
I’m fond of saying that the overarching cybersecurity problem is scale. Trying to secure even one smart device is a very difficult task by itself, because no one knows how to write vulnerability-free code in a commercially reasonable way. And there are billions and one day trillions of smart devices with vulnerabilities connected to the Internet, along with more millions of even more complicated devices and services. The Internet is complication, wrapped in complexity, undergoing exponential growth.
The Global Cyber Alliance (GCA) is an organization designed and built to address the problem of scale. Our focus is identifying solutions – often ones already well known – that have the potential to reduce cyber risk at scale but which are not having the effect they could. Current government and industry efforts are falling short. GCA’s focus is to figure out why and then organize and support a community effort to deploy the solution globally. We also work to measure the result, because at the end of the day, our work only matters if it actually reduces risk.
Our five-year journey has focused on scale – building scale in our community, our projects, measuring our effect, and our people.
First, we need a global community to collaborate to attack cyber risks at scale. So since we were created, we have been uniting a global community to tackle and eradicate risk. We started with just a few partners from a small group of countries. We have been growing steadily, and now have over 250 partners from over 30 countries. We are in the process of adding a new category of allies – GCA Friends – to better align with how organizations want to work with us and each other, either as direct supporters (GCA Partners) or as users and advocates for our work (GCA Friends). Organizations like GCA need both resources to work and an “Amen chorus” to move forward.
Second, we have addressed a growing number of cyber risks with free solutions that work at scale. Our first big project, launched in 2016, was our effort to drive deployment of DMARC to help stop the worst kind of phishing, direct domain spoofing. We have built a wizard to help entities deploy not only DMARC but the protocols on which it depends, SPF and DKIM, which is available in eighteen languages. With partners PCH and IBM, GCA built and launched in 2017 a global protective DNS service called Quad9 that blocks an average of 60 million attacks every day, free of charge, while protecting the privacy of anyone using the service. In 2018, we continued to drive use of DMARC and Quad9, released other free tools like McScrapy and the DMARC Risk Scanner, and launched our DMARC Leaderboard.
In 2019, our biggest yet, we launched the GCA Cybersecurity Toolkit for Small Business with the support of Mastercard – which has already been accessed more 60,000 times – to help small businesses take simple, concrete steps to make themselves much more secure. We also launched a Cybersecurity Toolkit for Elections in collaboration with the Center for Internet Security and with the support of Craig Newmark Philanthropies, and the growing Automated IoT Defence Ecosystem. Our efforts on DMARC continued, with GCA holding its first DMARC Bootcamp.
The year 2020 is young, but we have already launched the Cybersecurity Toolkit for Small Business in French.
Third, we have continued to make progress on measuring the effect of our efforts. We track the use of all our solutions, and so far have produced two specific reports on the effectiveness of DMARC in 2018 and protective DNS services like Quad9 in 2019. Each has the potential to reduce losses by billions of dollars while costing far, far less to implement. We are also continuing to work closely with our partners on metrics, including but not limited to CyberGreen and the R Street Institute.
Fourth and finally, we continue to expand the expertise of our own team. Just recently, on Friday, we announced that Leslie Daigle, the former Chief Internet Security Officer of the Internet Society, and Michael Tanji, one of the founders of Carbon Black, are joining the GCA team.
We would like to thank you all for your support, which we hope will continue and expand. Only with resources can we continue to build an organization which operates to reduce cyber risk at scale, using tens of people, hundreds of partners, and thousands of friends to solve problems for millions of organizations and billions of people, and perhaps one day, saving trillions of dollars.