Cybersecurity Nonprofits Form “Nonprofit Cyber” Coalition

Nonprofits that focus on action and tangible results to more effectively

collaborate and coordinate to increase efficiency and impact globally

New York – February 23, 2022: The world’s leading implementation-focused nonprofit
cybersecurity organizations today launched Nonprofit Cyber, a first-of-its-kind coalition of global nonprofit organizations to enhance joint action to improve cybersecurity. All coalition members are nonprofits that serve the public interest by developing, sharing, deploying, and increasing the awareness of cybersecurity best practices, tools, standards, and services.

“I applaud that this consummate consortium of nonprofits has formed to actively protect us against security threats to our digital infrastructure and uphold our open internet, combining their knowledge, skills, and tools for the greatest effect,” said Govind Shivkumar, director of responsible technology at Omidyar Network.

Nonprofit Cyber will initially focus on two priorities: building awareness of the work of cybersecurity nonprofits globally and aligning their work to achieve the greatest effect.Envisioned as a “collaboration-of-equals,” each member organization has committed to work in coordination to better serve Internet users globally. Coalition members must be a 501(c)(3) or 501(c)(6) nonprofit if organized under U.S. law or hold an equivalent status if organized under the laws of another country. More information is available at the coalition’s website NonprofitCyber.org and on Twitter at @NonprofitCyber.

The twenty-two founding members of Nonprofit Cyber are the Anti-Phishing Working Group,the Center for Internet Security, the Center for Threat-Informed Defense, the Cloud Security Alliance, Consumer Reports, CREST International, the Cyber Defence Alliance, the CyberPeace Institute, the Cyber Readiness Institute, the Cyber Threat Alliance, the Cybercrime Support Network, the CyberGreen Institute, the FIDO Alliance, the Forum of Incident Response and Security Teams, the Global Cyber Alliance, the National Cyber Forensics and Training Alliance, the National Cybersecurity Alliance, the Open Web Application Security Project, SAFECode, the Shadowserver Foundation, Sightline Security, and #ShareTheMicInCyber. Tony Sager of CIS and Philip Reitinger of GCA will serve as co-chairs as the organization begins operations.Nonprofit Cyber welcomes applications for new members that work to implement best practices and solutions at scale. Nonprofit Cyber is focused on these organizations, rather than lobbying or policy development and advocacy organizations, or industry associations.Information on joining Nonprofit Cyber can be found at its website.

“A large number of nonprofits that focus on cybersecurity implementation are working within their own areas of action toward the joint goal of improving cybersecurity, but the lack of coordination and communication among them can lead to inefficiency and duplication of effort,” said Philip Reitinger, President and CEO of the GCA and incoming co-chair of Nonprofit Cyber. “Better communication and collaboration among these groups will enable programmatic and opportunistic action to improve cybersecurity.”

“Cybersecurity nonprofits create and sustain essential resources that touch every enterprise and every person. And many are natural ‘integration engines,’ bringing together people and ideas across the public and private sectors, technical disciplines, industry sectors, and national borders.” said Tony Sager, Senior Vice President and Chief Evangelist for CIS, and incoming co-chair of Nonprofit Cyber. “Our goal with Nonprofit Cyber is to collaboratively align our individual strengths into a collective force for good, taking positive action for the entire cyber ecosystem.”

Key stakeholders welcomed the creation of Nonprofit Cyber.

“At CISA, we know that government has an important role in building our collective defense and that we can’t do it alone; cyber is a team sport and we look forward to partnering with Nonprofit Cyber on this mission,” said Kiersten Todt, Chief of Staff for the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S.. “The launch of Nonprofit Cyber is an important step in aggregating the tools and resources of global non-profits and making them available to organizations of all sizes, especially small businesses, which are often the target of malicious actors. CISA looks forward to collaborating with Nonprofit Cyber to help our nation, and the world, raise the cybersecurity baseline and promote global resilience.”

“Non-profits have an important role to play in helping set expectations in cyber security hygiene and providing tools that can help organisations of all sizes,” said NCSC (UK) Technical Director Dr Ian Levy. “I’m really happy to see these great organisations coming together under ‘Nonprofit Cyber’ to be better coordinated and to maximise the impact they can have in helping the global cyber security mission.”

“Public-private-nonprofit cooperation, including internationally, is at the core of the NCSC-Netherlands’ work,” said Hans de Vries, Director of the NCSC-NL. “We therefore welcome this initiative, for it can help to bolster the fabric of understanding, sharing and cooperating during incidents and in general improve cyber governance. We will seek to support this new initiative from day one.”

“When it comes to cyber security, collaboration is key. Government, industry, academia and
non-profits all have a part to play, and the more we coordinate with each other, the more
effective we will be,” said Sami Khoury, Head of the Canadian Centre for Cyber Security (Cyber
Centre). “The Canadian Centre for Cyber Security supports the stated goal of Nonprofit Cyber
which will undoubtedly help raise the cyber security bar across Canada, and around the world.”

“A key part of the Office of the National Cyber Directors’s core mission is to improve federal
coherence in cyber policy, action and doctrine, and to promote future resilience in the cyber ecosystem,” said Chris Inglis, the National Cyber Director of the U.S. “Given its importance to the entire cyber ecosystem, it is very encouraging to see this nonprofit community’s initiative to promote coherence and align their work for the benefit of all.”

“With the unprecedented rise in cyber crimes associated with greater use of technology during the pandemic, the need for expert support for users to defend themselves has never been greater,” said Kelly Born, Director of the Cyber Initiative at the William and Flora Hewlett
Foundation. “There are great nonprofits working to support cyber defense, and too often their
efforts go uncoordinated due to lack of resources. Nonprofit Cyber is a much needed step in the right direction of enabling greater collaboration in this critical field.”

“Everyone must be able to protect themselves, their family, and their businesses from cyber threats. Nonprofits play a critical role in ensuring that is possible, filling the gaps between what governments and companies do,” said Craig Newmark, founder of craigslist and head of Craig Newmark Philanthropies. “Aligning the activity of these organizations is an important step toward protecting society and human rights.”

“There is a huge cybersecurity non-profit ecosystem attempting to educate the general public
about the need of protecting their data, as well as bring more people to this career field,” said Ron Gula of the Gula Tech Foundation. “Coordination of the efforts of cybersecurity nonprofits by Nonprofit Cyber will dramatically increase the effectiveness and impact of this critical endeavor.”

About the Nonprofit Cyber Founding Members

The Anti-Phishing Working Group (APWG) is the international coalition unifying the global response to cybercrime across industry, government and law-enforcement sectors and NGO communities. Learn more at https://apwg.org.

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation.Learn more at https://cisecurity.org.

The Center for Threat-Informed Defense (CTID) is a non-profit, privately funded research and development organization whose mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Learn more at https://ctid.mitre-engenuity.org/. The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.Learn more at https://cloudsecurityalliance.org.

Consumer Reports (CR) is an independent, nonprofit member organization that works side by side with consumers for truth, transparency, and fairness in the marketplace. Learn more at https://www.consumerreports.org.

CREST International is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. Learn more at https://crest-approved.org.

The Cyber Defence Alliance (CDA) is a not-for-profit members organization based in London working on behalf of financial institutions to proactively share threat intelligence and expertise to prevent and disrupt cyber attacks, liaise with Law enforcement agencies to target cybercriminal networks and apprehend the most prolific offenders. The CDA works on a cross sector basis and with like-minded organizations on an international basis to address the global threat from cybercrime. The CDA also provides a 24/7 incident response capability to support the member organizations and the UK Financial Services Cybercrime Collaboration Centre (FSCCC) during major cyber incidents.

The Cyber Readiness Institute (CRI) mission is to empower small and medium-sized enterprises with free tools and resources to help them become more secure and resilient. Learn more at https://cyberreadinessinstitute.org.

The Cyber Threat Alliance (CTA) is working to improve the cybersecurity of our global digital ecosystem by enabling near real-time, high-quality cyber threat information sharing among companies and organizations in the cybersecurity field. Learn more at https://www.cyberthreatalliance.org.

The Cybercrime Support Network’s (CSN) mission is to serve individuals and small businesses impacted by cybercrime. Learn more at https://cybercrimesupport.org.

The CyberGreen Institute (CyberGreen) is dedicated to mobilizing a global community of experts, business leaders, and policymakers to revolutionize cybersecurity through the development of a science of Internet Public Health. Learn more at https://www.cybergreen.net.

The CyberPeace Institute is a nongovernmental organization whose mission is to reduce the harms from cyberattacks on people’s lives worldwide, provide assistance to vulnerable communities and call for responsible cyber behaviour, accountability and cyberpeace. At the heart of the CyberPeace Institute’s efforts is the recognition that cyberspace is about people.Learn more at https://cyberpeaceinstitute.org

The FIDO Alliance is an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords. The FIDO Alliance promotes the development of, use of, and compliance with standards for authentication and device attestation. Learn more at https://fidoalliance.org/.

The Forum of Incident Response and Security Teams (FIRST) aspires to bring together incident response and security teams from every country across the world to ensure a safe internet for all. Learn more at https://www.first.org.

The Global Cyber Alliance (GCA) builds practical, measurable solutions and tools that are easy to use, and works with partners to accelerate adoption around the world. Learn more at www.globalcyberalliance.org.

The National Cyber Forensics and Training Alliance (NCFTA) was established in 2002 as a nonprofit partnership between private industry, government, and academia. The NCFTA provides a neutral environment for operational collaboration in the ongoing effort to identify, mitigate, and disrupt cyber crime. Learn more at https://www.ncfta.net.

The National Cybersecurity Alliance (NCA) advocates for the safe use of all technology and educates everyone on how best to protect ourselves, our families, and our organizations from cybercrime. Learn more at www.staysafeonline.org.

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web. Learn more at https://owasp.org.

SAFECode is a global industry forum where business leaders and technical experts come together to exchange insights and ideas on creating, improving, and promoting scalable and effective software security programs. Learn more at https://safecode.org.

The Shadowserver Foundation’s (Shadowserver) mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. Learn more at https://shadowserver.org.

ShareTheMicInCyber (#STMIC) is an online movement to address issues stemming from systemic racism in cybersecurity. The social media campaign highlights the experiences of Black practitioners in this field, catalyzes a critical conversation on race in the industry, and shines a light on Black practitioners’ accomplishments to showcase them as experts in their fields all while creating professional opportunities and bringing the cyber community together. Learn more at www.sharethemicincyber.com.

Sightline Security is a nonprofit security organization whose mission is to equip, empower, and support global nonprofits to navigate and embed cybersecurity into their organizations with confidence—founded to address the lack of cybersecurity adoption in the nonprofit sector by offering a holistic, business, and community-centric approach designed to embrace cybersecurity best practices. At Sightline, there is a world where nonprofits have the confidence, knowledge, and business acumen to stay protected in a digital world. Learn more at https://sightlinesecurity.org.