Edinburgh/Washington — Microsoft, Mastercard and the Hewlett Foundation are funding a new organisation that is planning to help dissidents and other vulnerable groups across the world defend against hackers.

The CyberPeace Institute, headquartered in Geneva, will get started on Thursday, September 26, with the aim of working with the international community to stop the internet from becoming “weaponised”, according to an institute statement.

The organisation, which plans to employ as many as 20 staff members in its first year, will work with a network of volunteers and experts in the public sector, academia, and civil society to respond to major cyber-attacks that inflict harm on people, such as those that shut down hospitals, cripple businesses or suppress the work of advocacy organisations, said Marietje Schaake, the CyberPeace’s president.

“We read about cyber-attacks every day and people frown and worry, but there’s little understanding of the impact on civilians and how, in this space, the lines blur between states and the private sector,” said Schaake, who formerly served as a member of the European parliament. “We want to bring more transparency and accountability, and we want to focus on helping civilians who may have experienced harm or become the collateral damage of a cyber-attack.”

Microsoft president Brad Smith said cyber-attacks can have a “real world impact” on people’s ability to access basic services such as healthcare, banking and electricity.

“We need to bring together people across civil society and the tech sector to share data, best practices and technology to better protect citizens and increase the world’s resiliency against cyber-attacks,” he said, in a statement. “The CyberPeace Institute will help do just that.”

‘Responsible behaviour’

The institute will work to influence global policy and international law on cyber-attacks and hopes to promote “responsible behaviour” among state and non-state actors, said CEO Stéphane Duguin. The organisation will also publish public reports on specific incidents and may provide technical support to groups that have been identified as victims of a hack.

The institute’s experts won’t publicly name who is responsible for a particular attack — a process known as attribution — though they plan to release technical details they uncover that may help others track down the hacker’s identity.

“There are many different elements of information that form a puzzle that can lead to attribution. It is very difficult,” Schaake said. Even when there are strong indicators suggesting who was responsible for an attack, “there can be political hesitation or other sensitivities for calling out the perpetrator”. 

Microsoft, Mastercard, and the Hewlett Foundation are among the CyberPeace’s core funders. The organisation has an eight-member executive board and 14-member advisory board, which includes technical and legal experts, as well as human rights advocates.

Danny Sriskandarajah, a member of the advisory board and CEO of the UK-based charitable organisation Oxfam GB, said he is concerned about the rising spate of cyber-attacks against pro-democracy advocates in parts of Eastern Europe and the Middle East.

“It’s never been easier to organise and mobilise political dissent,” said Sriskandarajah. “The downside is that the online world comes with huge threats for activists. In Oxfam, we are really conscious of making sure our own systems are as secure as they can be, but we are even more worried about smaller NGOs and protesters and dissidents who need to have the right to speak out. They are being targeted very clearly by malevolent forces.”

Eli Sugarman, a member of the institute’s executive board and program officer for the Hewlett Foundation’s cyber initiative, said his foundation supports the initiative because it “tackles three separate but connected pieces of this challenge.

“First, it analyses and investigates harmful attacks, helping draw attention to them and hold those responsible to account. Second, it promotes international norms of behaviour that help protect civilians and delegitimise cyber-attacks against them. And third, it will help victims of these destructive attacks recover and stay safe moving forward.”


Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.

Speech Bubbles

Please read our Comment Policy before commenting.