Samsons vs Goliaths: the unsung cyber heroes we all rely on

Like it or not, you rely on the internet. Whether you’re a teenage TikTok addict, a doom-scrolling journalist, or my mum trying to navigate her online banking app – or even if you’re not connected at all – the businesses and governments that provide our most critical services (water, power, healthcare, banking) as well as our national security do so over and through an online ecosystem that, if it failed, would quickly make The Last of Us look like an episode of Friends.

If we started again, we probably wouldn’t end up here: an insecure communications channel used to pass back and forth all our financial transactions, business data, personal messages and the countless other bits and bytes that make and sustain our societies, our basic services and our way of life. But here we are, and the internet, more-or-less in its current form, is going to be what we have for the foreseeable future. We need – not as a luxury but as a first-order priority for every one of us – to make it work.

So here’s a not-so-fun-fact: the functioning and security of the internet we all rely on, relies on non-profit organisations, many of which depend on uncertain funding streams and volunteer networks.

We’re talking here about organisations like the Shadowserver Foundation which scans the entire internet every day and reports vulnerabilities, free of charge, to network owners. Or Quad 9, which provides secure Domain Name Services (or an internet ‘address book’) for individuals and companies. Or MITRE, whose ATT&CK knowledge base is the go-to source for defence against cyber attackers.

We, the companies and individuals who get the benefit, just expect the internet to work. Yet the organisations on which we rely to make it work have very real costs, often in the millions of dollars per month. And all of these vital but little acknowledged organisations are funded through grants, donations and intermittent government-funded projects, and all of them suffer the extremes of perpetual funding uncertainty.

The good news is that this precarious model for sustaining a secure and functioning internet is recognised problem, and increasingly attracting attention and serious thought. At the forefront of this effort are the incredibly special people at the Global Cyber Alliance, who, rather than simply accepting that this frightening dependency is a hard-wired and permanent norm, are pioneering solutions to address this funding conundrum. This is the essence of the Common Good Cyber initiative, a move to address the ‘market failure’ where services vital to the confidentiality, integrity and availability of our information are not directly funded by those who enjoy the benefits.

In February, the TAG Digital Development team was privileged to contribute at a GCA workshop at which a range of these vital non-profits, government actors, tech companies, philanthropists and international development players discussed the issues and debated the options. The results, now available in the workshop report focus on three key aims:

  • raising understanding of what would happen if these non-profits failed, and building the business case for helping them continue to exist.
  • supporting and accelerating them in their missions.
  • establishing strategic and joined-up funding.

These aims, and many of the other conclusions of the report, are correct and laudable. But it’s worth asking whether we are, in fact, taping over the holes in the bucket rather than addressing the reasons our bucket is full of holes in the first place? It may be that this is the best we can achieve for now: it is difficult and painful to pull back from ‘free’, and any re-imagining of the internet’s commercial model would trigger almost endless multi-national wrangling, something big powers have little time or appetite for at present.

So for now (or at least until the lights go out) we should all embrace, welcome and be thankful for the work of the Global Cyber Alliance. We should continue this debate and most importantly help it pivot to action, creating a practical roadmap to advance Common Good Cyber. At TAG, we and our global partners and associates will continue to bang the drum on behalf of the vital hidden wiring of cybersecurity heroes that support all of us in almost every facet of our daily lives. We hope you will join us.