CyberPeace Institute launches ‘Humanitarian Cybersecurity Center (HCC)’
February 2023 by Marc Jacob
In the last 3 years, cybercriminals and Nation State actors have accessed systems and personal records, stolen millions of dollars of donations, carried out surveillance operations, or led disinformation campaigns against non-governmental organizations (NGOs).
Humanitarian and development NGOs are targeted by cyberattacks and information operations. They do not have the capacity to both be on the frontline of aid delivery and respond to cyber threats. Cyberattacks imperil lives and erode the trust in organizations that is essential for their work.
This is why the CyberPeace Institute launched the Humanitarian Cybersecurity Center (HCC) - developed and hosted in Switzerland, and operating globally. This is a partnership platform, scaling-up cybersecurity solutions for humanitarian NGOs.
More than 1 billion people across the world receive vital support and services from NGOs. These organizations leverage technologies to carry out their activities and are entrusted to hold vast troves of sensitive data on people. This has increased the cyberattack surface of these organizations.
There is an urgent need to help NGOs to protect themselves.
The Humanitarian Cybersecurity Center provides them with free tools, workforce and knowledge to face the threat.
The Center provides expert support and practical assistance to NGOs in the humanitarian and development sectors, tailored to their needs, and available anywhere in the world. The Center builds upon the CyberPeace Institutes key capabilities and develops programs of activities and associated projects to support communities vulnerable to threats in cyberspace.
Providing assistance and advice adapted to the specific needs of each NGO and working to foster collaboration and strengthen resilience, the Center carries out activities in 4 key focus areas:
1. DETECT & INFORM: Equipping NGOs with guidance and cyber threat intelligence so that they can detect upcoming cyberattacks.
2. PREVENT: Providing hands-on assistance to NGOs to build cyber preparedness and resilience through risk assessments, simulation exercises and training.
3. ASSIST: Hands-on technical and forensic investigative support and assistance with incident and crisis management.
4. STRENGTHEN: Developing standards, fostering multi-stakeholder collaboration and advocating for protection of the humanitarian sector at international fora.
One of the pillars of the Center is the CyberPeace Builders program. This is a unique network of expert corporate volunteers which has delivered, since its launch in 2021, end-to-end cybersecurity services to more than 100 NGOs, with the objective to provide a diverse, distributed capacity building offering. The aim is to serve 300 humanitarian NGOs in 2023 and 1,000 NGOs by 2025.
Some of these activities have already been running for over a year and are being scaled through the Center, others are being tailored to the needs of NGOs.
“NGOs are regularly targeted by cyberattacks and information operations. Whether responding in a conflict zone or to a natural disaster, or carrying out development programs, NGOs do not have the capacity to both be on the frontline and respond to cyberthreats” stated Stéphane Duguin, Chief Executive Officer, CyberPeace Institute. “The CyberPeace Institute’s ‘Humanitarian Cybersecurity Center’ provides them with the tools, workforce and knowledge to face the threat. The Center is a free, global resource for NGOs and Humanitarian actors responding to their needs, to be secure.”
The Center strives to protect NGOs from cyber threats and provides tangible and free cyber assistance and support. The focus of the Humanitarian Cybersecurity Center is to enable organizations to build and/or strengthen their capabilities and preparedness for, and resilience against, cyberattacks through the provision of tools, resources, knowledge, and hands-on help. The Center offers a range of services, from awareness on the threat landscape, to establishing baseline security measures, vulnerability scans, simulation exercises, and to prepare for, and to assist during and after a cyberattack. The CyberPeace Institute requires donations to scale the assistance provided to protect humanitarian organizations during an active cybersecurity crisis.
Cyberattacks have taken place against large international organizations such as the United Nations (UN) and International Committee of the Red Cross (ICRC), and NGOs including Save the Children, Mercy Corps and Roots of Peace.
“The CyberPeace Institute contacted us 18 months ago to introduce its services to our humanitarian organization, and we started our collaboration with a study/analysis of our cybersecurity situation. They found a specialist to help with this, and then we received a detailed report of our situation which allowed us to plan and implement the necessary corrections and improvements to the computer security of our organization. This was at no cost to Terre des hommes” stated Eric Monnier, Head of Information Services, Terre des Hommes. “We are now launching a new activity with the Institute to help us in the optimization of our cybersecurity environment, related to Cloud services. It has become essential to have an external view and skills to improve our cybersecurity, and the CyberPeace Institute support allows us to do so. This is particularly important for NGOs like Terre des hommes, who are not spared from the attempts of hackers to penetrate our systems.To be able to do this without having to use our budgets destined to help children is a relief” he concluded.
While NGOs play a critical role in protecting people, they face many constraints to protect themselves. Currently, only 1 in 10 NGOs train staff regularly on cybersecurity and only 1 in 5 have a cybersecurity plan. Since it was founded in 2019, the CyberPeace Institute, has worked hard to protect NGOs in order to enable them to protect the most vulnerable.
“Cybercrime is costing the global economy trillions of dollars and sadly, the humanitarian community is not exempt. Yet the cost in this sector goes well beyond the financial, harming our most vulnerable communities and society as a whole. Humanitarian organizations struggle to reduce cyber risk as it means diverting precious resources away from core mission activities. CyberPeace Institute’s ‘Humanitarian Cybersecurity Centre’ will help address this issue by coordinating voluntary cybersecurity assistance, information sharing and education efforts. This collaborative approach will help amplify the reach and positive impact of this effort for society" stated Jen Ellis, Cybersecurity Advocate and member of CyberPeace Institute’s Humanitarian Cybersecurity Center’s Advisory Committee.
The CyberPeace Institute believes in value-led partnerships bringing together the best expertise to act on major societal issues and empower sustainable progress.
In December 2022, the Institute issued a public Call to Partners which has secured over 70 partners and supporters enhancing collaboration and support with tools, services and expertise dedicated to the humanitarian and development sectors.
The Institute is appreciative of the partnerships it has and for the funding received from the Ford Foundation, William & Flora Hewlett Foundation, Mastercard, Microsoft, and many other donors. An Advisory Committee has also been established, which brings a diverse range of expertise and experience from the cybersecurity, humanitarian and development sectors. It provides guidance and support for the development of the Center through its representatives from across the world.
By monitoring, assessing and communicating on the cyber threats to humanitarian and development NGOs, healthcare organizations, civilians in conflict zones and organizations or individuals impacted by targeted surveillance the CyberPeace Institute can work together with partners to better protect them.
As an NGO working with and on behalf of vulnerable communities to advance responsible behavior in cyberspace, the CyberPeace Institute advocates for protection of the humanitarian sector at international fora. There should be a focus on the need for a human-centric approach to peace and security in cyberspace, and a consideration of the disproportionate impact of cyberattacks on vulnerable groups. By analyzing cyberattacks, the Institute exposes their societal impact, how international laws and norms are being violated, and advances responsible behavior to enforce cyberpeace.