Open Letter to Prioritize Community Cybersecurity

TO: 

Open Letter to Prioritize Community Cybersecurity

The federal government focuses primarily on cybersecurity as it relates to national security. This priority is essential, but the framing allows many small, critical organizations to fall through the cracks, including public organizations like small municipalities and rural school districts, as well as critical nonprofits like food banks, legal aid, and social services. The impact of cyber attacks on community organizations is devastating, and disproportionately affects the poorest Americans who rely on the critical services they provide. Collectively, these incidents degrade our economic wellbeing and public health and safety.

Public life would not function without the thousands of small, local organizations that make America work. Students learn at 14,000 school districts across the country, and residents receive essential services from 312,000 U.S. nonprofits and shop at 33.2 million small businesses. But many of these organizations lack the resources, training, and access to protect themselves from common cyber attacks, and are often referred to as target-rich and resource-poor, or below the “cyber poverty line,” a term coined by cybersecurity expert Wendy Nather.

We strongly urge the next administration, regardless of political affiliation, to prioritize strengthening the cybersecurity of these under-resourced community organizations. 

We represent local leaders in academia, civil society, industry, and philanthropy, sectors who work day in and day out to patch the gaps in cybersecurity services and funding for these organizations. We stand at the ready to help deploy federal support to communities across the country to ensure local cyber resilience.

Current government initiatives provide a solid foundation that can be expanded through additional support, funding, and direct assistance, but are not enough to meet the need of the moment. These initiatives include:

• The National Cybersecurity Strategy, which advocates for shifting the burden away from individuals and organizations and towards more capable actors;
• The CISA High Risk Communities Protections Initiative, which centralized resources for civil society and other high-risk communities; and
• The CISA State and Local Cybersecurity Grant Program SLCGP, which provides funding to states and cities to invest in cybersecurity.

We should not expect a local food bank or elementary school to defend itself from professional cyber criminals, and we should not accept the risk that they may fail. According to U.S. Chamber of Commerce, 27% of small businesses reported that they are one disaster or threat away from shutting down their business. These threats only grow greater as organizations across the nation face escalating attacks by commercial and state-backed cyber criminals. Now is the moment to protect target-rich, resource-poor organizations, for the benefit of communities across the country and the security of our nation.

Signed,

The UC Berkeley Center for Long-Term Cybersecurity

and

Academic Organizations

• Dakota State University
• Florida Gulf Coast University
• Franklin Cummings Tech, Center for Computing and Interdisciplinary Technology
• Indiana University Center for Applied Cybersecurity Research
• Indiana University Ostrom Workshop
• Trident Technical College
• University of Chicago, Harris School of Public Policy Cyber Policy Initiative
• University of Texas at Austin, Robert Strauss Center for International Security and Law
• University of Montana, CyberMontana
• West Virginia State University

Nonprofits and Think Tanks

• Consumer Reports
• Common Sense Media
• Cyber Threat Alliance
• CyberPeace Institute
• Global Cyber Alliance
• I Am The Cavalry
• Institute for Security and Technology
• NGO-ISAC
• San Diego Cyber Center of Excellence (CCOE)
• The Shadowserver Foundation
• VetsinTech
• Wisconsin Cyber Response Team

Philanthropic Organizations and Foundations

• Craig Newmark Philanthropies

Companies

• Advocacy Blueprints, LLC
• NextJenSecurity

Security Researchers and Experts (Individual)

• Kemal Akkaya
• Isak Nti Asare
• Tatyana Bolton
• Dr. Shawn Clouse
• Betsy Cooper
• Silas Cutler
• Ray Davidson, PhD
• Michael Franklin
• Ayan Islam
• Bilge Karabacak
• Laura Mateczun, JD
• Wendy Nather
• Aaron Perkins, M.S., CISSP
• Michael Razeeq
• Marc Rogers
• Andreen Soley

For further information and to reach out to signatories, please contact: 
Sarah Powazek
Director, Public Interest Cybersecurity
powazek@berkeley.edu

---