A group of nonprofits are banding together to form a larger coalition that will combine and align their collective cybersecurity research, tools and resources to help protect vulnerable organizations from cyberattacks.

Called Nonprofit Cyber, it includes at least 22 nonprofit organizations dedicated to cybersecurity, including the Center for Internet Security, the Cloud Security Alliance, the Cyber Threat Alliance, the Cyber Peace Institute, the Global Cyber Alliance, MITRE’s Engenuity Center for Threat Informed Defense, SAFECode and Consumer Reports.

According to a press release, Tony Sager, senior vice president of the Center for Internet Security, and Philip Reitinger, president and CEO of the Global Cyber Alliance, will serve as co-chairs of the executive committee. The initial focus of Nonprofit Cyber will be on building awareness of the work and services that these organizations provide to the public free of charge as well as aligning their internal workstreams to achieve “greatest effect.”

In an interview with SC Media, Reitinger described Nonprofit Cyber as a lightweight “coalition” that is bound by a charter, and though all 22 current members are non-profits, Nonprofit Cyber is not itself a 501c3 organization.

“This is a collection of entities that are all working in that ‘trying to get stuff done’ space, and it just seemed…that we could be more effective if we were even better at working together,” Reitinger said. “There are opportunities to do things jointly, like joint releases, timing of announcements, these sorts of things where we can do an even better job of supporting each other and making sure that our activities align.”

The main goals are to improve broader coordination within the non-profit sector, give greater reach to the specific expertise each organization brings and provide a unified signal to the public about some of the best cybersecurity practices or resources available. It's part of a broader effort to cut through the marketing hype and FUD (or “Fear Uncertainty and Doubt”) that many organizational leaders face when navigating their cybersecurity problems.

“A big challenge here is the sheer amount of noise there is, the biggest barriers for small businesses for example to get something done is not implementing something for picking what to implement,” said Reitinger.

(Photo source: Nonprofitcyber.org)

It also means aligning their workstreams to be complimentary so that multiple organizations are working together on projects so they aren’t needlessly duplicative or wasting resources, as well as potentially collaborating on cybersecurity guidance documents in the future.

The idea of banding together was described as a bottom-up initiative, with many individual discussions among different groups over the past few years about the need to coordinate their limited resources and amplify good research throughout the nonprofit ecosystem. In the fall of 2021, those conversations led to Zoom meetings to explore the concept and develop the outlines of a charter and organizational structure that could guide the collective efforts of a larger group.

One thing Nonprofit Cyber will explicitly veer away from is taking formal positions around policy or regulatory decisions, with Reitinger telling SC Media that it was “absolutely not” in their writ to get involved in lobbying governments or pushing for legal or policy changes, though individual members are still free to do so.  

“It’s not going to lobby, it’s not going to say, you know, governments need to regulate or not regulate or do these sorts of things — that’s not what this is about,” Reitinger said. “Members can take those sorts of positions, members can band together to take those positions, but the actual organization is about mutual collaboration or raising awareness.”

A full list of member organizations includes: the Anti-Phishing Working Group, the Center for Internet Security, the Center for Threat-Informed Defense, the Cloud Security Alliance, Consumer Reports, CREST International, the Cyber Defence Alliance, the CyberPeace Institute, the Cyber Readiness Institute, the Cyber Threat Alliance, the Cybercrime Support Network, the CyberGreen Institute, the FIDO Alliance, the Forum of Incident Response and Security Teams, the Global Cyber Alliance, the National Cyber Forensics and Training Alliance, the National Cybersecurity Alliance, the Open Web Application Security Project, SAFECode, the Shadowserver Foundation, Sightline Security, and #ShareTheMicInCyber.