IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Introducing the CyberPeace Institute: Protecting Communities Online

In this interview, Pavlina Pavlova, public policy adviser at the CyberPeace Institute, describes the organization’s mission and global activities to reduce harm online for vulnerable populations.

globe in front of a cityscape on a dark background
Adobe Stock/thejokercze
Back in October 2023, while in Montreal, Canada, I had the privilege of meeting Pavlina Pavlova, public policy adviser at the CyberPeace Institute. We were both invited to be keynote speakers at InCyber Forum North America, and I described that overall event experience in this blog last year.

During our conversation, I learned about the CyberPeace Institute for the first time. I was intrigued about many aspects of their worldwide efforts, and I asked Pavlina if she would be open to an interview. She agreed, and the following discussion flows from that initial conversation.

Pavlina Pavlova.
Dan Lohrmann (DL): Your website says that the CyberPeace Institute is “protecting the most vulnerable in cyberspace.” How do you do that?

Pavlina Pavlova (PP): The CyberPeace Institute works toward reducing harm from the use of digital technology. We endeavor to support victims, develop an understanding of the cybersecurity threat landscape of vulnerable communities in order to provide analysis and advanced warning of threats so as to reduce their impact and harm, and support accountability efforts. We are an NGO dedicated to supporting other NGOs and to the protection of civilian infrastructure from systemic cyber attacks that put populations at risk. The Institute carries out neutral and independent analyses of cyber attacks and incidents, and, importantly, documents their negative impact and harms on people. Leveraging this data- and evidence-driven approach, we develop policy recommendations and engage with governments, the private sector and other relevant actors to advance responsible behavior and accountability measures in cyberspace. The Institute also drives tailor-made capacity-building efforts that empower NGOs to be more resilient by providing them with free cybersecurity services under the CyberPeace Builders program.

DL: Tell us about the history of the CyberPeace Institute.

PP: The CyberPeace Institute was founded with initial funding and support from the private sector and foundations, including Microsoft, Mastercard and the William and Flora Hewlett Foundation. It was established in Geneva, Switzerland, as a neutral and independent NGO and as this was at the beginning of the COVID-19 pandemic, immediately focused on supporting the health-care sector, which was under extreme pressure and faced cyber attacks that undermined the sector’s ability to respond to people’s medical needs. We answered this complex threat environment by compiling a repository of cyber incidents targeting public health, including patient care services, pharmaceuticals and vaccine centers, and publishing research and recommendations related to threats to the health-care sector. The Cyber Incident Tracer #HEALTH is a platform that bridges the information gap about cyber attacks on the health-care sector and their impact on people. This way it served as a means to empower states and the wider multistakeholder community with evidence for policymaking and resilience efforts, including resource allocation. Today, we are unfortunately still witnessing an escalation in attacks on critical infrastructure, growing in sophistication, frequency and scale. However, there is a hope for change if we fast-track the support for victims and hold actors accountable for the harm they cause.

DL: Which organizations participate in your activities?

PP: Our network is international, stretching across 120 countries. We are proud of the global community of more than 70 partners and supporters that include philanthropy, tech companies, civil society, research, and international organizations, and the Institute further fosters collaboration with academia and think tanks. Headquartered in Geneva, the Institute has a diverse range of expertise and experience and a team of some 30 persons from 16 countries.

The Institute believes in the power of collective effort, and building effective partnerships is central to our mission. For example, the CyberPeace Builders program works through a trusted and dedicated network of corporate partners who provide expert volunteers and funding to enable free cybersecurity assistance to NGOs worldwide. Our CyberPeace Builders currently assist over 230 NGOs across the world thanks to the generous support of more than 700 volunteers provided by nearly 50 companies.

The Institute also partners with governments and drives multistakeholder initiatives, such as the collaboration with the Czech Republic and Microsoft that published a multistakeholder compendium on protecting the health-care sector from cyber harm further to a series of expert workshops. The CyberPeace Institute is also partnering with the Hague Humanity Hub, the Dutch Institute for Vulnerability Disclosure and CSIRT.global in a project to offer free cybersecurity support to over 200 NGOs in The Hague. This project funded by The Hague municipality will help strengthen the cyber ecosystem in the region by building a solid cyber capacity for this vulnerable sector. Moreover, under the UNDERSERVED project funded by the European Union, the Institute and its partners are developing a platform for reporting and analyzing threats to NGOs that are providing critical services to vulnerable sections of society.

DL: What are the top cybersecurity issues and challenges that you are addressing?

PP: Our focus is on systemic threats to cyber peace that arise in a variety of complex contexts, such as threats against critical infrastructure, targeted surveillance, and disinformation, whether in peacetime or in armed conflicts. We also investigate the nexus between cyber attacks and the proliferation of harmful content online, considering that such a convergence creates unique risks to populations worldwide.

The key driver for our work is not only the challenges we focus on but also how we can strengthen a response to them. For example, recognizing that cyber attacks do not just harm technology but threaten people and endanger access to basic services, we have initiated research and a process to develop a standardized harms methodology. What we have evidenced through the Institute’s repositories and analysis of cyber attacks is that many of these harms are severe, have long-term effects, and can have impacts at national and international levels. The Institute aims to determine the means to measure harm from cyber attacks and incidents in order to increase knowledge of the human costs and inform accountability frameworks. This methodology is a collaborative effort and we engage with governments, the tech community, academia, and other experts to ensure it is developed as a practical tool for policy and decision-makers.

DL: Your website mentions Ukraine in many places. What is your involvement with the war in Ukraine?

PP: The CyberPeace Institute has beencollecting data connected to the international armed conflict between Ukraine and the Russian Federation since January 2022. In the two years, we have recorded 3,225 cyber attacks and operations conducted by 126 threat actors against critical civilian infrastructure including incidents affecting some 57 countries. The growing use of cyber attacks and operations against services and objects of critical infrastructure is a cause for alarm. Moreover, the consequences of geopolitically motivated cyber incidents are felt globally with their impact spilling over into non-belligerent countries.

The Institute’s in-house data collection on cyber attacks exposed that cyber attacks deployed as part of the conflict have impacted 23 vital sectors. These numbers translate into real-life impacts; cyber attacks can destroy systems or data, disrupt essential services, facilitate data theft and leak, and limit access to accurate information that can have adverse and compounding effects on economic and operational activity with severe repercussions for civilian populations, who are protected under international humanitarian law.

DL: When we talked in Montreal, you described an extensive research database that can help address issues. Can you elaborate on what that is?

PP: We cannot change what we cannot measure. That is why the CyberPeace Institute developed two publicly available databases that I have mentioned earlier. Our repositories of cyber incidents focus on the health-care sector, and critical infrastructure during armed conflict. The Cyber Incident Tracers provide independent, data-driven insights on the cyber threat landscape. They are developed in-house with data sourced through the monitoring of open sources by our researchers as well as data from our partners. We follow principles of independence, transparency, neutrality, and ensure strong data protection. The Institute publishes these Tracers and analysis to broaden public knowledge and as a public good. The information from the Tracers is made available for use by governments, media, researchers, and others and informs our work across the multistakeholder community.

DL: As you travel the world, you see cybersecurity issues from different perspectives. How is cyber crime experienced by populations on different continents?

PP: The growing scourge of cyber crime is a global problem and while various national and regional approaches have emerged there is still no universal framework to fight it. Perceptions and priorities shift across regions, and we have seen this distilled during ongoing negotiations on an emerging UN cyber crime treaty. Discussions on criminalization, law enforcement powers, and terminology expose the different cultural and social values that countries bring to this negotiation. This is especially exposed in the divergent views on the importance of protecting human rights and freedoms in cyberspace, and data protection regimes, but also in how countries embrace cooperation with civil society and private companies or how differently the issues of gender-based violence are treated — which are all recurring points of contention. The CyberPeace Institute engages in international cyber crime and cybersecurity efforts to bring the needs and experiences of victims to the forefront. We also collaborate with the Civil Society Unit of UNODC and other partner organizations to help facilitate regional cyber crime consultations for Africa, Asia and the Americas that can bring regional perspectives and considerations into global frameworks addressing transnational cyber crime.

DL: What are ways that the organizations in the public and private sectors in the U.S. can assist and benefit from your efforts?

PP: The CyberPeace Institute strives to combine collective strengths in initiatives where companies, organizations, and individuals can come together to provide help. Through the CyberPeace Builders program, numerous multistakeholder initiatives and partnerships, we design sustainable models for supporting vulnerable people and organizations. We also believe that civil society must be a vocal advocate in cybersecurity policy, providing clear recommendations, seeking specific actions, and demanding accountability. This vital work is currently reliant on fragmented efforts from organizations operating with limited resources. Civil society organizations play a crucial role in cybersecurity and require more sustained support and resources from governments and companies alike. For our mission, it is vital that donor countries and organizations increase their public support and funding for neutral, independent evidence-driven initiatives. This is not only an investment in cybersecurity, but importantly a bigger commitment to safer and more peaceful cyberspace for all.

The CyberPeace Institute offers trainings for individuals, NGOs, boards, and governments. You can learn more about independent and evidence-based insights on how vulnerable communities are targeted and harmed by malicious activities in cyberspace in threat analysis. The Institute also publishes strategic analysis reports, technical blog posts, and data-driven dashboards.

These publications provide insights into the latest trends, emerging threats, and vulnerabilities affecting the communities we serve.

DL: Are their ways that individuals can get involved?

PP: Your support is crucial for peace and stability in cyberspace. You can become a volunteer with the CyberPeace Builders program, donate, or support the institute as a partner organization.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.