The federal government is spending billions a dollar a year on cybersecurity, and corporations spend even more. Meanwhile, entrepreneurs are rushing to market with new products to keep all manner of cyber threats at bay. So it sounds like cybersecurity is an area where philanthropy can take a pass, right?
Wrong, says Larry Kramer, President of the Hewlett Foundation. “Cybersecurity represents an exciting opportunity to advance a field that needs attention but is largely new to private philanthropy."
Hewlett believes it can help bring more coherence to a cybersecurity field that's largely fragmented, lacking in good leadership, and misunderstood by both policymakers and citizens. It wants to help governments, businesses, educational institutions, and nonprofits get on the same page about the most important cybersecurity issues out there. It wants stronger thought leaders in the field, which can be totally befuddling to non-experts. It wants better research on cyber threats.
Is all that really needed?
Yup, says the foundation, which makes a strong case for jumping in here. In a March Cyber Initiative Memo, Kramer, writing with Tom Steinbach and Megan Garcia, wrote:
Interest in cyber issues is beginning to grow among some think tanks, but none has yet taken on the task of developing a comprehensive conceptual framework for cybersecurity. The small amount of cybersecurity funding that goes to NGOs and think tanks comes mainly from private companies, moreover, which skews the work toward thinking about how government actions affect industry rather than about the landscape as a whole and leaves the results vulnerable to attack as biased. As with government and industry, most of the research is reactive, and no one is thinking broadly or systematically about a larger framework or about what cybersecurity should look like in the future.
Building up new fields is exactly the kind of thing that foundations do so well, especially ones like Hewlett, with deep pockets and long horizons. While everyone else is busy worrying about those Chinese hackers, or this or that virus, Hewlett can focus on the bigger picture.
Hewlett rolled out its Cybersecurity Initiative last month, and the money here is serious: $20 million over the next five years. Where will it all go?
The foundation drops some pretty big hints on that score in the Cyber Initiative Memo, right down to "sample grantees" on page 9. (Wouldn't it be great to make that list?)
Here are the goals that Hewlett lays out:
- Begin to develop a network of experts working to keep the Internet secure, open, and well governed.
- Help individuals and institutions develop comprehensive analyses of cybersecurity problems and solutions.
- Attract new funders and additional funds.
- Fill critical research gaps.
Technology funding isn’t exactly the norm for the Hewlett Foundation, which focuses its grantmaking on programs in education, environment, performing arts, and global development. The Cyber Initiative is one of Hewlett’s “special projects,” along with a community leadership project and a nuclear security initiative. Although Internet security is undoubtedly a global issue, Hewlett’s geographical focus will only be on institutions in the United States.
All in all, this is an impressive example of a major foundation taking leadership on a serious issue of the moment, but one where civil society so far has little role. It's a nice piece of work by Larry Kramer and company.