It's the One Big Foundation Taking on Cybersecurity Threats. Now, It's Doubling Down

 photo:  Gorodenkoff/shutterstock

photo:  Gorodenkoff/shutterstock

You know it’s time to panic over cybersecurity when even Director of National Intelligence Dan Coats wakes up, calling it a “top priority” of greater concern than weapons of mass destruction and terrorism.

So if you’re looking forward to a future when Russians pick your leaders and hackers pick your pocket, read no further. You’re going to hate the Hewlett Foundation’s new 5-year, $50 million commitment to its Cyber Initiative, which was first launched in 2014.

This is one of several big bets that Hewlett president Larry Kramer made after taking the helm of the foundation in 2012, and it’s proved remarkably prescient, give recent headlines.

Hewlett’s latest support for the initiative could protect us all from criminals like the ones who stole your personal data from Equifax and Ashley Madison, not to mention the 400-pound guy who upended your 2016 U.S. presidential election.

The Cyber Initiative is an exercise in capacity building whose goal is to generate a critical mass of cybersecurity expertise based in universities and think tanks to anticipate and address problems as they evolve. The foundation has thrust into a space that's been dominated by industry and government, yet is largely ignored by the philanthropic world. A key premise, here, is that civil society also needs a voice in cybersecurity debates. That premise made sense back in 2014; it feels more urgently true today.

The foundation’s new commitment brings its total support for the Cyber Initiative to more than $130 million over 10 years.

Hewlett has been doubling down on this work nearly from the start. After launching the $20 million initiative in 2014, it dramatically increased its bet by awarding $15 million each to UC Berkeley, Stanford and MIT. In addition, Hewlett awarded over $2.2 million that year in grants to think tanks, including the Center for New American Security, the Rand Corporation, and the Carnegie Endowment for International Peace. In all, it had awarded $67 million through 2017.

With its latest commitment to cybersecurity, Hewlett aims to accomplish three key goals:

  • Support a small set of core institutions thinking through the long-term challenges of effective cyber policy, providing the expertise to help decision-makers in Washington, D.C., and the tech industry balance tensions among deeply-held democratic values.

  • Fund universities training a new generation of cyber experts with the right mix of technical, legal and policy knowledge.

  • Support translation infrastructure—to help policymakers and the broader public better understand what’s at stake and proposed solutions in the cyber policy debate.

The new support fits with Hewlett’s revised grantmaking strategy in this area, which focuses more narrowly on three main goals: (1) building a set of core institutions capable of responding quickly and confidently to the emerging needs of cyber policymakers; (2) creating a talent pipeline of individuals with the right mix of technical, legal and policy skills to staff those and other institutions, as well as government and industry; and (3) fostering the infrastructure needed to translate and disseminate policy ideas and solutions to both decision-makers and the wider public.

Of course, Hewlett isn’t the only player in the cybersecurity space. Campuses, in particular, have experienced an influx of support for cybersecurity projects. Big cybersecurity gifts over the past few years have flowed to places like Harvard, which received a $15 million gift from Robert and Renee Belfer to establish the Cyber Security Project; UMass Amherst, which netted a $15 commitment from MassMutual Foundation that includes $3 million for its Cybersecurity Institute.

If cybersecurity is truly a bigger threat than terrorism, there can’t be too many funders with their eye on this challenge. Still, Hewlett remains the only big foundation that’s taking on this issue. After the Cold War, a number of major grantmakers cut back their support for work on national security issues and few have pivoted back into this space even as the world, in some ways, has become a more dangerous place than ever before.

As Hewlett sees it, government and industry are already addressing the most immediate cybersecurity threats. The foundation views its role differently—to bridge the gap between the immediate threats and long-term policies. It also wants to draw more attention to these issues within the grantmaking community. I’ll let Larry Kramer have the last word on this point:

Despite vastly increased attention to cyber issues, cyber policy is still a young field—one in which philanthropic support can make an immense difference. We are in the pioneering phase, and the importance of what happens next—of whatever norms and policies society establishes in the coming few years—will grow over time. We would love more company on that journey.