In 2014, the Hewlett Foundation announced that its Nuclear Security Initiative would wind down by the end of the year and a new security initiative focusing on the threats found in cyberspace would take its place.
We've been keeping a close eye on this effort, because it's a great example of a big foundation trying to build up a nascent field. Before Hewlett came along, the cybersecurity discussion was dominated by experts from either government or industry. Civil society didn't have much of a voice in debates over one of the top security threats of the 21st century—one that intersects with big questions about society's approach to new technologies, privacy, information, and the digital age writ large.
Every ambitious funder is looking for that niche where new money can make a decisive difference, and Hewlett definitely found one in cybersecurity. In making what remains the largest bet of his tenure so far, Hewlett chief Larry Kramer said last year, “Cybersecurity represents an exciting opportunity to advance a field that needs attention but is largely new to private philanthropy." And he and his team flagged the potential to break new ground: "Interest in cyber issues is beginning to grow among some think tanks, but none has yet taken on the task of developing a comprehensive conceptual framework for cybersecurity... no one is thinking broadly or systematically about a larger framework or about what cybersecurity should look like in the future."
Sounds like a pretty perfect mission for a brainy place like Hewlett, right?
Initially, the foundation made a $20 million commitment to its newly minted Cybersecurity Initiative, which was to be laid out over the course of five years. But it didn’t take long for Hewlett to explode that initial budget when it pledged a total of $45 million to be split evenly between MIT, Stanford, and UC Berkeley.
For a while, it looked as though Hewlett was playing it a bit safe with its cybersecurity funding. For the remainder of 2014, the foundation awarded just six grants, most falling between $150,000 and $400,000 with the exception of a $1 million award to the New America Foundation.
In the beginning of 2015, Hewlett’s cybersecurity grants looked much like the previous year's, with less than 10 smallish awards going out to relatively big outfits like the Carnegie Endowment for International Peace, the National Academy of Sciences, and New York University.
This all makes sense, given that the field of cybersecurity is still largely being established. Hewlett has been focusing its energies on bringing more order to a heavily disjointed universe while simultaneously building capacity in cybersecurity knowledge and thought leadership. This explains why it’s tapped the likes of MIT, Harvard, UC Berkeley, and Stanford to take the lead in this work.
Now, though, with a string of recent grants for cybersecurity, Hewlett is widening its efforts to fully build out this field.
The foundation last month announced nearly $2.1 million in cybersecurity grants to five organizations including the New America Foundation ($500,000), Public Knowledge ($275,000), the Virginia Tech Foundation ($500,000), Center for Democracy and Technology ($400,000), and the Woodrow Wilson International Center for Scholars ($400,000).
The New America Foundation is a particularly important grantee in this mix, and the cybersecurity work that Hewlett is underwriting there is explicitly aimed at better connecting the various dots—something that NAF does well as a think tank with linkages to government (its CEO is a former top State Department official) and industry (its board chair is Google's Eric Schmidt.)
The Hewlett Foundation likes big data dives in its subjects of grantmaking interest, so it is increasing cybersecurity research in its latest grants. But there is also a serious leaning toward informing and developing actual cybersecurity policies, as well as the broader public debate.
It's good to see that latter piece falling into place. We expressed the fear early on that the foundation was placing too much emphasis on slow-moving academic research even as the cybersecurity policy field was evolving rapidly. Clearly, though, Hewlett has a pretty broad vision of how to build up the cybersecurity field—a vision that includes deep, new scholarship and research, as well as plenty of support for policy wonks.
Hewlett's Cybersecurity Initiative is supposed to run until around 2019 or 2020.