A consortium of university-based cybersecurity clinics provides free cyber support to organizations that are least prepared to defend themselves.
The University of California, Berkeley's Center for Long-term Cybersecurity's Cybersecurity Clinic Consortium provides students with hands-on experience to help them land a job while strengthening the cyber readiness of small organizations with limited budgets. . Volunteer programs of this kind are important for policymakers to seek long-term solutions to make the overall digital environment more secure, while reducing the potential for damage from cyber-attacks by 2024. said panelists at the RSA conference.
The Cybersecurity Clinic Consortium was launched in 2021 to coordinate and share best practices among 15 university-based clinics across the United States that support organizations such as local governments, critical infrastructure, small businesses, and nonprofits.
Nonprofits have traditionally thought their humanitarian vision would keep them safe from harm, but the 2022 Red Cross hack shattered those hopes, says Cyberpeace Institute's chief operations officer. Director Adrian Ogier said. And even if criminals aren't specifically targeting non-governmental organizations, they seem willing to blackmail organizations they stumble upon in large-scale, indiscriminate attacks. Ideologically motivated attackers target specific nonprofit organizations, such as those focused on refugee assistance, LGBT advocacy, and women's health care, said Sarah Poisek, director of the Long Term Cybersecurity Center's public interest cybersecurity program. It is said that they are also pursuing
The Cyber Clinic initiative will have faculty oversee computer science and cybersecurity. Students providing specific cyber support. They may advise on issues such as patching and multi-factor authentication, or translate advice from reputable organizations such as the National Institute of Standards and Technology or the Center for Internet Security. Otherwise, it may be too complex for your average part-time girlfriend IT person to parse easily. , Poisek Said.
Meanwhile, a consortium of cybersecurity clinics We're sharing our best ideas and each clinic is also planning a localized approach, says Poisek. she says. For example, the Indiana University clinic supports local fire departments. Meanwhile, the Massachusetts Institute of Technology's clinic provides consultation on cyber vulnerabilities and low-cost remediation methods for public agencies and elected officials, according to the consortium's website. Clinics are also increasingly focused on smaller utilities, such as sewage treatment plants and electric cooperatives, Poisek says.
The Cybersecurity Clinic Consortium is also working to build a network of contacts for the volunteer program, and if the clinic itself doesn't provide the service, the consortium can refer you to an organization that does, Powazek said. .
Some efforts outside the consortium are exploring similar tactics, training students while supporting local organizations. For example, the nonprofit organization CyberTrust Massachusetts is an initiative in which students from participating community colleges and state universities work in security operations centers and cyber ranges to provide low-cost cyber services to local governments, small businesses, and nonprofit organizations. I am supervising.
Overseas, Ogier's Swiss-based Cyberpeace Institute acts as a matchmaker between nonprofit organizations around the world and industry experts willing to help with short-term work for free. This benefit works both ways. Volunteers can build skills and reputations, while companies can improve their public image by supporting cybersecurity, which is seen as an undisputed social good, Auger said.
Smaller organizations sometimes don't know how to begin their cybersecurity efforts, Poisek said, and many call police or city counselors for advice. But these numbers are usually not ready to answer the question. So in another effort, the Center for Long-Term Cybersecurity's Public Interest Cybersecurity Program is working with San Francisco to survey local nonprofits to understand what their needs are. , allowing programs and cities to consider ways to meet their needs.
While Poizek and Ogier applaud volunteer efforts to fill the gap in cybersecurity services for small businesses, they say more needs to be done and that programs like cyber clinics should not be relied upon as a long-term solution. I warned you that there is no.
“[These programs] We need to continue, so we need sufficient funding,” Ogier said. “Until policymakers find systemic solutions, we need to be able to protect the unprotected.”
poisek said the same Cyber clinics can be helpful, but they shouldn't be your primary source of cybersecurity information.
“In the long run… how can we shift the blame so that our programs are helpful but not benefitting these organizations?” Poizek “When we talk about critical infrastructure like wastewater treatment and energy, the responsibility shouldn't be on us.”
