I’d love to say we saw what was coming when we launched the Cyber Initiative in 2014. But no one could have guessed how quickly cybersecurity would become what Berkeley’s Steve Weber calls “the master problem of the Internet era.” Yet the relentless stream of cybersecurity crises only highlights the gap we noticed four years ago, when we began this work: with government and industry focused on putting out daily fires and triaging the latest threats, we need people and institutions in position to think through the long-term consequences of decisions made on the fly and to help policy-makers balance trade-offs among deeply held democratic values. Our grantees have done important work over these four years, but much remains to be done.
That’s why I’m pleased to announce that the Hewlett Foundation has renewed its commitment to the Cyber Initiative for an additional five years after 2018 (that is, through 2023), while increasing its budget to $10 million per year. The problems aren’t going away, and given all that’s happened—Wannacry, Equifax, Shadow Brokers, and, of course, Russian interference in the 2016 elections—we thought it appropriate to request the renewal a year early.
The Cyber Initiative is an exercise in capacity building, and our goal is to help generate a field of people and organizations with the experience and expertise to both anticipate and address problems as they evolve. Our initial approach involved making relatively modest grants to a large number of institutions addressing cybersecurity challenges with a wide variety of approaches. Such experimentation makes sense at the outset of a new philanthropic effort. But experience (bolstered by an external evaluation) showed that we were trying to do too much and, as a result, spread ourselves too thin.
Our revised grantmaking strategy focuses more narrowly on three main goals: (1) building a set of core institutions capable of responding quickly and confidently to the emerging needs of cyber policymakers; (2) creating a talent pipeline of individuals with the right mix of technical, legal, and policy skills to staff those and other institutions, as well as government and industry; and (3) fostering the infrastructure needed to translate and disseminate policy ideas and solutions to both decision-makers and the wider public. For anyone familiar with our work to date on the Cyber initiative, these priorities won’t come as a surprise. We’re not changing direction so much as doubling down on what’s worked best.
Certainly a focus on institutions is not new. Going forward, however, we’ll make larger, longer grants to a smaller number of partners with the intellectual resources across multiple relevant disciplines to make a real contribution to developing the cyber policy field. We believe that a core set of institutions with deeper benches will have greater capacity not only to address today’s challenges, but also to respond swiftly and flexibly to emerging cyber threats we cannot yet envision.
Likewise, the development of a talent pipeline has been a key component of the Cyber Initiative since the beginning—something most visible in the initial three grants we made in 2014 to Stanford, MIT and UC Berkeley to establish multidisciplinary cyber centers on their campuses. Those grants have already borne fruit, and will continue to do so—not least by fostering competition as other universities establish their own centers and experiment with new, inter-disciplinary educational approaches.
The third component of the revised strategy—support for translation infrastructure—reflects recognition that the ability to communicate about policy is, in practical terms, almost as important as developing the policy in the first place. Ensuring that institutions that are fashioning policy ideas and solutions have the capacity to share them effectively is critical. There’s also a great deal we can accomplish by supporting journalists and by connecting with people in creative fields as they craft narratives that help policymakers and the public make sense of this brave new world.
Our commitment to the cyber policy field, as with all our time-limited initiatives, is not open-ended and will end at the conclusion of our renewed commitment. By then, we expect a flourishing field to exist as measured by progress in each of the three areas mentioned above: the existence of strong and growing institutions that address cyber policy issues with credibility; new degree programs, increasing enrollment, and, most of all, good jobs for those taking up cyber policy as a career; and increasing sophistication in the conversations that inform cyber policymaking, demonstrated both by our grantees and by others in this still nascent field.
Despite vastly increased attention to cyber issues, cyber policy is still a young field—one in which philanthropic support can make an immense difference. We are in the pioneering phase, and the importance of what happens next—of whatever norms and policies society establishes in the coming few years—will grow over time. We would love more company on that journey.