‘A nerd’s gotta do what a nerd's gotta do:’ Why Craig Newmark is funding a cyber civil defense
Craig Newmark is the first to admit that he’s no cybersecurity expert.
But that didn’t stop the Craigslist founder and major philanthropist from announcing last week that Craig Newmark Philanthropies would offer more than $50 million in grants to build what he calls a “cyber civil defense.” Aspen Digital, a program run by the Aspen Institute, will manage it.
Grants will go to organizations like the Ransomware Task Force at the Institute for Security Technology, the Global Cyber Alliance and even Consumer Reports, which Newmark says will create “cybersecurity nutrition labels” to, among other things, disclose security metrics on any smart device, be it a a thermostat or a car.
The everyday threat of cyberattacks is very real for Americans. The last five years alone have seen a dramatic uptick in cyber and ransomware attacks, with threat actors not just going after military targets, but exploiting vulnerabilities in anything from baby cameras to major oil pipelines. “We've been attacked on our own soil in ways that have never happened before,” Newmark told the Click Here podcast team in an interview.
“I wish I had the skills to participate,” he added, “but it seems like my role is to help out the people who can really help defend our country and democracy overall.”
This interview has been edited for length and clarity, and an excerpt is available in the latest episode of Click Here.
Click Here: Was the idea for a civil cyber defense force inspired by the Ukrainian IT army and people coming out of the woodwork there to help? Do you think the U.S. has a secret population who would be very good at doing this, who could sort of help other people learn?
Craig Newmark: I think we do have a lot of people who are willing to help others defend this country and to defend democracy worldwide. As it turns out, there are really good people protecting the country at CISA [Cybersecurity and Infrastructure Security Agency]. There are really good people helping protect the country and private industry, and a lot of people doing good work at nonprofits. And I guess the idea is to defend the country and, while we're at it, to provide hundreds of thousands of really good cybersecurity careers.
I've committed over 50M to what I'm calling Cyber Civil Defense, with a focus on tools and services for regular people. Working with @ConsumerReports @GlobalCyberAlln @RescueTaskForce @Shadowserver and more! https://t.co/A0ISjUuHeX— craig newmark (@craignewmark) April 11, 2022
CH: How would it work?
CN: It's going to take a lot of flavors. Right now, one focus is working on workforce development: getting education for everyone, starting in grammar school or high school; adding education for people who might potentially be really good at cyber. We all need to learn, if we can, how to protect our homes, how to protect ourselves as individuals, our businesses, our enterprise and the country. There's really good work happening at something called the Global Cyber Alliance. And I think Consumer Reports, as it turns out, is already playing a big role in this. That shouldn't be a surprise because Consumer Reports was big in high technology when washing machines were high-tech.
CH: And what specifically would you be doing with Consumer Reports?
CN: Well, my intentions are to work with them to help curate security software and systems that help keep us safe at our homes and businesses. But also to help them work on the area of cybersecurity nutrition labels. For example, you want your baby cam to have been tested in good faith so you can have some confidence that it will be really hard to hack it. Maybe more importantly, you want a cybersecurity safety label on your car because cars are now internet connected, and if a hacker stopped your car while you were on the freeway or encouraged your self-driving car to self-drive you off a cliff, either of those things would ruin your day.
CH: Are you familiar with a program called Magshimim in Israel? It’s exactly as you're saying, that you take kids in elementary school, maybe middle school, who seem to have an affinity, and you start them out doing robotics. And then you get them into computers and computer languages. It sounds like it's a little bit like what you’d like to do.
CN: Well, I'm working on education and workforce development primarily through the Aspen Cybersecurity Group. The deal is, I find people who are much better at things than I am, and then help them help everyone. Among the groups we’re funding already are Girls Who Code and the Girl Scouts, who are already helping train their membership. I have a neighbor who, I think, just turned eight. She has three cybersecurity merit badges. And I've discussed this at the highest levels who point out that she probably will have no trouble getting clearances [to do top-secret work].
CH: Have recent hacks crystallized for you the need for stronger cyber defense? I'm thinking specifically about the Microsoft Exchange hack, which at the tail end of the attack started metastasizing into all these little companies: malls, dentist's offices, things like that. Had you seen that as not just big companies being victims of cyber attacks, but regular mom-and-pop shops, too?
CN: Well, I've been paying attention to the area of cybersecurity since the early seventies, when I was in school, because I could see how important it was and I should be paying attention. Over the last five years or so, I've been helping people defend the country in cyber without any specific trigger. I'm very much aware of the issues, but the deal is that I basically help the people who will help defend the country.
CH: We've been talking about cybersecurity and this threat and ransomware for a really long time. And it seems like people don't really believe it is necessarily a threat to them.
CN: Well, in some respects, it hasn't been communicated very well. In some respects, it's all very mysterious and confusing because pretty much everyone knows that they need to try to keep their system safe — you know, maybe running virus detectors and so on. But there's a lot of confusion and very little clarity. The groups I'm working with, and most notably, Consumer Reports, is good at cutting through that confusion.
CH: Did your role as the founder of Craigslist inform your thinking on this?
CN: Well, when I founded Craigslist, from the very beginning, I was doing customer service. And that meant I was concerned with all the above. For a very long time of my 50 years as an adult or something close to one, 40 of those years have been in customer service — mostly Craigslist and IBM. And cybersecurity has been a concern for a long time. It is just a lot more intense now, since over the last years, for the first time in any substantial ways, Americans have been attacked for military purposes on our own soil.
CH: So how do you know if it's working?
CN: Well, as an example, people attacking the country using ransomware — if that starts to trail off. If there are fewer attacks, that means measures to stop that are working. The way we find out is if cybersecurity attacks are less and less useful. We'll know when it's much more difficult for an adversary to bring down our electrical grid or our water supplies. It's hard to know that; it's kind of like proving a negative. But it's up to all of us to play whatever role that we can. And since I've been lucky enough to acquire some resources, it's part of my life mission to support the people who are helping protect us. Basically, a nerd’s gotta do what a nerd's gotta do.