Civil society organizations are on the frontlines of defending human rights and advancing democracy around the world, but they are increasingly targeted by sophisticated cyber actors linked to authoritarian countries. Cyber intrusions enable authoritarian regimes to reach across borders to instill fear and silence dissent among civil society members, who are some of the most vulnerable individuals in our communities.
On 28 September, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (UK-NCSC) delivered on a commitment made at the 2023 Summit for Democracy and convened 6 additional countries for the Strategic Dialogue on Cybersecurity of Civil Society Under Threat of Transnational Repression. In addition to the U.S. and the UK, participating countries included Australia, Canada, Estonia, Japan, New Zealand, and Norway.
Civil society comprises many of the institutions that separate democracies from autocracies: nonprofits, advocacy organizations, cultural institutions, faith-based organizations, academic institutions, think tanks, journalists, and dissidents. The rise of authoritarianism around the world combined with the weaponization of cyber vulnerabilities has led to unprecedented threats to high-risk communities; in fact, our technology partners find that civil society is one of the three most targeted communities in the world. During the Strategic Dialogue we discussed the threat landscape and the advanced persistent threat campaigns targeting civil society around the globe emanating from cyber actors based in Russia, China, Iran, and North Korea. During the dialogue, we discussed what more each of our agencies could be doing to advance the cybersecurity of civil society and to calibrate our agencies’ support to the communities at highest risk.
From its founding, the NCSC – as a part of the cyber and intelligence agency GCHQ – has had as its remit a responsibility to keep the UK safe online, and protecting the country’s democratic institutions and high-risk communities is a priority. Accordingly, the NCSC has dedicated teams focused on the resilience of the nation’s economy and society and defending democracy, which work to extend support to civil society organizations across the UK and provide expert advice.
CISA has been moving in a similar direction through our High-Risk Community Protection initiative. Leveraging our Joint Cyber Defense Collaborative, we have partnered with civil society organizations and technology companies to better understand the cybersecurity needs of civil society and the role that CISA and our technology company partners can play to support this community. This collaborative effort will produce a National Cyber Defense Plan for Civil Society, which will outline a series of actions designed to catalyze future progress.
As the threat landscape evolves, we anticipate that the communities at heightened risk will expand. In the UK there has been a deepening understanding of the targeting of elected officials and government employees by cyber actors, and in the U.S., we continue to evaluate the breadth of high-risk communities and seek to align our efforts to international partners wherever possible.
Our shared challenges and common adversaries have created a heightened threat environment that requires more of us to work together than ever before, with partners who have too often fallen outside of the traditional scope of public-private partnerships.
Civil society has been shining a light on transnational repression, and the cyber intrusions against them necessitate that the democracies of the world to do more to help them protect themselves. We are proud of the ongoing partnership that CISA and the NCSC, standing side by side with like-minded countries around the world, have forged together.