The Global Cyber Alliance wants cybersecurity for everyone

Fun fact: if you’ve ever used the 9.9.9.9 (Quad9) DNS resolver, you’ve used a project the Global Cyber Alliance (GCA) helped create.

I have a hunch that while many IT pros are familiar with 9.9.9.9, far fewer know about the GCA. If you’re an IT pro who is unfamiliar with the GCA (as I was a few months ago), you’re in luck. In this article, we’ll take a closer look at the GCA, what they do, and how you can help.

What is the Global Cyber Alliance?

The GCA is a nonprofit organization that aims to reduce cyber risk and improve the quality of the connected world. Founded in 2015 by the Center for Internet SecurityOpens a new window (aka CIS, and another nonprofit IT pros should be familiar with), the Manhattan District Attorney’s Office, and the City of London Police, the GCA is a 501(c)(3) in the U.S., and a registered nonprofit in the U.K. and Belgium.

Here’s the GCA’s mission statementOpens a new window : “The Global Cyber Alliance works with communities to improve the Internet and help people and organizations be more secure online.”

The GCA aims to solve cybersecurity and data privacy problems that they assert can’t be adequately solved by any one individual or organization. They work to promote collaboration and innovation to address internet security challenges at a global scale.

Examples of problems the GCA is working to help solve include:

• Reducing the risk of social engineering: Several GCA projects, such as Quad9, advocating for Domain-based Message Authentication, Reporting & Conformance (DMARC) adoption, and cybersecurity training, are intended to help reduce the risk of social engineering attacks (e.g., phishing and business email compromise).
• Improving the security of internet infrastructure: GCA’s current work includes AIDE, a cybersecurity intelligence platform that monitors global network traffic, detects potential threats, and delivers actionable insights to improve network security; Domain Trust, which aims to stop malicious domain names at registration; and MANRS, which outlines simple, concrete actions organizations can take to making the global routing infrastructure more robust and secure.
• Addressing election security risk: Democratic elections are often the target of cyberattacks. The GCA works to help election officials protect voting systems and increase public trust in the election process.
• Poor cybersecurity hygiene by individuals and small organizations: The GCA offers free toolkits and training to help individuals and businesses improve their security posture.

How does the Global Cyber Alliance solve problems?

The Global Cyber Alliance has several projects, tools, and initiatives intended to help it achieve its mission, often in collaboration with other organizations. Understanding what these are is a good way to grok how the GCA solves problems in practice. The table below summarizes 11 GCA projects and the problems they aim to solve.

What’s the coolest thing the Global Cyber Alliance has done?

A security and privacy-focused DNS resolver that now operates as an independent nonprofit. Quad9Opens a new window is exactly that.

Quad9 came about as the result of a collaboration between GCA, IBM, and Packet Clearing House (PCH). The name is a reference to the DNS resolver’s IPv4 address (9.9.9.9). The Quad9 DNS resolver doesn’t require an account to use and can block known malware from reaching end users. Being able to provide this protection free of charge is a big win from a cybersecurity perspective, and it’s a great example of the good GCA is doing in the world.

Honorable mentions: Cybersecurity toolkits and free cybersecurity training

GCA toolkits provide free cybersecurity tools for six different user groups:

• Small businesses- These tools are focused on meeting the needs of smaller commercial organizations.
• Individuals- Cybersecurity toolkits for individual end users.
• Journalists- A suite of cybersecurity tools intended to help enable the free press and empower journalists to stay secure online.
• Mission-based organizations- This toolkit is intended for use by other nonprofits and nongovernmental organizations (NGOs).
• Election officials- This toolkit aims to help election officials protect the democratic process and ensure elections are free and fair in practice.
• Financial institutions- In partnership with the New York State Department of Financial Services (DFS), the GCA created a toolkit intended to help small and medium-sized financial organizations.

For smaller organizations with limited budgets and IT teams that lack dedicated cybersecurity specialists, resources like these toolkits can help identify practical solutions that can meaningfully reduce risk.

In addition to toolkits, the GCA offers a variety of free training resourcesOpens a new window for multiple cybersecurity topics. There are fairly basic courses, such as “Creating Strong Passwords & Two-Factor Authentication”, but the GCA doesn’t stop there. It even offers a 56-lesson course on DMARCOpens a new window that covers topics like phishing and business email compromise (BEC).

I don’t expect the GCA to displace the IT certification industry anytime soon, and the curriculum admittedly doesn’t cover every security topic an IT pro should know. However, it is encouraging to see materials that provide individuals, businesses, and other organizations with a freely available way to educate themselves or their users on cybersecurity topics without paying for a course or creating their own training courses.

The GCA has already gained some credibility with success stories like the Quad9 DNS resolver. If they can continue to help deliver free, useful, and scalable cybersecurity solutions, they have a reasonable shot at achieving their ambitious goals.