Digital Security Exchange
Overview
The Digital Security Exchange emerged in response to an urgent need in the U.S. civil society sector: local nonprofits, national NGOs, journalists, and others were increasingly aware that their data, tech infrastructure, and communications platforms were vulnerable to attack, and yet they don’t know who to turn to for help. In addition, U.S-based cybersecurity experts and digital security trainers – many of whom have gained experience working with human rights groups abroad – were looking to apply the knowledge and skills to local and regional groups.
Approach
After speaking with dozens of organizations and experts, the Digital Security Exchange (DSX) team developed a process that pairs social sector organizations with credible and trustworthy digital security providers and trainers who can help organizations keep their data and networks safe from exposure, exploitation, and attack. The project has worked with more than two dozen journalistic organizations, social sector groups (e.g., those working with survivors of domestic violence, advocates for reproductive rights, legal aid providers), and human rights organizations to identify the digital security providers who can help them conduct threat assessments, develop organizational policies, and implement digital security capacity-building efforts.
The DSX is the U.S. implementation of the Center for Digital Resilience, an newly-founded organization (Levy is technology director) that works to create DSX-like projects with regional and thematic communities around the world. The DSX also convened a strong working group comprised of digital security experts, technologists, and human rights activists to help advise the project.
In 2018 the DSX launched a simple, user-friendly, and secure website that invites organizations and potential providers to detail their needs and backgrounds, and to connect with one another. While technology powers the infrastructure, the DSX puts personal engagement at the center of the process by placing incoming organizations in the driver’s seat and inviting them to articulate their perceived threats and anticipated needs before diving into conversations about specific tools or techniques.
Process
The iterative nature of this work has led to the development of a multifaceted approach to working with organizations. Most organizations come to the DSX with somewhat indistinct needs – they are often seeking advice on how to take digital security seriously, and are looking to work with a long-term partner to assess their needs, develop a strategic plan, and address vulnerabilities preemptively or as threats emerge. Other organizations are more conscious of their specific needs and know what they need a provider to do and may not require a long-term engagement with the DSX.
Next Steps
Digital Security Exchange is live and invites civil society groups to request assistance through its secure forms. In addition, the DSX is inviting more digital security providers to join the network, knowing that supply must grow to meet increasing demand. Digital security help doesn’t come free, so the DSX is developing strategies for resourcing organizational capacity-building work, including working with funders to directly resource organizations’ work in this area; working with organizations to write digital security capacity building into their grant proposals; and providing capacity building resources directly.