Craigslist Founder Gives $300M to Fund Critical US Infrastructure Cybersecurity (yahoo.com) 9
Craig Newmark "is alarmed about potential cybersecurity risks in the U.S.," according to Yahoo Finance. The 71-year-old Craigslist founder says "our country is under attack now" in a new interview with Yahoo Finance executive editor Brian Sozzi on his Opening Bid podcast.
But Newmark also revealed what he's doing about it: [H]e started Craig Newmark Philanthropies to primarily invest in projects to protect critical American infrastructure from cyberattacks. He told Sozzi he is now spending $200 million more to address the issue, on top of an initial $100 million pledge revealed in September of this year. He encouraged other wealthy people to join him in the fight against cyberattacks. "I tell people, 'Hey, the people who protect us could use some help. The amounts of money comparatively are small, so why not help out,'" he said... The need for municipalities and other government entities to act rather than react remains paramount, warns Newmark. "I think a lot about this," said Newmark.
"I've started to fund networks of smart volunteers who can help people protect infrastructure, particularly [for] the small companies and utilities across the country who are responsible for most of our electrical and power supplies, transportation infrastructure, [and] food distribution.... A lot of these systems have no protection, so an adversary could just compromise them, saying unless you do what we need, we can start shutting off these things," he continued. Should that happen, recovery "could take weeks and weeks without your water supply or electricity."
A web page at Craig Newmark Philanthropies offers more details Craig was part of the whole "duck and cover" thing, in the 50s and 60s, and realizes that we need civil defense in the cyber domain, "cyber civil defense." This is patriotism, for regular people.
He's committed $100 million to form a Cyber Civil Defense network of groups who are starting to protect the country from cyber threats. Attacks on our power grids, our cyber infrastructure and even the internet-connected gadgets and appliances in our homes are real. If people think that's alarmist, tell them to "Blame Craig." The core of Cyber Civil Defense [launched in 2022] includes groups like Aspen Digital, Global Cyber Alliance, and Consumer Reports, focusing on citizen cyber education and literacy, cyber tool development, and cybersecurity workforce programs aimed at diversifying the growing field.
It's already made significant investments in groups like the Ransomware Task Force and threat watchdog group Shadowserver Foundation...
But Newmark also revealed what he's doing about it: [H]e started Craig Newmark Philanthropies to primarily invest in projects to protect critical American infrastructure from cyberattacks. He told Sozzi he is now spending $200 million more to address the issue, on top of an initial $100 million pledge revealed in September of this year. He encouraged other wealthy people to join him in the fight against cyberattacks. "I tell people, 'Hey, the people who protect us could use some help. The amounts of money comparatively are small, so why not help out,'" he said... The need for municipalities and other government entities to act rather than react remains paramount, warns Newmark. "I think a lot about this," said Newmark.
"I've started to fund networks of smart volunteers who can help people protect infrastructure, particularly [for] the small companies and utilities across the country who are responsible for most of our electrical and power supplies, transportation infrastructure, [and] food distribution.... A lot of these systems have no protection, so an adversary could just compromise them, saying unless you do what we need, we can start shutting off these things," he continued. Should that happen, recovery "could take weeks and weeks without your water supply or electricity."
A web page at Craig Newmark Philanthropies offers more details Craig was part of the whole "duck and cover" thing, in the 50s and 60s, and realizes that we need civil defense in the cyber domain, "cyber civil defense." This is patriotism, for regular people.
He's committed $100 million to form a Cyber Civil Defense network of groups who are starting to protect the country from cyber threats. Attacks on our power grids, our cyber infrastructure and even the internet-connected gadgets and appliances in our homes are real. If people think that's alarmist, tell them to "Blame Craig." The core of Cyber Civil Defense [launched in 2022] includes groups like Aspen Digital, Global Cyber Alliance, and Consumer Reports, focusing on citizen cyber education and literacy, cyber tool development, and cybersecurity workforce programs aimed at diversifying the growing field.
It's already made significant investments in groups like the Ransomware Task Force and threat watchdog group Shadowserver Foundation...
It is not a question of money (Score:2)
It is one of mindset. And as long as software, system-administration, etc. needs to be primarily cheap, it will remain grossly insecure.
Re: (Score:2)
So true. One thing infrastructure companies don't lack is money.
So money is going to security related projects? (Score:3)
Re: (Score:2)
Why would it necessarily be ooenssl, when libressl is the fork fixated on security?
I think it should go to open source projects, but deciding which ones won't be an easy task.
Seems like a decent fella (Score:2)
Shame Zuck's FB Marketplace ate his lunch. Seriously, I don't think there's anybody left on Craigslist besides the spambots.
Too little, too late (Score:3)
This should have been the emphasis at the start of the millennium, not a quarter of the way through it. We're already under severe attack, attacks that should never have been possible to begin with.
I understand Craig can only donate so much, he's not as rich as a lot of other folk, but a complete overhaul of US cybersecurity to the point where it's meaningfully secure is going to cost tens of thousands of times that because it has been left so late in the day.
(Even if it had been done in 2000, you'd still be looking at a hundred times that figure.)
This is why you don't leave critical stuff until after the last minute. The price of repairing failures when they're already occurring is much, much higher, and the complexity in the past 25 years has shot up.
It's now at the point where national governments need to be involved, because philanthropists can't come up with the trillions it will now need because nobody in authority bothered.
Fixing the Titanic as it sinks is always going to be a much harder task than building it right to begin with.
As long as the government demands backdoors (Score:2)
Critical infrastructure and cyberattacks (Score:2)
Aug 2003: Slammer worm crashed Ohio nuke plant net [theregister.com]
Sep 2003: Blaster Worm Linked to Severity of Blackout [computerworld.com]
Nov 2003: Software Failure Cited in Blackout Investigation [computerworld.com]
Cybersecurity oxymoron (Score:2)
The chain of custody in Cyberville from a software perspective intrinsically leaves chokepoints for human inputs that betray its security aspirations. Craig congrats for putting money behind an effort to get the ball rolling. At some low level of granularity infrastructure improvements can be made to be more cyber-resistant. Babysteps should be welcome and exuberantly implemented where contagion can be isolated from further encroachment up the chain.
In a software defined, digitally managed hardware configur