Prioritizing systemic internet safety through collective action, infrastructure security, and practical tools for underserved communities.
Brian, as Interim CEO of the Global Cyber Alliance, you lead an organization dedicated to strengthening trust and safety on the Internet. What initially drew you to this mission, and how has it shaped your vision for a more secure digital future?
Cybersecurity is both a technology and people issue. I’ve been working in the Internet industry and in cybersecurity for a long time, at both GCA and previously as CEO of Public Interest Registry (PIR). A recurring theme I’ve heard is that for many everyday Internet users, cybersecurity can feel complex, intimidating, and inaccessible. GCA is working to make our digital world safer for everyone, and that’s a mission that really resonates with me. I’ve been especially proud of working with underserved and under-resourced communities to ensure they have the tools they need to use the Internet more securely.
In addition, GCA’s broader work to improve the Internet’s infrastructure is key to reducing cybercrime that erodes trust in the Internet. Whether it’s people who need tools to protect themselves from cybercrime or the people who operate the Internet’s infrastructure, people are at the center of cybersecurity and securing our digital future.
The Global Cyber Alliance addresses issues that are often described as “too complex” or “too global” for any single entity to solve. How do you decide which systemic challenges to prioritize?
Our focus is providing cybersecurity at scale for all. That can only be achieved with all stakeholders–government, industry, the technical community, and civil society–working together. GCA mobilizes collective action to address the cybersecurity issues that cannot be solved by one entity alone. Our work is rooted in collaboration, because real change requires uniting multiple perspectives to find solutions together. We study systemic threats, identify what’s needed to overcome them, how each player in the Internet ecosystem can help, and then we build practical solutions that everyone can use.
We’re guided by our community, our Board, and a diverse set of strategic advisors who help us prioritize where we can make the most impact. Right now, we’re focused on scaling up our cybersecurity tools and training to reach more people, improving the Internet infrastructure that underpins our daily lives, and mobilizing collective action across the Internet ecosystem to tackle these huge problems.
With generative AI rapidly advancing, cybercriminals now have tools that make attacks more sophisticated and scalable. How is GCA helping organizations adapt to this new threat landscape?
Concerns about new threats from genAI are well founded, but it is equally important to remind ourselves that cybercriminals have tactics older than genAI that they use to hack, influence, and otherwise get what they want. Let’s not forget the cybersecurity basics that we all have to practice daily – things like strong passwords and multi-factor authentication (MFA), updated systems and extensions, regular backups, limited app permissions, and secure DNS. A 2023 Microsoft Threat Intelligence report states that basic security hygiene protects against 98% of attacks.
GCA translates complex cybersecurity concepts into plain language and practical steps for small businesses, nonprofits, and other often overlooked groups. When the most vulnerable are protected, the entire digital ecosystem gets stronger.
Our GCA Cybersecurity Toolkits include an “Artificial Intelligence User Security Guide,” and we’re working toward using AI to automate the full lifecycle of our training and resources.
GenAI has effectively lowered the cost and effort required for criminals to launch attacks. What does this shift mean for traditional cybersecurity defenses and prevention strategies?
Deepfakes, voice clones, and personalized chatbots make it even harder for people to detect and block the barrage of cyberattacks. Large companies can battle attackers with network hygiene and staff cybersecurity training. Smaller companies often lack the knowledge, skills, and budget to combat these problems head-on.
That’s all the more reason we need to harness AI to create more effective defensive tools and to deliver more automated capacity building at scale. We must raise awareness among all Internet users about the risks they face online and enable them to develop essential cybersecurity habits to make safer choices online. We must strengthen the Internet’s technical foundations to combat attacks at the source, like reducing the number of malicious domain names and monitoring unchecked and unwanted Internet traffic carrying phishing, malware, and more. We must invest in education, defenses, and infrastructure to slow this crisis before it overwhelms us.
You’ve often emphasized that cyber threats are inevitable, not avoidable. How should organizations rethink their approach to prevention, detection, and response under this reality?
Cybersecurity must be prioritized by small business and nonprofit leaders, or these vulnerable organizations will inevitably fall victim to cyber attacks. Many small businesses and nonprofits haven’t prioritized cybersecurity because they are busy running their organizations and are focused on delivering services to their customers and impact to the communities they serve.
A first step toward prevention is to assign responsibility for cybersecurity to someone on their team. It is essential to have a designated “security champion” who takes ownership of cybersecurity, even in organizations too small for a full IT department. What matters is having someone who keeps security on the agenda, coordinates training and preparedness, and knows who to call when an incident happens. Resilience isn’t about perfection; it’s about readiness and leadership.
Preventing incidents is the first order of business. Fortunately, there are many good resources available as well as easy-to-use free tools that can provide operational protection to any organization. Building resilience—being able to recover quickly and keep operations running—starts with the basics: reliable, tested backups for all your systems and information and a clear incident response plan. Too many organizations discover those gaps only after something goes wrong.
The Internet’s decentralized structure — spanning over 70,000 independent networks — makes coordination challenging. What practical steps can stakeholders take to improve collaboration across this fragmented ecosystem?
The decentralized nature of the Internet is what makes it so strong – no single entity controls it. It also means no single entity can strengthen it, so progress depends on each of us doing our part.
If you run a network, initiatives like MANRS (Mutually Agreed Norms for Routing Security) form a community of organizations dedicated to improving routing security. Engaging with CERTs (Computer Emergency Response Teams) and ISACs (Information Sharing and Analysis Centers) can provide trusted channels for sharing threat information, coordinating response efforts, and learning from others’ experiences.
The Internet works because we agree to make it work. Improving its security depends on a spirit of mutual responsibility, collaboration, and continuous learning.
Partnerships across governments, academia, and the private sector are central to GCA’s model. What does successful collaboration look like in today’s fast-moving cyber environment?
It takes small efforts by many connected networks to achieve much larger global impact. Governments, industry, academia, the technical community, and civil society all have a role to play in scaling cybersecurity protection on the Internet for all. Collaboration among network operators, industry investment in scalable cybersecurity capacity building projects, universities expanding cyber clinics and cybersecurity curriculum, sound policies, and investments by governments in AI and cybersecurity workforce development programs are all needed to turn the tide against the rise in cybercrime and cyber attacks. Collective action among these stakeholders is needed to achieve scale, and GCA plays a trusted convenor role in a number of such collaborations.
Our mission is rooted in the belief that cybersecurity is a shared responsibility that requires collective action.
Securing the Internet’s core infrastructure, the names, numbers, and routes that underpin its operation often happen behind the scenes. Why is investment in this area so critical to global resilience and innovation?
When the foundations of the Internet are attacked, the effects cascade across borders and sectors, disrupting economies, communications, and essential services. An ecosystem of largely nonprofit organizations and NGOs quietly safeguard the Internet through technical standards and security services. Their work is vital, but their resources are fragile. Many operate on razor-thin budgets, relying on donations, grants, and volunteers to keep essential protections available to all.
A secure and resilient Internet allows innovation to flourish on top of it: businesses can grow, governments can deliver services, and individuals can connect. Without trust in the underlying infrastructure, progress slows. Only coordinated action among the operators of Internet infrastructures can have a real impact mitigating systemic cyber risks. Investment in the underlying infrastructure, therefore, is critical because it safeguards the reliability of the entire digital ecosystem.
As cyber threats grow more pervasive, maintaining public trust becomes as important as technical defense. How can organizations preserve that trust when incidents inevitably occur?
Transparency, accountability, and preparation are key. That means having an incident response plan ready and tested, with clearly assigned roles before a crisis hits. When an incident happens, trust means being upfront about what happened, what’s being done to fix it, and how you’ll prevent it in the future. Trust is preserved through openness, competence, and follow-through.
Looking to the future, how do you envision the Internet evolving if we achieve stronger global cooperation? What does a truly trustworthy digital ecosystem look like to you?
GCA’s vision is “a secure, trustworthy Internet that enables social and economic progress for all.” We’re working to evolve the Internet into something both more resilient and more inclusive. We see a network we can depend on without needing deep technical expertise to stay safe, a trustworthy digital ecosystem where security and accountability are built in by design, not added on after the fact.
In that future, network operators follow shared best practices, threat information flows quickly through trusted channels, and governments, the private sector, and civil society work together to protect the common good. Users have confidence that their data is safe, their communications are private, and their access is ubiquitous. A trustworthy Internet functions like any essential public utility—reliable, transparent, and built to serve everyone, everywhere.
Brian Cute
Interim Chief Executive Officer, Global Cyber Alliance
Brian Cute is the Interim Chief Executive Officer of the Global Cyber Alliance. He also serves as Chief Operating Officer and Director of the Capacity & Resilience program, which seeks to democratize cybersecurity to support global social and economic growth. The program develops and deploys free resources at the grassroots level to help improve identified communities’ cybersecurity capacity and enhance their resilience to cyber risk.
Brian Cute is a respected voice in Internet governance and cybersecurity, bringing leadership experience from ICANN and the Public Interest Registry. His background includes experience engaging with communities around the world to understand how they access the Internet and discovering what is important to them when they go online. People want to connect with others, be trustworthy, and engage in a safe environment. This experience helps advance GCA’s mission to enable communities with easy-to-use cybersecurity tools.