All posts by Andie Goodwin

Embrace equity on International Women’s Day (and every day)

Post Syndicated from Andie Goodwin original https://blog.cloudflare.com/international-womens-day-2023/

Embrace equity on International Women’s Day (and every day)

This post is also available in 简体中文, 日本語, 한국어, Deutsch, Français, Español.

Embrace equity on International Women’s Day (and every day)

Happy International Women’s Day! The global theme for 2023 is #EmbraceEquity, which is part of an ongoing effort to raise awareness around “Why equal opportunities are no longer enough.” Today is a time to highlight achievements made by women, but also an opportunity to become better informed, and collaborate and brainstorm about the path forward.

“People start from different places, so true inclusion and belonging require equitable action.” — internationalwomensday.com

Embrace equity on International Women’s Day (and every day)

Help put an end to gender bias and discrimination

Consider taking a few minutes today to learn about pervasive challenges affecting women, including in the workplace. Since unconscious bias is a major driver of hurdles holding women back, it is beneficial for people of all gender identities to educate ourselves about the varied experiences of others.

Here are some resources to get help get you started:

  • Recognize the difference between equity and equality and see why striving for equality can interfere with inclusion-related efforts.
  • Read highlights from the Women in the Workplace report from McKinsey and LeanIn.Org to examine factors that are holding women back from advancement and in many cases making them decide to leave a company. One notable statistic: “For every 100 men who are promoted from entry-level roles to manager positions, only 87 women are promoted, and only 82 women of color are promoted.”
  • Watch a five-minute video of the history of the concept of intersectionality, explained by Kimberlé Crenshaw, who coined the term. Intersectionality refers to the “double bind of simultaneous racial and gender prejudice.”
  • Better understand challenges within the tech sector in the report What (and Who) is Holding Women Back in Tech? One finding from this survey, conducted by Girls Who Code and Logitech, is that 90% of women report experiencing microaggressions at work. The report describes key career drivers and the importance of communities of support.

What is Womenflare and how are we celebrating International Women’s Day?

Womenflare is a Cloudflare employee resource group (ERG) for women and people who advocate for women. We are an employee-led group that is here to empower, represent, and support.

At Cloudflare, we are continuing our tradition of building community and celebrating women’s achievements together throughout March. We are also encouraging discussion on equity vs. equality and how we can champion equity for ourselves and those around us with these internal events in the weeks ahead:

  • Celebrating with comedy: We are kicking things off with some fun and jokes from Laugh.Events! Offering “Laughter as a Service (LaaS),” they will deliver stand-up comedy, musical comedy, and other comedic activities for a celebratory “Workplace Variety Hour.”
  • Equity and allyship chats: After our celebrations, we are opening forums to discuss equity and what this means for each of us in our unique intersectionalities. We have invited some of our fellow employee resource group leads from Asianflare, Nativeflare, and Proudflare to share with us and dive into how we can be both supported and supportive.
  • Equity leadership panel: Our internal leadership panels were always well received in previous years, so we decided not to mess with a good thing. This year, we will be inviting another group of inspirational women leaders in Cloudflare to share their experiences with us and explore the areas where we can promote equity in the workplace.
  • And more: We have so much more planned for March! From Book Club and meetups to Cloudflare TV episodes and networking events, we are partnering across teams to ensure there are plenty of opportunities to participate and join in on the fun and discussions.

No matter how you plan to celebrate International Women’s Day and Women’s History Month, consider how you can do your part to champion an equitable world. Join the #IWD2023 movement — #EmbraceEquity today (and every day)!

Embrace equity on International Women’s Day (and every day)

Life at Cloudflare

Learn more about how we are cultivating community, including through employee resource groups like Womenflare, via our careers page—and check out our open positions.

To read about our progress on the UN Ten Principles and the Sustainable Development Goals (SDGs), download our latest Impact Report.

Closing out 2022 with our latest Impact Report

Post Syndicated from Andie Goodwin original https://blog.cloudflare.com/impact-report-2022/

Closing out 2022 with our latest Impact Report

Closing out 2022 with our latest Impact Report

To conclude Impact Week, which has been filled with announcements about new initiatives and features that we are thrilled about, today we are publishing our 2022 Impact Report.

In short, the Impact Report is an annual summary highlighting how we are helping build a better Internet and the progress we are making on our environmental, social, and governance priorities. It is where we showcase successes from Cloudflare Impact programs, celebrate awards and recognitions, and explain our approach to fundamental values like transparency and privacy.

We believe that a better Internet is principled, for everyone, and sustainable; these are the three themes around which we constructed the report. The Impact Report also serves as our repository for disclosures consistent with our commitments for the Global Reporting Initiative (GRI), Sustainability Accounting Standards Board (SASB), and UN Global Compact (UNGC).

Check out the full report to:

  • Explore how we are expanding the value and scope of our Cloudflare Impact programs
  • Review our latest diversity statistics — and our newest employee resource group
  • Understand how we are supporting humanitarian and human rights causes
  • Read quick summaries of Impact Week announcements
  • Examine how we calculate and validate emissions data

As fantastic as 2022 has been for scaling up Cloudflare Impact and making strides toward a better Internet, we are aiming even higher in 2023. To keep up with developments throughout the year, follow us on Twitter and LinkedIn, and keep an eye out for updates on our Cloudflare Impact page.

Protecting election groups during the 2022 US midterm elections

Post Syndicated from Andie Goodwin original https://blog.cloudflare.com/protecting-election-groups-during-the-2022-us-midterm-elections/

Protecting election groups during the 2022 US midterm elections

Protecting election groups during the 2022 US midterm elections

On Tuesday, November 8, 2022, constituents cast their ballots for the 2022 US midterm elections, which included races for all 435 seats in the House of Representatives, 35 of the 100 seats in the Senate, and many gubernatorial races in states including Florida, Michigan, and Pennsylvania. Preparing for elections is a giant task, and states and localities have their work cut out for them with corralling poll workers, setting up polling places, and managing the physical security of ballots and voting machines.

We at Cloudflare are proud to be able to play a role in helping safeguard the integrity of the electoral process. Through our Impact programs, we provide cyber security products to help protect access to authoritative voting information and the security of sensitive voter data.

We have reported on our work in the election space with the Athenian Project, dedicated to protecting state and local governments that run elections; Cloudflare for Campaigns, a project with a suite of Cloudflare products to secure political campaigns’ and state parties’ websites and internal teams; and Project Galileo, in which we have helped voting rights organizations and election results sites stay online during traffic spikes.

Since our reporting in 2020, we have expanded our relationships with government agencies and worked with project participants across the United States in a range of election roles to support free and fair elections. For the midterm elections, we continued to support election entities with the tools and expertise on how to secure their web infrastructure to promote trust in the voting process.

Overall, we were ready for the unexpected, as we had experience supporting those in the election community in 2020 during a time of uncertainty around COVID-19 and increased political polarization. But for the midterms, the Cybersecurity and Infrastructure Security Agency (CISA), the key agency tasked with protecting election infrastructure against cyber threats, reported the morning of November 8 that they “continue to see no specific or credible threat to disrupt election infrastructure” for the day of the election.

At Cloudflare, although we did see reports of a few smaller attacks and outages, we are pleased that the robust cyber security preparations by governments, nonprofits, local municipalities, campaigns, and state parties appeared to be successful, as we did not identify large-scale attacks on November 8, 2022.

Below are highlights on the activity we saw as we approached midterms and how we worked together with all of these groups to secure election resources.

Key takeaways from the 2022 midterm elections

For state and local governments protected under the Athenian Project

  • We protect 361 election websites in 31 states. This is a 31% increase since our reporting during the 2020 election.
  • Average daily application-layer attack volume against Athenian sites was only 3.4% higher in November through Election Day than it was in October.
  • From October 1 through November 8, 2022, government election sites experienced an average of 16,170,728 threats per day.
  • A majority of the threats to government election sites that Cloudflare mitigated in October 2022 were classified as HTTP anomaly, SQL injection, and software specific CVEs.

For political campaigns and state parties protected under Cloudflare for Campaigns

  • With our partnership with Defending Digital Campaigns, we protected 56 House campaigns, 15 political parties, and 34 Senate campaigns during the midterm elections.
  • Average daily application-layer attack volume against campaign sites was over 3x higher in November through Election Day than it was in October.
  • From October 1 through November 8, 2022, political campaign and state party sites saw an average of 149,949 threats per day.
  • HTTP anomaly, SQL injection, and directory traversal were the most active categories for mitigated requests against campaign sites in October.

Risks to online election groups as we approached the midterms

In preparation for the midterms, the Federal Bureau of Investigation (FBI) and CISA put out a variety of public service announcements calling attention to cyber election risks, like DDoS attacks, and providing reassurance that cyber attacks were “unlikely to result in large-scale disruptions or prevent voting.” Earlier this year, the FBI issued a warning on phishing attempts, with details about a seemingly organized plot to steal election officials’ credentials via an email with a fake invoice attached.

We also saw some threat actors announce plans to target the midterm elections. Killnet, a pro-Russia hacking group, targeted US state websites, successfully taking the public-facing websites of a number of states temporarily offline. Hacking groups will target public-facing government websites to promote mistrust in the democratic process.

Voting authorities face challenges unrelated to malicious activity, too. Without the proper tools in place, traffic spikes during election season can impede voters’ ability to access information about polling places, registration, and results. During the 2020 US election, we saw 4x traffic spikes to government elections sites.

On the political organizing side, political campaigns and state parties increasingly rely on the Internet and their web presence to issue policy stances, raise donations, and organize their campaign operations. In October 2022, the FBI notified Republican and Democratic state parties that Chinese hackers were scanning party websites for vulnerabilities.

So, what happened during the 2022 US midterm elections?

Protecting election groups during the 2022 US midterm elections

As we prepared for the midterms, we had a team of engineers ready to assist state and local governments, campaigns, political parties, and voting rights organizations looking for help to protect their websites from cyber attacks. A majority of the threats that we saw and directly assisted on were before the election, especially in the wake of many advisories from federal agencies on Killnet’s targeting of US government sites.

During this time, we worked with CISA’s Joint Cyber Defense Collaborative (JCDC) to provide security briefings to state and local election officials and to make sure our free Enterprise services for state and local governments under the Athenian Project were part of JCDC’s Cybersecurity Toolkit to Protect Elections. We provided additional support in terms of webinars, security recommendations, and best practices to better prepare these groups for the midterms.

A week before the election, we worked with partners such as Defending Digital Campaigns to onboard many political campaigns and state parties to Cloudflare for Campaigns after seeing a number of campaigns come under DDoS attack. With this, we were able to accept 21 of the Senate Campaigns up for re-election, with an overall total of 34 Senate campaigns protected under the project.

Preparing for the next election

Being in the election space means working with local government, campaigns, state parties, and voting rights organizations to build trust. Democracies rely on access to information and trusted election results.

We accept applications to the Athenian Project all year long, not just during election season — learn how to apply. We look forward to providing more information on threats to these actors in the election space in the next few months to support their valuable work.

A new portal for Project Galileo participants

Post Syndicated from Andie Goodwin original https://blog.cloudflare.com/a-new-portal-for-project-galileo-participants/

A new portal for Project Galileo participants

This post is also available in 日本語, Deutsch, Français, Español and Português.

A new portal for Project Galileo participants

Each anniversary of Project Galileo serves as an impetus for big-picture thinking among the Cloudflare team about where to take the initiative next. For this eighth anniversary, we want to help participants get the most out of their free security and performance services and simplify the onboarding process.

Organizations protected under Galileo are a diverse bunch, with 111 countries represented across 1,900+ web domains. Some of these organizations are very small and sometimes operated solely by volunteers. It is understandable that many do not have IT specialists or other employees with technical knowledge about security and performance capabilities. We strive to give them the tools and training to succeed, and we felt it was imperative to take this effort to a new level.

Introducing the Cloudflare Social Impact Projects Portal

To provide Galileo participants with one place to access resources, configuration tips, product explainers, and more, we built the Cloudflare Social Impact Projects Portal.

The crisis in Ukraine was a key source of inspiration for this endeavor. With overall applications for the project skyrocketing by 177% in March 2022, we were rushing to onboard new participants and get them protected from devastating attacks online. The invasion has sparked conversations among our team about how to effectively communicate the wide variety of products available under the project, get groups onboarded more quickly, and make the process easier for those who speak English as a second language.

With this portal, we hope to accomplish all of these goals across all Cloudflare Impact programs. In addition to Project Galileo, which protects groups that might otherwise be in danger of being silenced by attacks, we also have:

Helping participants on their Cloudflare journey

With the help of numerous volunteers among the Cloudflare team, we are launching the portal with the following resources:

  • New engineer-led video walkthroughs on setting up security and performance tools
  • Quick summaries of technical terms, including DNS lookups, web application firewalls, caching, and Zero Trust
  • Resources for support and troubleshooting

Throughout the portal, we have included links to our Learning Center, developer docs, and Help Center so participants can get user-friendly explanations of terminology and troubleshooting tips.

What’s ahead

Since we started Project Galileo back in 2014, we have routinely added new products and tools to the program as Cloudflare innovates in new areas and as participants’ security, performance, and reliability needs change. We are now working toward adding more Zero Trust capabilities within Project Galileo.

For more information about Project Galileo, check out our other 8th anniversary blog posts:

The deluge of digital attacks against journalists

Post Syndicated from Andie Goodwin original https://blog.cloudflare.com/the-deluge-of-digital-attacks-against-journalists/

The deluge of digital attacks against journalists

“A free press can, of course, be good or bad, but, most certainly without freedom, the press will never be anything but bad.”
Albert Camus

The deluge of digital attacks against journalists

Since its founding in 1993, World Press Freedom Day has been a time to acknowledge the importance of press freedom and call attention to concerted attempts to thwart journalists’ essential work. That mission is also embedded in the foundations of our Project Galileo, which has a goal of protecting free expression online — after the war in Ukraine started, applications to the project increased by 177% in March 2022 alone.

In Uruguay today, UNESCO’s World Press Freedom Day Global Conference is underway, with a 2022 theme of “Journalism under Digital Siege.”

It is a fitting and timely theme.

While the Internet has limitless potential to make every person a publisher, bad actors — both individuals and governments — routinely deploy attacks to silence free expression. For example, Cloudflare data illustrate a trend of increased cyber attacks since the invasion of Ukraine, and journalists are frequent targets. Covering topics such as war, government corruption, and crime makes journalists vulnerable to aggression online and offline. Beyond the issue of cyber attacks, Russian authorities’ decision to block websites they find objectionable has hindered citizens’ ability to access news.

The UNESCO report Threats that Silence: Trends in the Safety of Journalists spotlights the methods that criminals use to interfere with press freedom, including hacking (such as to steal confidential data) and digital attacks (one example is DDoS attacks to overwhelm a site with traffic).

Traffic spikes and news cycles

Web traffic closely follows world events, and sudden increases in interest in a topic can leave sites struggling to adjust. For example, during and after the Oscars, movie news sites like Variety and The Hollywood Reporter see drastic changes in traffic. This year, the day after the Oscars, DNS requests rose to 1,200% more than usual.

We spot the same trend during elections. As polling stations closed for the recent French presidential race, traffic to news sites rose 142% while citizens tracked results.

In wartime, ensuring the availability of a wide variety of news sources is vital so that citizens can access information relevant to their safety. In an April blog post, we highlighted Russian authorities’ decisions to block news websites. Meanwhile, traffic to several Western media outlets rose as Russian citizens sought out international sources.

Take a look at the DNS traffic from Russia to one well-known US newspaper:

The deluge of digital attacks against journalists

DNS traffic from Russia for a large French news source also grew enormously:

The deluge of digital attacks against journalists

Keeping journalists online

As previously discussed on our blog, Project Galileo was born from a mistake we made during the Russian invasion of Crimea in 2014. Because of an attack, we stopped proxying traffic of an independent newspaper in Ukraine that had been covering the ongoing Russian invasion, and the site went offline. That day prompted reflection on how we could truly live up to our mission to help build a better Internet.

Particularly during wartime, news publishers need proper resources to prevent bad actors from knocking websites offline and to manage traffic spikes. As part of Project Galileo, we provide free security and performance services to journalists, humanitarian groups, and civil rights organizations around the world. Independent media and journalism organizations make up a majority of the domains protected under the project.

The number of cyber attacks on journalists is staggering. When we examined traffic data last year, we found that journalism and media sites protected under Project Galileo are subject to over 30 million cyber attacks per day.

To identify candidates for participation in Project Galileo, we partner with dozens of free speech, public interest, and civil society organizations, including Fourth Estate, Free Press, Reporters Sans Frontières, and Institute for War & Peace Reporting.

According to W. Jeffrey Brown, founder of Fourth Estate, “The right to freedom of expression and information is an essential element of free and democratic societies. Historically, times of war and conflict are rife with weaponized misinformation, disinformation, and propaganda. The work of the free press is essential in providing people with accurate, timely, and trustworthy information: news that saves lives and property and shines a light on war crimes and human rights abuses.”

Get to know Project Galileo participants

Since many of these organizations are particularly vulnerable and subject to backlash, we do not publicly discuss participants unless we receive explicit permission. We also have never removed an organization from protection in the face of political pressure.

Below are some journalism-related organizations that have agreed to publicly talk about their participation. Check out these case studies to see what makes journalism in the digital era so challenging:

How to join Project Galileo

Applications to Project Galileo have skyrocketed since the invasion began, with many coming from organizations within Ukraine and neighboring countries. We are rapidly onboarding sites dedicated to journalism, human rights, and nonprofits that are organizing refugee efforts.

Know a site that could use our help? Public interest groups can quickly apply online, and we engage our partners to identify the at-risk websites that can benefit from the project.

Organizations spotlighting chilling effects and on-the-job dangers

Our Project Galileo partners are excellent resources for understanding the challenges journalists face, both in Ukraine and the rest of the world. Here are a few examples:

  • Committee to Protect Journalists: Examine data on the deadly risks for journalists; CPJ finds that at least 27 journalists were killed in 2021 because of their work.
  • Access Now: Get security tips and view regular updates on how the invasion of Ukraine is affecting freedom of expression online.
  • Reporters Sans Frontières: View the interactive 2021 World Press Freedom Index. It incorporates criteria including media independence, transparency, and legislative frameworks.
  • Institute for War & Peace Reporting: Learn about the dangers of covering the war in Ukraine.
  • Center for International Media Assistance: See how news outlets are leveraging encrypted messaging apps to reach audiences in developing countries and emerging democracies.
  • Council of Europe: Read the new annual report by the Council of Europe Platform for the Protection of Journalism and the Safety of Journalists; it notes that 2021 was the deadliest year for journalists in Europe since 2015.

Coming up

The eighth anniversary of Project Galileo is just weeks away. Stay tuned for case studies highlighting new and long-time participants as well as updated data from Cloudflare Radar. And for a look back at 2021 highlights from Project Galileo, download our Impact Report.