Building New Cybersecurity Frameworks for Nonprofits as Part of the NIPP Challenge

WINSTON-SALEM, N.C. – [December 13, 2017]

Threat Sketch was recently awarded one of 10 contracts given in 2017 by the National Institute for Hometown Security (NIHS) and the Department of Homeland Security (DHS) through the National Infrastructure Protection Plan (NIPP) Security and Resilience Challenge. The challenge was created to help identify and fund research and development of innovative ideas that provide technologies and tools to the critical infrastructure community over multiple sectors.

The resulting project is a collaborative effort with multiple parties making contributions. The NIHS and DHS are funding specific areas of research, while Threat Sketch is contributing nearly half a million dollars worth of research to accelerate the development of nonprofit resources. “This project is an excellent example of what can happen when government, academic, and commercial sectors work together,” Arnold said.

The Threat Sketch project will help improve cybersecurity frameworks and resilience for the nonprofit sector. “Currently, our nation’s 1.5 million nonprofits are rarely recognized as members of the nation’s critical infrastructure,” said Rob Arnold, founder and CEO of Threat Sketch. “However, they operate in every sector, and while they share many risk attributes of for-profit organizations, there are also unique factors to consider.”  

Threat Sketch’s proposal is to research and develop a methodology that increases the use of the NIST Cybersecurity Framework among nonprofits in critical infrastructure sectors by improving cyber risk management tools. Operationally lean nonprofits are unlikely to have the data or expertise needed to perform a proper strategic cyber risk assessment. This project aims to improve that situation by sourcing data, maximizing the effort of highly skilled analysts, and automating where possible.

“From our founding, Threat Sketch has focused on providing resources for small businesses, many of which have a problem of constrained resources similar to non-profits. We will use our experience in this sector to help bring resources to nonprofits, while designing the strategy and risk assessment specifically for the nonprofit sector,” Arnold said.

In addition to working with small businesses, Threat Sketch has focused on building relationships with government organizations, regional education institutions, and entrepreneurial resources including the Small Business Technology Development Center, UNC – Greensboro’s Bryan School of Business, and Flywheel Coworking. The relationships with these organizations and their familiarity with the cybersecurity issues faced by the nonprofit sector will enable them to play key roles in this project.

Threat Sketch was eligible to participate in this challenge through its membership in the Information Technology Sector Coordinating Council. Sector coordinating councils are the federal government’s primary interface with the commercial industries involved in protecting our nation’s critical infrastructure. Threat Sketch joined the IT-SCC in the first quarter of 2017 to represent the needs of small and medium businesses.