From the moment we first embarked on the DSX project, in early 2017, through today, we’ve used an agile-like method of understanding the needs of organizations, providers, and communities we are working with. In part, that means an incremental and deliberate approach to users’ experience of the project and our website. We’ve been asking, evaluating and responding to the needs of users – organizations and providers – rather than making assumptions about how they are responding to digital risks and vulnerabilities.
Likewise, we weren’t completely sure what kind of providers would be interested in offering help, and what kind of help they could offer.
Now, more than halfway into 2018, we have a pretty good idea of what kind of orgs we can help, and how providers can work with us to help them. (That said, we’ll always be conducting user testing and evaluation to ensure that DSX is meeting the needs of our community.)
Organizations
Early on we discovered that most groups that come to us can be loosely described as “intermediaries”: Legal aid providers, rights advocates, social service groups, and organizers working with – but usually not within – “frontline” communities affected by issues including women’s rights, reproductive justice, domestic violence, immigrant rights, human rights, climate change, and journalism/media.
We also found that many of the organizations asking for assistance are unsure of what they actually need. It’s our goal to understand their needs and threats as much as possible before offering support. To do this, one of our first steps in the process is to meet with one of the organization’s members and conduct an initial security assessment. From this, we are able to outline a plan forward and to ensure a better match to one of our digital security experts within our provider network.
Providers
We continue to invite digital security trainers and cybersecurity experts to participate in the DSX network. To date, we have a group of about 15 providers with depth and experience working with human rights and civil society organizations in the U.S. and around the world. In addition, we’ve heard from dozens of cybersecurity professionals interested in lending their skills to organizations in need of assistance.
Given many organizations’ need for sensitivity and experience around specific sets of issues, we think it’s appropriate for our core group of trusted providers to be the primary responders. However, we want to make sure that security experts with different perspectives and sets of experiences – for example, engineers working for large tech companies – have a chance to help. That’s why we’ve organized a “Cyber Squad” list, which DSX staff and primary responders will contact when specific technical needs arise.
Case studies
Below are three case studies that illustrate the kind of organizations that have come to the DSX, and how we’ve worked to identify their needs and make the right connections. Some identifying information has been changed to maintain organizations’ privacy and anonymity.
Case 1
An organization working with journalists needed assistance training their team on securing their networks, reporting safely, and protecting themselves from harassment.
The DSX connected them to a provider with a background in helping journalists protect their sources and training journalists on how to stay safe while covering protests.
Areas of assistance the provider gave:
- Journalism and Safe Reporting
- Education/Training
- Security for Protests
Case 2
An immigration hotline that delivers tips and physical assistance to callers needed assistance creating secure channels of communication and response protocols.
The DSX connected them to a provider with expertise in securing communications protocols and experience working with at-risk immigrant communities.
Areas of assistance the provider gave:
- Securing Data
- Securing Communication
- Threat Modeling
- Securing Hardware
Case 3
A social services organization sends and receives many attachments within their application process. These attachments are full of sensitive, identifiable information. They needed help finding a better way to send and receive attachments.
The DSX connected them to a provider with a background in securing communications platforms, collaboration tools, and networks.
Areas of assistance the provider gave:
- Using Secure Collaboration Tools
- Best Practice Review
- Policy Writing
If your organization is seeking assistance with digital security, you can reach out to us here. If you’re a digital security expert looking to offer assistance, you can contact us here. We keep all of your data private and secure and we don’t log any visits to this site.
