We interviewed Leslie Daigle, CTO of the Global Cyber Alliance, about how coordinating action among the operators of Internet infrastructure can have a real impact mitigating systemic cyber risks, and how efforts like Common Good Cyber can prevent losing specialized capacity built over a decade. The Global Cyber Alliance is also a member of the Common Good Cyber secretariat; this interview represents only part of GCA’s work.

Can you introduce the Global Cyber Alliance and explain how its work improves cybersecurity in the public interest? 

The Global Cyber Alliance (GCA) works across borders and sectors to address systemic cybersecurity risks that threaten individuals, businesses, and societies. Our Internet Integrity Program brings together key players in Internet infrastructure operations, including ecosystem institutions, network operator groups, ISPs and other infrastructure operators, as well as adjacent industries, to identify top priorities for addressing cybersecurity issues that cannot be solved by any single actor or subset of actors independently.

We use the three building blocks of the Internet — names, numbers, and routes — as a guiding principle to establish communities of action that target the root causes of cyber risk so that improvements benefit the Internet as a whole. 

Our data-driven approach has allowed us to curate large volumes of data that we are now surfacing across different initiatives. Those data observatories offer actionable information for thousands of users and show the impact of the actions performed by our partners and participants.

You’ve been tracking Internet threats and working with industry partners for years. What are you seeing now, and what still needs to be done?

Since 2019, our AIDE project has been using a network of geographically distributed honeypots (decoy devices designed to lure attackers) to measure malicious Internet activity, and we’re now seeing more than one million hits every single day — and that’s just a fraction of what’s really happening. In addition, the MANRS Observatory indicates how well routing security protocols are implemented, calculated using a set of established and community-approved metrics for each “MANRS Action.”

This gives the Internet community a clear, data-driven view of what’s really happening on the Internet and allows us to track improvements and problem areas. This transparency helps operators see their own progress, benchmark against peers, and identify where action is needed.

We’re seeing a willingness to collaborate. For example, the Domain Trust Community has shown real enthusiasm for creating a baseline framework to combat domain abuse – registering domain names for malicious purposes like malware or phishing – provided that collaboration happens on the operators’ terms. On the routing side, we’ve seen that increased participation correlates with fewer incidents. 

Without strong infrastructure-level defenses, criminals can exploit network weaknesses to target everyday Internet users; our work reduces these risks, builds trust in digital markets, and helps industries protect people while avoiding burdensome regulation.

But we’re not there yet. Lasting change requires much broader industry engagement to scale these successes and make the Internet more resilient for everyone.

Can you share a success story where collaborative action has led to a measurable improvement or helped prevent a potential incident?

The MANRS project was created (by the Internet Society) at a moment where there was general recognition that routing incidents could cause significant harm, but little agreement on what could be done to address routing security across the board. MANRS represents the collaborative action of several network operators to identify the operationally reasonable steps that should be taken by all network operators, and publicizes an answer to the question “what can we do about it?”

When we look at the MANRS data, we see two encouraging trends: the number of MANRS participants is steadily increasing, and the number of major routing security incidents is decreasing. While it’s important to acknowledge that correlation does not equal causation, we can still draw meaningful insight from this alignment.

The growth in MANRS participation reflects a broader shift toward more responsible security practices across the Internet’s core infrastructure. At the same time, the downward trend in routing incidents suggests that collective action and shared norms are making a difference. It’s difficult to isolate one single cause, but it’s clear the momentum is going in the right direction.

What this shows is that a global initiative focused on improving routing security is having a real impact. MANRS may not be the only reason for these positive trends, but it’s certainly part of the story. And that’s a strong signal that efforts to raise the baseline for routing security are both worthwhile and working.

MANRS is the blueprint we’re using for our other two Internet integrity initiatives on malicious domain names and unwanted malicious Internet traffic. 

What are the biggest sustainability challenges you face and how are you navigating them?

Ultimately GCA is a nonprofit operating in a difficult and uncertain economic environment, with limited funding via partnerships, sponsorships, and grants. Our programs and initiatives remain free to join and use, which has made our work accessible and inclusive, especially for smaller and under-resourced networks. But it also means we spend a lot of time working on fundraising and overhead that we could be spending on the work itself.

Sustaining global, community-driven work requires investment—not just in technical infrastructure, but in outreach, training, support, and coordination across hundreds of participating networks. Without a more stable funding base, the progress we’ve made could slow or even reverse, despite clear evidence that collaborative approaches make a positive difference.

What would happen if GCA had to shut down? 

No other organization is working to drive collaborative collective action to address security threats and vulnerabilities in the Internet, globally.  

Practically speaking, if GCA were to shut down, a lot of quiet but critical work that underpins Internet security would disappear. The data from projects like AIDE would stop, meaning fewer early warnings about malicious activity. Collaborative initiatives like Domain Trust could lose their neutral convener, slowing or stalling progress on combatting malicious domain names. Advocacy and measurement efforts in areas like routing security would lose its most effective, trusted, and collaborative effort to improve global security. 

GCA celebrates its 10th anniversary in September 2025. It took a decade to build this credibility and momentum and there’s no fast way to recreate the trust, neutrality, and global reach that GCA has cultivated over the years. Shutting down GCA wouldn’t just halt an initiative—it would undo years of hard-won progress in securing the Internet.