What happens when the services that quietly protect millions every day begin to disappear? That was the central question behind “The Internet That Just Works,” a tabletop exercise hosted by the Common Good Cyber in Brussels on June 10, 2025.
Participants representing the European Commission, the European External Action Service, think tanks, and small business associations gathered to simulate the role of nonprofit-led cybersecurity services in protecting against both common threats, such as phishing, and cascading failures across the digital infrastructure that underpins modern life.
Invisible but Indispensable: Phase 1 – The Power of Prevention
The exercise began with a familiar scenario: Maria Rossi, a retiree in Milan, receives a convincing phishing email impersonating her bank with a fake UniCredit domain. She clicks the link and what happens next?
In one scenario, Maria clicks, logs in her credentials, and falls victim, triggering financial fraud, incident reports, and cross-sector coordination. In another, her DNS resolver Quad9 blocks the malicious domain, preventing harm before it starts. Participants noted that DNS-based protection, when available, dramatically reduced harm and financial losses, but also highlighted our hidden dependencies on services that operate without most users ever being aware of their existence.
The stark contrast raised urgent questions:
- Who funds public-interest cybersecurity infrastructure, such as Quad9?
- Should such protection be a public safety obligation or a premium feature?
- If the industry starts charging for safety, does that create digital inequality?
Beyond the Browser: Phase 2 – Routing, Trust, and Coordination
Next, the exercise shifted to the more abstract but no less critical area of routing security. When attackers manipulate Internet traffic paths, the compromise isn’t individual, it’s systemic.
Through simulated routing attacks and exploration of community defences and services like MANRS, Shadowserver, and Let’s Encrypt, participants discovered how modern digital services rely on voluntary coordination and underfunded nonprofits to keep Internet traffic secure, malware flagged, and encryption accessible. As Internet users, we are trusting a fabric that was never designed to carry this much weight, and most people don’t know who’s holding the threads together.
Crisis Simulation: Phase 3 – When the Nonprofits Collapse
The final phase introduced a high-stakes scenario: what if the nonprofit services that keep the Internet safer simply… stopped?
- Shadowserver loses 65% of its budget, cutting global threat intelligence.
- Quad9 faces a cascading funding shortfall and reduces its European infrastructure by 60%.
- ISMG, running Let’s Encrypt, is forced to revoke certificates affecting a third of EU sites.
- MANRS coordination collapses, reducing trust in the Internet’s routing system.
Within days, phishing attacks surge, incident response slows, National CSIRTs go dark, and trust erodes. Compliance violations skyrocket. Supply chains falter. By week three, the costs of re-establishing services and recovering trust across the EU are astronomical.
Key Takeaways
- We rely on invisible infrastructure. Services like Quad9 and Shadowserver are foundational, not optional.
- The funding model is broken. Philanthropy and grants are insufficient for services with Internet-scale responsibilities.
- Prevention is far cheaper than reaction. Participants agreed that emergency responses are orders of magnitude costlier than preemptive investments.
- Public-interest cybersecurity is a shared responsibility. From telecoms to governments, sustainable models must strike a balance between accessibility, fairness, and resilience.
What’s Next?
Common Good Cyber is currently focusing its resources on launching the Common Good Cyber Fund, a new mechanism to support nonprofits that maintain the critical digital infrastructure essential for keeping the Internet safe, open, and reliable for everyone.
Building on the insights from this exercise, Common Good Cyber will also aim to:
- Develop policy briefs that explore sustainable funding models for core Internet services
- Advance coordination frameworks for nonprofit resilience and continuity across the EU
- Launch a public-facing campaign to raise awareness of how the Internet is secured and the invisible infrastructure we all depend on
All of this work is contingent upon funding availability, and we welcome collaboration from public, private, and philanthropic partners who share our vision for a safer and more resilient digital ecosystem.
Contact us: [email protected]
Learn more: CommonGoodCyber.org


