Author Archives: Annette Kroeber-Riel

A pilot program to build a diverse pool of policy experts

During the 15 years I have been at Google, I have seen important improvements in the diversity of our workforce. For example, I used to be the only woman in the room, but now I am often surrounded by talented women leaders.

I work in the world of government affairs and public policy, which means engaging with governments and influencers to find constructive solutions to challenges that our industry and society face today. Having diverse representation and voices is important to us, as so much of our work requires building relationships across different groups, geographies, issues, and perspectives. But we must still do more to ensure that we are fostering a tech policy ecosystem that reflects the diversity of the world we build for.

That’s why our team started the Policy Summer Institute (PSI) with our academic partners at CIVICA, an alliance of eight leading European higher education institutions in the social sciences. The goal: to promote professional opportunities of first-generation university students in the digital policy ecosystem.

For our first year, nine scholars from Sudan to Switzerland had the opportunity to learn about how we work on tech policy by spending a week with our government affairs and public policy team in Europe. They then completed a summer internship funded by Google with one of our partner consultancies.

I am delighted that several of our scholars were offered further employment opportunities at their agencies following their internships. Others will continue to explore tech policy issues through their studies.

Shivona Fernandes-Köhler, an Msc. Politics and Policy Analysis student at Bocconi University in Milan, shared her key takeaways from the experience:

What was your motivation to apply for the program?

I have always been interested in the interrelations between the private and public sector, especially regarding innovation, and wanted to understand the impact that policy firms and big tech have on the world around us. However, without an existing network, internships in the field are often limited and challenging to gain access to. When I first saw the program, I didn’t think I had a chance, but when I saw that it focused on first-generation university students, I felt motivated to apply and showcase that diversity is in fact my strength.

Seven photographs of ten people in various locations at Google offices.

Our amazing first cohort of PSI scholars. Shivona is on the top right in a white shirt standing next to Mahreen Zaidi San Miguel, who was a coordinator of the program.

How has this experience prepared you for the next stage of your career?

In the immediate term, I'll be staying on with the policy agency I interned with as a working student while I finish my studies. Being part of the PSI showed me that it's important to get a range of experience in different sectors, and that in order to really progress my career, I'll need to build a strong network of professional contacts. Being part of this program and working with fascinating and diverse individuals has given me a new sense of confidence, one that highlights that taking a unique path is key to a successful future.

What was something you learned that was unexpected or surprising?

My summer in Berlin was filled with surprises. I was unaware of the many facets of this sector and the incredible team effort involved in making it function. From the outside, it can appear as if policy-making is not something that businesses should be involved in, but rather something that should be left to the politicians. Instead, I have realized that both the public and the private are essential to one another and that they can only function with a well-coordinated network. I was also surprised on a personal and cultural level. Despite living in Italy, and being raised in Germany, I never realized that working cultures can be so different even within a country!

Can you share an example over this summer where you brought a different perspective to the work you were doing?

People in the tech and policy world can often get stuck in their own bubbles: Everyone has their own habits, organizational methods and ways of communicating. Being at a small policy firm that had just begun working with Google, I had the opportunity to develop methods and strategies to make collaboration and communication easier and more effective. I was especially involved in delivering new event formats and monitoring media updates. As a newcomer to the sector, I was able to highlight areas of ambiguity and improve existing organizational matters, facilitating workflow and workload.

While the tech policy industry needs to do a lot more when it comes to diversity, I am proud of the results of this pilot program and look forward to continuing to work with our partners to build a robust, diverse talent pool that supports our industry’s growth.

Advancing security across Central and Eastern Europe

Since the start of the war in Ukraine, our teams have been working around the clock to support the humanitarian effort, provide trustworthy information and promote cybersecurity.

We were humbled to receive a special Peace Prize award from Ukraine's President Zelenskyy at Davos last week and we remain committed to doing everything we can to support Ukraine and the broader region as it navigates these challenging times.

To build on our efforts, we are expanding our cybersecurity partnerships and investment in Central and Eastern Europe. Last month, a delegation of our top security engineers and leaders met with organizations and individuals in Czechia, Poland, Lithuania and Latvia - they trained high risk groups, distributed security keys, engaged in technical discussions with government experts, and supported local businesses in shoring up their defenses.

Securing high-risk users

Throughout this war, there has been no shortage of news around targeted cyber attacks aimed at high profile individuals in this region. Our Threat Analysis Group has provided regular updates on this activity, and worked diligently to alert users, organizations and governments through our government-backed attacker warnings.

To help address these threats, our high-risk user team conducted workshops throughout the region for dozens of non-governmental organizations (NGOs), publishers and journalists, including groups and individuals sanctioned by the Kremlin. We distributed around 1,000 security keys - the strongest form of authentication - and trained over 30 high risk user groups on account security. We also launched, in collaboration with Jigsaw, the Protect Your Democracy Toolkit, which provides free tools and expertise to democratic institutions and civil society.

We heard directly from high-risk organizations like the Casimir Pulaski Foundation, the International Center for Ukrainian Victory, NGOs supporting refugees and exiled activists, and leading publishers across Europe who told us just how critical Google's no-cost security tools, like the Advanced Protection Program and Project Shield, are to keeping them safe online. We are grateful for their valuable insights to inform future product development.

Our High-Risk team meets with NGO representatives at Google Prague

Our High-Risk team meets with NGO representatives at Google Prague

Shoring up cyber defenses

As companies and government agencies grapple with the ever changing security landscape and the role that they find themselves in during this conflict, we wanted to showcase how Google’s enterprise security tools and advisory services can give them the confidence to pursue digital transformation on a secure foundation.

Our delegation of security experts included leaders from the Google Cybersecurity Action Team (GCAT). This team’s mission was to advise governments, critical infrastructure providers, enterprises, and small businesses on cloud security and IT modernization. We hosted round-table discussions with Chief Information Security Officers (CISOs) from around the region to learn about the challenges they face, and shared resources on how they can accelerate their response to threats, secure theiropen source software supply chains, and stay up-to-date with evolving regulations.

Google VP of Privacy, Safety & Security Royal Hansen meets with Polish minister Janusz Cieszyński at the CYBERSEC Forum in Katowice

Google VP of Privacy, Safety & Security Royal Hansen meets with Polish minister Janusz Cieszyński at the CYBERSEC Forum in Katowice

Building stronger partnerships

While observers speculate about whether the war in Ukraine will lead to broader cyber escalation, government cybersecurity organizations in Central and Eastern Europe are contending with cyber conflict on a daily basis. That’s why Google experts regularly meet with national cyber emergency response teams (CERTs), cybersecurity agencies, and digital ministries to promote the exchange of knowledge and build partnerships to advance shared goals.

What we heard across the board was: we need to help our partners in the region address the shortage of cybersecurity skills and training; improve operational partnerships and information sharing; and promote better cyber hygiene for citizens. We are pleased to work with governments and industry to advance innovative solutions on all of these fronts. Deepening our partnerships in this region will not only protect our users, it will make the Internet safer for all.

Welcoming US-EU collaboration on cybersecurity

Armistice Day is a perennial reminder of the perils of unchecked escalation and the sacrifices of prior generations to protect peace and security. Multilateralism, borne out of the 20th century’s conflicts, is just as relevant in a world of 21st-century threats. That’s particularly true for one of the most pressing multi-stakeholder challenges today: cybersecurity.

The internet itself is a multi-stakeholder system, and protecting citizens online requires cooperation among governments and businesses. For example, this week’s crackdown on ransomware operators by Europol and the U.S. Department of Justice, resulting in the arrests of two REvil operators, capped off an enforcement effort that spanned a year and as many as 17 nations. These actions, coming just ahead of the 20th anniversary of the Budapest Convention, highlight the value of cross-border cooperation in fighting cybercrime, as well as the importance of protecting individuals and their rights online.

Likewise, we applaud the news, announced by U.S. Vice President Kamala Harris in Paris, that the United States is expanding its efforts to advance international cooperation in cybersecurity, by joining the Paris Call for Trust and Security in Cyberspace — a voluntary commitment to work with the international community to advance cybersecurity and preserve the open, interoperable, secure, and reliable Internet.

Google was among the first signatories to the Paris Call in 2018 when it was initially advanced by the government of President Macron of France.

The Paris Call’s 9 principles are something we should all agree to, but it is past time to put them into action. Google has unique expertise supporting many of these principles. To name a few:

  • Defend electoral processes. Through our Advanced Protection Program (APP), we partner with organizations around the world to protect elected officials, campaign offices, and other high-risk users such as human rights workers and journalists. During the 2020 United States elections, APP was the go-to choice for 140 federal campaigns. Since the launch of APP, there have been zero identified instances of a successful targeted attack on an APP user.
  • Lifecycle Security. The Solarwinds attack underscored the real risks and ramifications of supply chain attacks. To improve our own security and support the broader community, we worked with the Open Source Security Foundation (OpenSSF) to develop and release Supply-chain Levels for Software Artifacts (SLSA or “salsa”), a proven framework for securing the software supply chain. We also pledged to provide $100 million to support third-party foundations, like OpenSSF, that manage open source security priorities and help fix vulnerabilities.
  • Cyber Hygiene. Advancing cyber hygiene is a simple way to reduce the majority of successful attacks. At our Google Safety Engineering Center (GSEC) in Munich and at Google security engineering hubs around the world, we are making it easier for our users to stay safe. For example, Google has been at the forefront of innovation in two-step verification (2SV) for years. And because we know the best way to keep our users safe is to turn on our security protections by default, we have started to automatically configure our users’ accounts into a more secure state. By the end of 2021, we plan to auto-enroll an additional 150 million Google users in 2SV and require 2 million YouTube creators to turn it on.

Though there is much we can do as a community, what we have learned in the wake of SolarWinds, Hafnium, and other attacks is that companies need to contribute more of their technology and expertise to solving these challenges. In that vein, we are doubling down to develop solutions to protect users, organizations, and society. Earlier this year, we announced that we will invest $10 billion over the next five years to keep users and customers safer, including expanding access to zero-trust security tools and offering free security skills training programs for workers in the U.S. and Europe.

Google keeps more people safe online than anyone else by putting security at the core of everything we do. We are committed to advancing community-driven, multi-stakeholder approaches to cybersecurity. We look forward to expanding our work with governments and the private sector to develop security technologies and standards that make us all safer.