We are excited to announce that Project Galileo will now include access to Cloudflare's Bot Management and AI Crawl Control services. Participants in the program, which include roughly 750 journalists, independent news organizations, and other non-profits supporting news-gathering around the world, will now have the ability to protect their websites from AI crawlers—for free. 

Project Galileo is Cloudflare's free program to help protect important civic voices online. Launched in 2014, it now includes more than 3,000 organizations in 125 countries, and it has served as the foundation for other free Cloudflare programs that help protect democratic elections, public schools, public health clinics, and other critical infrastructure.  

Although we think all Project Galileo participants will benefit from these additional free services, we believe they are essential for news organizations. 

News organizations, particularly local news, are facing significant challenges in transitioning to the AI-driven web. As people increasingly turn to AI models for information, less of their web traffic is making it to the actual website where that information originated. Industries, like news organizations, that rely on user traffic to generate revenue are increasingly at-risk. 

Allowing news organizations to monitor and control how AI crawlers are interacting with their websites, will help them better protect their content and make more informed decisions about engaging with AI companies. Ultimately, our goal is to provide the tools news organizations need to negotiate fair compensation for their work.  

AI is fundamentally changing how traffic flows on the Internet. Cloudflare recently published data that shows with Open AI its 750 times more difficult for website owners to get the same volume of traffic than it was with previous Google search. With Anthropic, it's 30,000 times more difficult. 

News organizations rely on traffic to not only connect with their readers, but also generate revenue from subscriptions, advertising, e-commerce, and licensing. The CEO of the Financial Times recently stated that AI had caused a ''pretty sudden and sustained' decline of 25% to 30% in traffic to its articles arriving via search engines." 

Potential losses of user traffic and revenue come at an already precarious time for the news industry. It is well-documented that small, independent newspapers and news radio stations continue to face significant financial pressure, particularly in the United States. According to recent US Congressional testimony, more than two newspapers closed per week in 2024 with one third of the country's newspapers set to close before the beginning of 2025. A 2024 report by the Northwestern Local News Initiative reported more than 206 US counties were without any local news source, and 1,561 had only one.  

Recent funding cuts to the Corporation for Public Broadcasting and National Public Radio, which provided grants, programing, and other support to public news stations around the US, have put further strain on these organizations with more closures expected. 

An important first step in helping journalists and news organizations adapt to the AI-driven web is providing tools to help them monitor and control AI models' access to their content. 

“In an era defined by AI and digital disruption, providing robust tools to independent media isn’t just support - it’s a lifeline” - Meera, CEO Internews Europe

"Independent publishers need tools that are easy to use and affordable, so they can focus on growing their business. LION appreciates the security and protection Cloudflare has provided our members through Project Galileo for years, and we're excited to see more resources now available to help members manage the rapidly evolving landscape of digital security."  - Sarah Gustavus Lim, LION Membership Director 

Cloudflare Bot Management and AI Crawl Control were designed for exactly these purposes. Bot management is a security tool that uses machine learning to analyze web traffic to distinguish between good bots, like search engine crawlers, and bad bots that attack websites or steal credentials. It allows website owners to block bad bots from reaching their websites, while making sure helpful bots can continue to do their work.

AI Crawl Control provides similar tools to identify and manage AI crawlers. Cloudflare uses a variety of techniques to identify and categorize crawlers (HTTP header, heuristics, and other behavior) giving website owners the ability to analyze their activity by type (e.g. AI search, AI scraper), where they are coming from (Google, OpenAI, Anthorpic, etc.), and what content they are accessing. Here’s the kind of data that Cloudflare’s AI Crawl Control tool can provide (using the radar.cloudflare.com domain) as an example:

Cloudflare combines these insights with easy-to-use controls that allow website owners to make informed decisions about whether to make their data available, including to only certain types of bots or to individual AI companies. This would, for example, allow a local newspaper to decide to block all AI crawlers and maintain direct connection to their readers via their own website, block only AI scrapers while allowing AI search crawlers that refer traffic, or negotiate and sell exclusive access to their content to a single AI company. The following image shows how AI Crawl Control lets users allow or block access on a crawler-by-crawler basis:

We think the ability to control and monitor AI crawler activity will provide immediate help to news organizations looking to protect their content and understand how models are using their data. 

We also think it will provide longer term insights that will allow news organizations to negotiate mutually beneficial relationships with AI companies over time.  

"Independent media's ability to fulfill its democratic function by gathering news and distributing trusted information depends on generating revenues free from political or business influence. By monitoring and monetizing the crawling of publisher's sites, media can protect their intellectual property while developing new revenue streams to support their quality journalism." - Ryan Powell, Head of Innovation and Media Business at International Press Institute

Journalism is part of the foundation of free society and democratic governance. It helps hold power accountable and provides a voice to the marginalized and underrepresented. It also protects the free and open markets that allow startups to challenge powerful incumbents.  

Local news in particular helps create shared identity. Not only by covering community events, high school sports, farmers markets, and new businesses, but also providing essential transparency and oversight over local officials, school boards, public safety events, and elections. 

Helping protect journalists and news organizations online has always been part of Cloudflare's mission. We see it as essential to our business and the future of the Internet.  

If you are interested in learning more about Project Galileo, sign up today. If you are interested in helping build a better Internet, come join us.

_{One of the several alerts fogos.pt received related to the DDoS attack}

What started in 2015 as a late-night side project with friends around a dinner table in Aveiro has grown into a critical public resource. During wildfires, the site is where firefighters, journalists, citizens, and even government agencies go to understand what’s happening on the ground. Over the years, fogos.pt has evolved from parsing PDFs into visual maps to a full-featured app and website with historical data, weather overlays, and more. It’s also part of Project Galileo, Cloudflare’s initiative to protect vulnerable but important public interest sites at no cost.

Wildfires are not just a Portuguese challenge. They are frequent across southern Europe (Spain, Greece, currently also under alert), California, Australia, and in Canada, which in 2023 faced record-setting fires. In all these cases, reliable information can be crucial, sometimes life-saving. Other organizations offering similar public services can also apply to join Project Galileo to receive protection and handle heavy traffic.

Fogos.pt began with a simple question: why was fire data only available in hard-to-read PDF documents? João and a group of friends, including volunteer firefighters, decided to build something better. They pulled the data, geolocated the fire reports, and visualized them on a map.

Soon, thousands of people were using it. Then tens of thousands. Today, fogos.pt is integrated into official communications, including mentions from the Portuguese government on social media and direct links from the national wildfire information portal (SGIFR.gov.pt).

In 2018, fogos.pt formally joined forces with VOST Portugal, a digital volunteer organization that was early on also part of our Project Galileo — whose story was also featured in an earlier case study. João Pina is also a co-founder of VOSTPT. Together, they created a complementary model: fogos.pt provides data and the platform; VOSTPT validates and communicates it to the public in real-time during emergencies.

It’s an operation run entirely by volunteers, with no funding, no formal team — just passion, and the help of partners.

_{Homepage of fogos.pt on August 20, 2025, highlighting a major wildfire near Piódão in central Portugal.}

On July 31 and August 1, 2025, two Distributed Denial of Service (DDoS) attacks targeted fogos.pt. Cloudflare automatically detected and mitigated both attacks.

July 31 attack: • Duration: 7 minutes • Peak: 33,000 requests per second at 11:27 UTC • Bandwidth: 1.7 Gbps (Max) How the attack looks like in requests per second:

August 1 attack: • Duration: 5 minutes • Peak: 31,000 requests per second at 10:24 UTC • Bandwidth: 849 Mbps (Max) How the attack looks like in requests per second from our perspective:

By Cloudflare’s standards, these were small. For comparison, last year we mitigated an attack exceeding 700,000 requests per second against a high-profile US election campaign site. But for an civic project like fogos.pt, even tens of thousands of requests per second — if unprotected — can be enough to take services offline at the worst possible time.

Attackers typically use three main methods for DDoS attacks:

• IoT devices: hacked cameras, routers, or smart gadgets sending traffic.

• Proxies: open or misconfigured servers, residential proxy networks, or anonymity tools that hide attackers’ IPs.

• Cloud machines: compromised or rented servers from cloud providers.

The July 31 attack likely relied on open proxies, with much of the traffic arriving unencrypted (a common sign of proxy-based attacks). The August 1 attack, in contrast, came largely from cloud machines, matching patterns we see from botnets that exploit cloud infrastructure.

These attacks were blocked without disruption. Cloudflare’s autonomous mitigation systems kicked in, and email alerts were automatically sent to João and the team. No downtime, no manual intervention required.

Fogos.pt has used Cloudflare’s free services since the beginning, starting with DNS and gradually expanding to DDoS mitigation, caching, rate limiting, and more. The site joined Project Galileo, which protects journalists, human rights defenders, and public service projects, to get stronger, upgraded features and service at no cost.

“Without Cloudflare, the site would have gone down many times during fire season,” says João Pina. “We use almost every product — but protection against attacks is critical.”

_{August 11, 2025, detail the area of interest of a wildfire in central Portugal.} 

Traffic to fogos.pt surges when wildfires hit the news or get mentioned by authorities. These spikes can bring tens of thousands of visitors per day. And as attention grows, so does the risk. Attacks can be used to silence or disrupt critical services, or simply as distractions for more malicious activity. In August 2025, the site often had close to 60,000 people browsing at the same time, with around 40,000 being the norm across the web and app services.

In just two weeks (with an August 15 peak of almost 70 million requests), fogos.pt handled over 550 million requests (more than 25 million per day) 9 TB of data transfer, nearly 100 million page views, 15 million visits, and 240 million API calls. A massive load for a volunteer-run project, as the next screenshot from the fogos.pt team shows:

In a time when timely wildfire updates can mean the difference between safety and danger, keeping the site online is essential. 

Fogos.pt is a reminder of what’s possible when public service meets technology, and why we launched Project Galileo: to protect the digital infrastructure that keeps people informed and safe. Built with no formal funding or full-time team, it runs on volunteers, partners, and a shared sense of purpose, an authenticity that João Pina believes is why it works, and why it matters.

And while this story is about Portugal, wildfires are a global challenge. Other organizations providing critical public services can also apply to join Project Galileo and receive this protection.

From a dinner-table idea by an engineer to critical national infrastructure, fogos.pt shows the Internet at its best. Cloudflare is proud to help protect it.

A lot has changed since we marked the 10th anniversary of Project Galileo. Yet, our commitment remains the same: help ensure that organizations doing critical work in human rights have access to the tools they need to stay online.  We believe that organizations, no matter where they are in the world, deserve reliable, accessible protection to continue their important work without disruption.

For our 11th anniversary, we're excited to share several updates including:

• An interactive Cloudflare Radar report providing insights into the cyber threats faced by at-risk public interest organizations protected under the project. 

• An expanded commitment to digital rights in the Asia-Pacific region with two new Project Galileo partners.

• New stories from organizations protected by Project Galileo working on the frontlines of civil society, human rights, and journalism from around the world.

To mark Project Galileo’s 11th anniversary, we’ve published a new Radar report that shares data on cyberattacks targeting organizations protected by the program. It provides insights into the types of threats these groups face, with the goal of better supporting researchers, civil society, and vulnerable groups by promoting the best cybersecurity practices. Key insights include:

• Our data indicates a growing trend in DDoS attacks against these organizations, becoming more common than attempts to exploit traditional web application vulnerabilities.

• Between May 1, 2024, to March 31, 2025, Cloudflare blocked 108.9 billion cyber threats against organizations protected under Project Galileo. This is an average of nearly 325.2 million cyber attacks per day over the 11-month period, and a 241% increase from our 2024 Radar report. 

• Journalists and news organizations experienced the highest volume of attacks, with over 97 billion requests blocked as potential threats across 315 different organizations. The peak attack traffic was recorded on September 28, 2024. Ranked second was the Human Rights/Civil Society Organizations category, which saw 8.9 billion requests blocked, with peak attack activity occurring on October 8, 2024.

• Cloudflare onboarded the Belarusian Investigative Center, an independent journalism organization, on September 27, 2024, while it was already under attack. A major application-layer DDoS attack followed on September 28, generating over 28 billion requests in a single day. 

• Many of the targets were investigative journalism outlets operating in regions under government pressure (such as Russia and Belarus), as well as NGOs focused on combating racism and extremism, and defending workers’ rights.

• Tech4Peace, a human rights organization focused on digital rights, was targeted by a 12-day attack beginning March 10, 2025, that delivered over 2.7 billion requests. The attack saw prolonged, lower-intensity attacks and short, high-intensity bursts. This deliberate variation in tactics reveals a coordinated approach, showing how attackers adapted their methods throughout the attack.

The full Radar report includes additional information on public interest organizations, human and civil rights groups, environmental organizations, and those involved in disaster and humanitarian relief. The dashboard also serves as a valuable resource for policymakers, researchers, and advocates working to protect public interest organizations worldwide.

Partnerships are core to Project Galileo success. We rely on 56 trusted civil society organizations around the world to help us identify and support groups who could benefit from our protection. With our partners' help, we’re expanding our reach to provide tools to communities that need protection the most. Today, we’re proud to welcome two new partners to Project Galileo who are championing digital rights, open technologies, and civil society in Asia and around the world. 

EngageMedia is a nonprofit organization that brings together advocacy, media, and technology to promote digital rights, open and secure technology, and social issue documentaries. Based in the Asia-Pacific region, EngageMedia collaborates with changemakers and grassroots communities to protect human rights, democracy, and the environment.

As part of our partnership, Cloudflare participated in a 2025 Tech Camp for Human Rights Defenders hosted by EngageMedia, which brought together around 40 activist-technologists from across Asia-Pacific. Among other things, the camp focused on building practical skills in digital safety and website resilience against online threats. Cloudflare presented on common attack vectors targeting nonprofits and human rights groups, such as DDoS attacks, phishing, and website defacement, and shared how Project Galileo helps organizations mitigate these risks. We also discussed how to better promote digital security tools to vulnerable groups. The camp was a valuable opportunity for us to listen and learn from organizations on the front lines, offering insights that continue to shape our approach to building effective, community-driven security solutions.

Founded in 2014 by leaders of Taiwan’s open tech communities, the Open Culture Foundation (OCF) supports efforts to protect digital rights, promote civic tech, and foster open collaboration between government, civil society, and the tech community. Through our partnership, we aim to support more than 34 local civil society organizations in Taiwan by providing training and workshops to help them manage their website infrastructure, address vulnerabilities such as DDoS attacks, and conduct ongoing research to tackle the security challenges these communities face.

We continue to be inspired by the amazing work and dedication of the organizations that participate in Project Galileo. Helping protect these organizations and allowing them to focus on their work is a fundamental part of helping build a better Internet. Here are some of their stories:

• Fair Future Foundation (Indonesia): non-profit that provides health, education, and access to essential resources like clean water and electricity in ultra-rural Southeast Asia. 

• Youth Initiative for Human Rights (Serbia): regional NGO network promoting human rights, youth activism, and reconciliation in the Balkans.

• Belarusian Investigative Center (Belarus): media organization that conducts in-depth investigations into corruption, sanctions evasion, and disinformation in Belarus and neighboring regions. 

• The Greenpeace Canada Education Fund (GCEF) (Canada): non-profit that conducts research, investigations, and public education on climate change, biodiversity, and environmental justice. 

• Insight Crime (LATAM): nonprofit think tank and media organization that investigates and analyzes organized crime and citizen security in Latin America and the Caribbean. 

• Diez.md (Moldova): youth-focused Moldovan news platform offering content in Romanian and Russian on topics like education, culture, social issues, election monitoring and news. 

• EngageMedia (APAC): nonprofit dedicated to defending digital rights and supporting advocates for human rights, democracy, and environmental sustainability across the Asia-Pacific. 

• Pussy Riot (Europe): a global feminist art and activist collective using art, performance, and direct action to challenge authoritarianism and human rights violations. 

• Immigrant Legal Resource Center (United States): nonprofit that works to advance immigrant rights by offering legal training, developing educational materials, advocating for fair policies, and supporting community-based organizations.

• 5W Foundation (Netherlands): wildlife conservation non-profit that supports front-line conservation teams globally by providing equipment to protect threatened species and ecosystems.

These case studies offer a window into the diverse, global nature of the threats these groups face and the vital role cybersecurity plays in enabling them to stay secure online. Check out their stories and more: cloudflare.com/project-galileo-case-studies/

In 2025, many of our Project Galileo partners have faced significant funding cuts, affecting their operations and their ability to support communities, defend human rights, and champion democratic values. Ensuring continued support for those services, despite financial and logistical challenges, is more important than ever. We’re thankful to our civil society partners who continue to assist us in identifying groups that need our support. Together, we're working toward a more secure, resilient, and open Internet for all. To learn more about Project Galileo and how it supports at-risk organizations worldwide, visit cloudflare.com/galileo.

What do many of these organizations have in common? Many times, it’s cyber attacks from adversaries looking to steal sensitive information or disrupt their operations. Cloudflare has seen this firsthand when providing free cybersecurity services to vulnerable groups through programs like Project Galileo, and found that in aggregate, organizations protected under the project experience an average of 95 million attacks per day. While cyber attacks are a problem across all industries in the digital age, civil society organizations are disproportionately targeted, many times due to their advocacy, and because attackers know that they typically operate with limited resources. In most cases, these organizations don’t even know they have been attacked until it is too late. 

Over the last 10 years of Project Galileo, we’ve had the opportunity to work more closely with leading civil society organizations. This has led to a number of exciting new partnerships, including our work with the CyberPeace Institute. That’s why we’re excited to share work on a new resource, the CyberPeace Tracer. This resource will enable researchers, civil society, governments, and other organizations to understand threats and data-driven insights about the cyber threat landscape of the vulnerable communities we serve.

The CyberPeace Institute is an independent non-profit based in Switzerland, dedicated to making cyberspace safer and more equitable for everyone. The Institute works closely with partners to minimize the impact of cyberattacks on people’s lives worldwide. In addition to partnerships, the organization provides independent data-driven insights on the threat landscape, from the global healthcare system to cyber attacks during the Russian government's invasion of Ukraine. By analyzing these attacks, they are able to highlight real-world consequences, expose violations of international laws and norms, and promote responsible behavior online.

Cloudflare's work with the CyberPeace Institute started in 2022 when the organization joined Project Galileo.Through the program, Cloudflare was proud not only to help protect the CyberPeace website, but also provide Zero Trust tools that secure access to internal applications for the institute's global workforce. In addition to participating in Project Galileo, CyberPeace has also joined as an official partner, alongside more than 53 civil society organizations that help us identify organizations in need of protection.

As the CyberPeace Institute helped us grow Project Galileo, they also tested out new features including Cloudflare Email Security, a Cloudflare product designed to help protect against phishing and ransomware attacks. Testing the product for their organizations, they found that our approach to proactively detect and block malicious email, and ease of deployment with no need for hardware or extra software, would benefit the wider community they serve. With this in mind, CyberPeace came to us with an idea: they saw the potential to extend Email Security to smaller organizations that don’t have the same technical tools or budget to protect themselves. 

Through our unique partnership, the CyberPeace Institute onboards its network of NGOs with Cloudflare Email Security, serving as a central hub to aggregate real-time data on email threats. This information powers a live dashboard, providing other organizations with visibility into phishing campaigns that could impact the broader community. One key challenge in tracking targeted phishing attacks is that many incidents go unreported, or victims may not realize they have been compromised until much later. By having a partner serve as a centralized point of contact, it helps ensure that insights into phishing attempts at one NGO can help protect others before the attack spreads. 

The CyberPeace Tracer shares vulnerabilities and threats faced by the community of NGOs, developed by the CyberPeace Institute. The CyberPeace Tracer gathers and analyzes data on cyberattacks and disinformation campaigns targeting NGOs, non-profits, and charities that address global societal challenges. The goal is to better understand the scale and impact of these threats to inform the public, so that organizations can become aware of emerging threats and take action to improve their defenses.

For the Tracer, CyberPeace partners and collects data directly from partners who monitor a predefined set of NGO domains. The dashboards detail publicly disclosed software and hardware vulnerabilities that can be exploited against monitor NGOs, malware infections detected, and analysis of phishing attacks that reveal trends and attacker tactics. The Tracer breaks out incidents by sector, including organizations working in health, development, food, water, energy, human rights, women’s rights and more. On the phishing dashboard, users can filter by country, identify the top phishing subject lines that NGOs received, as well as the top five threats that were blocked by the Email Security product. 

Our collaboration with CyberPeace strengthens defenses against phishing by allowing the CyberPeace Institute to analyze flagged emails, helping to identify and disrupt malicious domains and ongoing threats. By analyzing past incidents, we have found that organizations can learn from others’ experiences and implement best practices to reduce the likelihood of future attacks and data breaches, especially in a sector where many times, attacks go unreported. 

This is an exciting development for strengthening reporting on cyber attacks to non-profits, enabling them to collaborate on solutions, share threat intelligence, and build stronger defenses across the sector. We encourage NGOs who are interested in onboarding to Cloudflare Email Security through the CyberPeace Institute to visit cyberpeaceinstitute.org/cloudflare-area-1/. If you are looking for protection under Project Galileo, apply at cloudflare.com/galileo/.

I’m delighted to be joining Cloudflare as Vice President of Sales in the US, Canada, and Latin America.

I’ve had the privilege of leading sales for some of the world’s most iconic tech companies, including IBM and Cisco. During my career I’ve led international teams numbering in the thousands and driving revenue in the billions of dollars while serving some of the world's largest enterprise customers. I’ve seen first-hand the evolution of technology and what it can achieve for businesses, from robotics, automation, and data analytics, to cloud computing, cybersecurity, and AI.

I firmly believe Cloudflare is well on its way to being one of the next iconic tech companies.

Cloudflare has a unique opportunity to help businesses navigate an enduring wave of technological change. There are few companies in the world that operate in the three most exciting fields of innovation that will continue to shape our world in the coming years: cloud computing, AI, and cybersecurity. Cloudflare is one of those companies. When I was approached for this role, I spoke to a wide range of connections across the financial sector, private companies, and government. The feedback was unanimous that Cloudflare is poised on the edge of exhilarating growth.

I was fortunate to join Cisco two years after its annual revenue passed the \$1 billion mark and had the privilege of helping scale the business to more than \$49 billion in revenue the year I left. Cloudflare passed the \$1 billion milestone just last year, and I see the same potential for growth here as I saw at Cisco.

Cloudflare's global sales organization is growing. I’m excited to help accelerate that process in a way that delivers recurring revenue for the business while ensuring we retain a very high bar in terms of the talent we bring onto the team. My experience leading complex, cross-functional sales organizations within large global companies has taught me a great deal about the common traits among highly effective sales functions.

The groups of individuals that come together to make true teams are the ones that successfully focus on a unifying goal and develop skills like communication, attitude, process, organization, consistency, collaboration, partnership, and accountability.  These teams embrace diversity and bring out of each other the best expertise, creativity, and skills, making the team stronger and keeping the goal in focus.

We will achieve the opportunity ahead of us only as long as we have our customers as our north star. Today, the Americas represent more than half of Cloudflare’s revenue worldwide and are home to some of our largest and most strategic customers – both in the private and public sectors – including 30% of the Fortune 1000. Brands from Zendesk to Shopify and from Colgate-Palmolive to Mars rely on Cloudflare to operate their businesses in a fast, secure, and reliable way.

Whatever the technology, there are three common fundamentals I’ve found essential to creating value for customers: being the expert on their challenges, understanding how to pick the right combination of products, services, and solutions from those available, and knowing your competition.

Cloudflare already has an incredible and growing range of products and services that are helping millions of individuals and organizations maximize the opportunities presented by cloud computing and generative AI, all while staying safe from the threat of cyberattacks.

If it were needed, one additional deciding factor behind my excitement in joining Cloudflare is its ambitious mission to help build a better Internet. As a father, I want the Internet to be a safe and valuable resource for my family and friends and for generations to come. I don’t want my daughter to have to worry about her personal data and privacy as she’s buying Billie Eilish concert tickets online (and, yes, I’m going too).

Today Cloudflare’s connectivity cloud protects nearly 20% of all websites online and stops 209 billion cyber attacks daily. In addition to its growing customer base, Cloudflare is living up to its mission by offering its services for free to millions more individuals and small businesses, including the most vulnerable voices online through its Project Galileo initiative.

The combination of a strong mission, genuine values, a great team, and incredible technology isn’t a given in every company, but is evident at Cloudflare. I’m excited to play a part as Cloudflare continues to scale its business and help build a better Internet for everyone.

If you’re interested in learning more about what Cloudflare can do for your organization, please get in touch here. If you’re an ambitious, talented sales professional looking for your next challenging and rewarding career move, check out our open positions here.

One of the great benefits of the Internet has been its ability to empower activists and journalists in repressive societies to organize, communicate, and simply find each other. Ten years ago today, Cloudflare launched Project Galileo, a program which today provides security services, at no cost, to more than 2,600 independent journalists and nonprofit organizations around the world supporting human rights, democracy, and local communities. You can read last week’s blog and Radar dashboard that provide a snapshot of what public interest organizations experience on a daily basis when it comes to keeping their websites online.

We’ve admitted before that Project Galileo was born out of a mistake, but it's worth reminding ourselves. In 2014, when Cloudflare was a much smaller company with a smaller network, our free service did not include DDoS mitigation. If a free customer came under a withering attack, we would stop proxying traffic to protect our own network. It just made sense.

One evening, a site that was using us came under a significant DDoS attack, exhausting Cloudflare resources. After pulling up the site and seeing Cyrillic writing and pictures of men with guns, the young engineer on call followed the playbook. He pushed a button and sent all the attack traffic to the site’s origin, effectively kicking it off the Internet.

This was in 2014, during Russia’s first invasion into Ukraine, when Russia invaded Crimea. What the engineer did not know was that he had just kicked off an independent Ukrainian newspaper that was covering the attack and the invasions. The newspaper had tried to pay for services with a credit card but failed because Russia had targeted Ukraine’s financial infrastructure, taking banking institutions offline. It wasn’t the engineer’s fault. He had no reason to know that the site was important, and no alternative playbook to follow.

After that incident, we vowed to never let an organization that was serving such an important purpose go offline simply because they couldn’t pay for services. And so the idea for Project Galileo was born.

Although the idea of providing free security services was straightforward, figuring out which organizations are important enough to deserve such services was not. We know we can’t build a better Internet alone – it’s why Cloudflare’s mission is to help build a better Internet. So with Project Galileo, we sought the assistance of a group of civil society organizations to partner with us and help identify the organizations that need our protection.

Repression of ideas that were threatening to authority hardly started with DDoS attacks or the invention of the Internet. We named the effort Project Galileo after the story of Galileo Galilei. Galileo was persecuted in the 1600s for publishing a book concluding that the Earth was not at the center of the universe, but that the Earth orbits the sun. After Galileo was labeled a heretic, his book was banned and his ideas were suppressed for more than 100 years.

Four hundred years after Galileo, we see attempts to suppress the online voices of journalists and human rights workers who might challenge the status quo. We’re proud of the fact that through Project Galileo, we keep so many of those voices online.

Ten years after the launch of Project Galileo, Cloudflare has changed a lot. Our network has grown from data centers in fewer than 30 cities in 2014 to a network that runs in 320 cities and more than 120 countries. We’ve massively expanded our product suite to include whole new lines of products, including a full set of Zero Trust services and a developer suite that enables developers to build a wide range of applications, including AI applications, on our network.

As Cloudflare has grown, so has Project Galileo. We have more than quadrupled the number of entities we protect in the last five years, from 600 at Project Galileo’s five-year anniversary to more than 2,600 today, located in 111 different countries. We’ve expanded from our original 14 civil society partners to 54 today. Our partners span countries, continents, and subject matter areas, sharing their expertise on organizations that would benefit from cybersecurity assistance.

When we expand our product offerings, we routinely ask whether new services would be valuable to the journalists, humanitarian groups, and nonprofits that benefit from Project Galileo. After Cloudflare launched our Zero Trust offering, we announced that we would offer those services for free to participants in Project Galileo to protect themselves against threats like data loss and malware. After Cloudflare acquired Area 1, we announced that we would offer Cloudflare’s email security products for free to the same participants.

We’ve tried to make our products easy for a small organization to use, building a Social Impact Portal and a Zero Trust roadmap for civil society and at-risk communities. Cloudflare’s teams also help participants onboard and troubleshoot when they face challenges.

On June 6, we celebrated Project Galileo’s 10-year anniversary with partners from government, civil society, and industry at an event in Washington, DC. We used the opportunity to talk about the future of the Internet, and how we can all work together to protect and advance the free and open Internet.

For humanitarian organizations with few resources, the types of services offered under Project Galileo can be life changing. At our Project Galileo event, we heard the story of a small French nonprofit that lost 17 years of data after being targeted by ransomware. Our resources help organizations defend themselves not only against nation states determined to take them offline, but also against common ransomware and phishing attacks.

During our event, the President of the National Endowment for Democracy (NED) told the story of traveling in the Western Balkans where the struggle for an independent media is palpable. NED is a strong supporter of media outlets across the region. But those media outlets come under frequent cyber attacks that have incapacitated their websites. As described by Damon Wilson:

Those attacks prevent news from reaching the public, where information is very much something that is used and weaponized against communities across Bosnia. And this was precisely the case with one of our partners, Buka. It's a news outlet that's based in Banja Luka and Republika Srpska. And while I was there, I met with some of our partners from Banja Luka who had been physically beaten up and intimidated. There's a crackdown on civil society, new restrictions and laws against them. But for Buka, it was a little bit of a different scenario because earlier this year they suffered a DDoS attack, during which their server servers were overwhelmed by up to 700 million page requests. And the sheer volume suggests the attackers had significant resources, making it a particularly severe threat.

But by onboarding Buka into Project Galileo, we were able to help them restore their site’s functionality, and now Buka’s website is equipped to withstand even the most sophisticated attacks, ensuring that their critical reporting continues uninterrupted, exactly at the time when the Republic gets Covid, Republika Srpska government is looking to close and restrict independent civic voices in that part of Bosnia.

And this is just one example. Last week, traveling in Bosnia, of the numerous NED partners who've benefited from Cloudflare's Project Galileo since NED became a partner in 2019, it's profound to the efficacy of our partners’ work. It effectively ensures that bad actors can't silence the voices and the work of democracy advocates and independent media around the world.

Our work with Project Galileo highlights the power of the partnerships that we’ve built, not only with civil society, but with government and industry partners as well. By working together, we can expand protections for the many at-risk organizations that need cybersecurity assistance. Cybersecurity is a team sport.

In 2023, one of our Project Galileo partners, the CyberPeace Institute, approached us about doing even more to help protect nonprofit organizations against phishing attacks. The CyberPeace Institute collaborates with its partners to reduce the harms from cyberattacks on people’s lives worldwide and provide them assistance. CyberPeace also analyzes cyberattacks to expose their societal impact, to demonstrate how international laws and norms are being violated, and to advance responsible behavior in cyberspace.

CyberPeace realized that there was an opportunity to document attacks against civil society groups and improve the ecosystem for everyone. Many development and humanitarian organizations are small, with limited staff and little cybersecurity experience. They can easily fall prey to common cyber attacks – like phishing – designed to access their systems or steal their data. If they manage to use tools effectively to defend themselves, they do not typically report on the information about the attacks they see.  

CyberPeace proposed to help onboard development and humanitarian organizations to Cloudflare services through their CyberPeace Builders program and analyze the phishing campaigns targeting those organizations. The substantive insights and information gained from that work could then be fed to other civil society organizations as real time security alerts. Cloudflare worked with CyberPeace to develop the new approach, enabling their volunteers to onboard organizations in their network to Area 1 tools and their analysts to access threat indicators from the collective organizations onboarded.  

Government can play an important role in helping protect civil society from cyberattacks as well. Since the Summit for Democracy last year, Cloudflare has been working closely with the Joint Cyber Defense Collaborative (JCDC), which is run by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), on their High-Risk Communities initiative. Earlier this year, JCDC launched a web page outlining cybersecurity resources for civil society communities facing digital security threats because of their work. The effort includes tools and services that nonprofits can use to secure themselves online, including those offered under Project Galileo.

In many ways, the creation of Project Galileo altered the trajectory of the company. Project Galileo cemented the idea that protecting and keeping important organizations online, regardless of whether they could pay us, was part of Cloudflare’s DNA. It pushed us to innovate to improve security not only for the large enterprises that pay us, but for the small organizations doing good for the world that cannot afford to pay for the latest technological innovation. It gave us our mission – to help build a better Internet – and a standard to live up to and measure ourselves against.

To meet that standard, we routinely reach out to offer our services to important organizations in need. In 2022, after Russia’s invasion of Ukraine, Cloudflare jumped in to offer services to Ukrainian critical infrastructure facing a barrage of cyberattacks and have continued providing them services ever since. At our Project Galileo event, the State Department’s Special Envoy and Coordinator for Digital Freedom read an email she’d received from Ukraine’s Deputy Foreign Minister and Chief Digital Transformation officer of Ukraine the night before:

It is absolutely definite that Cloudflare services provide a vital layer of cybersecurity within the Ukrainian segment of cyberspace. Numerous DDoS attacks are directed at state electronic services, fintech, official information sources. So if there was no Cloudflare as a proven protection against DDoS attacks, it would have serious consequences causing chaos, especially when these attacks are synchronized by the enemy in parallel with kinetic attacks.

We’ve launched sections of Cloudflare Radar designed to use Cloudflare’s network to help civil society monitor Internet outages and disruptions, as well as route hijacks and other traffic anomalies. We’ve participated in the Freedom Online Coalition’s Task Force on Internet Shutdowns.

Project Galileo also helped pave the way for a variety of Cloudflare projects to provide other at-risk populations free services. These programs include:

• Athenian Project: Launched in 2017, the Athenian Project is Cloudflare’s program to protect election-related domains for state and local governments so that citizens have reliable access to information on voter registration, polling places, and the reporting of election results.

• Cloudflare for Campaigns: Launched in 2020, Cloudflare for Campaigns helps secure US political candidates’ election websites and internal data while also ensuring site reliability during peak traffic periods. The program is run in partnership with Defending Digital Campaigns.

• Project Pangea: Launched in 2021, Project Pangea is a program to provide secure, performant and reliable access to the Internet for community networks that support underserved communities.

• Project Safekeeping: Launched in 2022, Project Safekeeping supports at-risk critical infrastructure entities in Australia, Japan, Germany, Portugal, and the UK by providing Zero Trust and application security solutions.

• Project Cybersafe Schools: Launched in 2023, Project Cybersafe Schools equips small public school districts in the US with Zero Trust services, including email protection and DNS filtering.

• Project Secure Health: Launched on June 10, 2024, Project Secure Health provides security tools to Australia’s general practitioner clinics to safeguard patient data and counter challenges such as data breaches, ransomware attacks, phishing scams, and insider threats.

The world has only gotten more complicated since we first launched Project Galileo in 2014. We face real challenges ranging from malicious cyber actors targeting critical infrastructure, to election interference, to data theft. Governments have responded with increasingly aggressive attempts to control aspects of the Internet. At our recent celebration of Project Galileo, we lamented the thirteenth consecutive year of decline of global Internet freedom, as documented by our Project Galileo partner Freedom House.

But one thing has not changed. We continue to believe the single, global Internet is a miracle that we should all be fighting for. We sometimes forget that the Internet is an incredibly radical concept. The world somehow came together over the last 40 years, agreed on a set of standards, and then made it so that a collection of networks could all exchange data. And that miracle that is the Internet has brought incredible opportunities for the voices of civil society to be heard, to help extend their impact, to spread their message, and to keep them connected.

Connecting everyone online in a permissionless way comes with real harms and real risks. But we need to be surgical as we address those challenges. We need to partner to find solutions that preserve the open Internet, much as we do with projects like Project Galileo. Even if we are at a moment of democratic decline, continuing to defend the open, interoperable Internet preserves space and capacity for a future in which the Internet can also fuel greater freedom.

In celebration of Project Galileo's 10th anniversary, we want to give you a snapshot of what organizations that work in the public interest experience on an everyday basis when it comes to keeping their websites online. With this, we are publishing the Project Galileo 10th anniversary Radar dashboard with the aim of providing valuable insights to researchers, civil society members, and targeted organizations, equipping them with effective strategies for protecting both internal information and their public online presence.

• Under Project Galileo, we protect more than 2,600 Internet properties in 111 countries.

• Between May 1, 2023, and March 31, 2024, Cloudflare blocked 31.93 billion cyber threats against organizations protected under Project Galileo. This is an average of nearly 95.89 million cyber attacks per day over the 11-month period.

• When looking at the different organizational categories, journalism and media organizations were the most attacked, accounting for 34% of all attacks targeting the Internet properties protected under the Project in the last year, followed by human rights organizations at 17%.

• On October 11, 2023, Cloudflare detected one of the largest attacks we’ve seen against an organization under Project Galileo, targeting a prominent independent journalism website covering stories in Russia and across Eastern Europe. We identified a DDoS attack that peaked at 7 million requests per second, with an attack duration of 7 minutes. In total, 1.9 billion DDoS requests targeting the attacked organization were mitigated that day.

• We saw two attacks against an organization that manages vital Internet infrastructure in the Middle East. We mitigated 177 million DDoS requests targeting the organization over a three-hour period in October 2023. The second attack in December 2023 reached 42.6 million requests that were mitigated over a two-hour period.

• We observed an attack targeting LGBT Foundation, a UK-based LGBTQ+ organization, during the beginning of Pride Month in June 2023. Cloudflare mitigated 144.7 million requests to this organization on June 2, 2023. In addition to this spike in June, we also saw another attack on August 26, 2023, which coincided with Manchester Pride. This second attack peaked at 1.46 million requests per second before finally subsiding on August 29.

This year, we broke down the dashboard into several sections:

• Global civil society and human rights organizations

• Global journalism and media organizations

• Organizations based in Ukraine

• Organizations in Israel and Palestine

• Voting rights organizations based in the United States

Check out the full report here.

The number of journalists imprisoned worldwide has grown in recent years. Reporters are increasingly at risk of being censored or shut down by governments or falling victim to cyberattacks. Project Galileo started as an initiative to protect free expression online. It’s grown to not only protect journalists, but also organizations working in the public interest such as voting rights groups, environmental activists, human rights defenders and more. We’ve seen journalists targeted on the Internet for various reasons, often stemming from the sensitive and impactful nature of their work. To that end, we’ve partnered with prominent organizations such as Internews, Center for International Media Assistance, International Press Institute, International Media Support, and many more to identify where our services are needed.

As the conflict in Ukraine continues, Cloudflare has been providing protection to journalists reporting on the conflict, human rights organizations helping refugees on the ground, and groups that have built mobile apps giving people early warnings of missile strikes.

Among them is Russian-born Galina Timchenko, co-founder, CEO, and owner of independent news outlet Meduza. A recent investigation by Access Now and the Citizen Lab reveals Timchenko had her iPhone infected with NSO Group's Pegasus spyware during a trip to Berlin, Germany around February 10, 2023. This is the first documented case of Pegasus infection against a Russian journalist, which shows the growing suspicions among European Union governments regarding Russian civil society in exile. Labeled as an "undesirable organization" and blocked by the Russian government, Meduza operates out of Latvia to maintain editorial independence as it continues to publish news focused on covering stories in Russia and the former Soviet Union, including the conflict in Ukraine.

Meduza is an example of an important organization that lacks the resources to protect itself against intensive online attacks. On a single day in October 2023, Meduza came under DDoS attack peaking at 7 million requests per second and lasting 7 minutes—an onslaught which would have disabled the site under normal circumstances.

We’ve reported on patterns of wartime violence coinciding with cyberattacks. Unfortunately, these trends have continued during the war between Israel and Hamas, and the humanitarian crisis in Gaza. Under Project Galileo, we protect a range of organizations based in the region that work to provide emergency response service, vital equipment for hospitals, crowdfunding platforms supporting the Muslim community worldwide, and more. We saw an increase in traffic after October 7, 2023, to both Israeli and Palestinian organizations, coinciding with the start of the Israel-Hamas war.

As we explored the data further, we saw an attack against a prominent organization based in the United Kingdom that works to secure Palestinian human rights, observing two dates on which there was an increase in mitigated traffic. The first, on October 15, 2023, coincided with the national demonstration in London in support of Palestine. We see in the first spike the requests go from 0 to 44,500 mitigated requests per second within two minutes. When we took a closer look, we identified that many of the requests were mitigated by Cloudflare’s Security Level, a product that uses the threat score (IP reputation) to decide whether to present a challenge to the visitor. The second spike, on February 21, 2024, coincided with UK lawmakers calling for cease-fire in the Israel-Hamas war. This peaked at 10,500 mitigations per second that lasted 40 minutes with an average of 6,638 requests per second.

As we reviewed the data, we saw two attacks against an organization that manages vital Internet infrastructure in the Middle East. Attacking infrastructure entities like domain name registries and registrars is not new, as we saw in Ukraine during the beginning of the war in March 2022, and follows an unsettling trend of targeting broad swaths of a country’s Internet infrastructure.

We saw two notable spikes in traffic, the first in October and second in December 2023. The first attack took place in three waves on October 18 and 19th, peaking around 78,500 requests per second. In total, the attack went from 2.48 million requests to 177.42 million requests mitigated per day.

On December 20-21, 2023, there was an attack that lasted more than 2 hours, averaging 8,600 requests per second throughout that period, reaching as high as 13,830 requests per second. In total, this attack saw 42.6 million daily requests mitigated.

Here we’ve provided just a snapshot of what organizations see on a daily basis when it comes to keeping their websites online. For more information on attacks against organizations protected under Project Galileo, check out the full Radar report.

If you are an organization looking for protection under Project Galileo, please visit our website: cloudflare.com/galileo.

Internet security and reliability has become deeply personal. This holds true for many of us, but especially those who work with vulnerable communities, political dissidents, journalists in authoritarian nations, or human rights advocates. The threats they face, both in the physical world and online, are steadily increasing.

At Cloudflare, our mission is to help build a better Internet. With many of our Impact projects, which protect a range of vulnerable voices from civil society, journalists, state and local governments that run elections, political campaigns, political parties, community networks, and more, we’ve learned how to keep these important groups secure online. But, we can’t do it alone. Collaboration and sharing of best practices with multiple stakeholders to get the right tools into the groups that need them is essential in democratizing access to powerful security tools.

Civil society has historically been the voice for sharing information about attacks that target vulnerable communities, both online and offline. In the last few years, we see governments increasingly appreciating how cyberattacks affect vulnerable voices and make an effort to identify the risks to these communities, and the resources available to protect them.

In March 2023, the US government launched the Summit for Democracy co-hosted by Costa Rica, Zambia, the Netherlands, and South Korea. We’ve written about our work at the summit and commitments on a wide range of actions to help advance human rights online. We were also proud to be included in US Agency for International Development's (USAID) announcement, as part of the second summit in South Korea in March 2024, as a potential technology partner for the Advancing Digital Democracy Academy initiative, which will offer skills training in cybersecurity, cloud computing, responsible AI to support governments, civil society organizations, and other vulnerable groups.

With multistakeholder collaboration a growing effort, we want to give you insight into our ongoing efforts with the US Cybersecurity and Infrastructure Security Agency through the Joint Cyber Defense Collaborative (JCDC) to work together to raise awareness about threats to civil society, best practices that groups can use to protect themselves online today, and new resources developed for these vulnerable communities.

Civil society organizations, which include non-governmental organizations, community-based organizations, and advocacy groups, face a wide range of threats and challenges that can vary depending on their location, focus areas, and activities. These threats can come from various sources, offline and online, from governments, non-state actors, and external influences.  

Since our founding, we’ve provided a set of free services based on the idea that democratizing access to cybersecurity products makes the Internet safer and faster for a broader audience. Since 2014, we’ve continued to strengthen this idea with Project Galileo, providing a higher level of protection to vulnerable voices. Fast forward to 2024, and we now protect more than 2,600 organizations in 111 countries under Project Galileo, allowing us to gain a better understanding of threats these organizations face on a daily basis. In June 2023, we published a report showing that between July 1, 2022, and May 5, 2023, Cloudflare mitigated 20 billion attacks against organizations protected under the project, an average of nearly 67.7 million cyber attacks per day over the 10 month period.

We continue to learn more about cyberattacks against these groups and how to better equip them with the tools they need to stay online. Our Q2 2023 DDoS report, for example, noted that 17.6% of all traffic to nonprofits was DDoS traffic, and that nonprofits were the second most targeted sector for DDoS. In addition, we see prominent civil society organizations, like our partner the International Press Institute, fall victim to a cyber attack after releasing a report identifying multiple DDoS attacks against many independent media outlets in Hungary over a five month period.

It is easy to provide overall statistics on the number of cyber attacks we see against organizations under Project Galileo. But that doesn't provide the whole story on what attacks look like in practice or how organizations can defend against them in real time.

When we were developing our Radar dashboard for the 9th anniversary of Project Galileo, we came across a noteworthy incident that involved an organization reporting on international legal issues, which highlights the importance of having security measures in place, even for organizations that do not believe they are a target. This event occurred between March 17 and March 18, 2023. On March 17, an international arrest warrant was issued for Russian President Vladimir Putin and Russian official Maria Lvova-Belova in connection with an alleged plot to relocate Ukrainian children to Russia.

Before and after this incident, the organization's website experienced low levels of traffic. However, on March 17, we observed a sudden surge in request traffic, escalating from under 1,000 requests per second to approximately 100,000 requests per second within a four-hour window, reaching its peak at 19:00 UTC. Fortunately, the majority of this traffic was effectively managed by our Web Application Firewall. Another notable spike occurred on March 18, with the peak occurring at 09:45 UTC, surpassing 667,000 requests per second. Almost all of these requests were identified as Distributed Denial of Service (DDoS) attacks, as illustrated in the chart above. Throughout March 18, Cloudflare successfully thwarted a total of 844.4 million requests categorized as application layer DDoS attacks.

This incident highlights a recurring theme that we encounter within Project Galileo. Many organizations may remain unaware of their vulnerability to cyberattacks until their website is targeted by a disruptive DDoS attack. In this instance, the organization maintained its online presence throughout the entire attack, likely only discovering the abnormal surge in traffic after the attack had subsided.

This is just one example of an attack targeting an organization under Project Galileo, but they happen every day. But don’t just take it from us, check out more stories from organizations on how they stay secure online.

One of the ways we expand our protections with Project Galileo is through partnerships and collaborations. We currently work with more than 50 civil society organizations who approve organizations for protection under Project Galileo. The role of our civil society partners is essential as they have the knowledge and expertise around organizations that need these types of services.

When JCDC reached out to us about an initiative focused on protecting vulnerable communities online, we were excited to help make resources more accessible from a trusted voice. As governments increasingly identify the need for cybersecurity services for vulnerable communities, they have the ability to make these resources accessible and bring together multiple stakeholders to help promote best security practices. With JCDC, we are collaborating on three working groups to cover a range of topics that include crowdsourcing resources available for at-risk communities, developing new resources for these groups, cyber volunteer programs from companies and civil society, information sharing and development of threat reports and more.

With a range of stakeholders including civil society, tech companies, and CISA, we’ve been able to identify opportunities to build capacity and transparency strategies when it comes to extending products to these communities. We hope that other governments can see these efforts on providing protections to vulnerable communities as a model for effective collaboration.

As part of our working groups with JCDC, we focused on enhancing the baseline of cyber hygiene for civil society organizations and improving resilience and response capabilities in the face of a cyberattack. We put together a list of tools and resources that are available for much of these groups that include:

• Cloudlare’s Social Impact portal to help organizations navigate how to keep their website secure on Cloudflare.

• Zero Trust Security for vulnerable communities: In this roadmap, created by Cloudflare, intended for civil society and at-risk organizations, we hope to demystify the work of Zero Trust security and offer easy to follow steps to boost your cyber security efforts in your organization. This roadmap includes a range of Cloudflare’s security products with case studies for civil society, level of effort to implement, and the teams involved to make the complex world of cyber security more accessible and understandable to a wider audience.

• Cloudflare Radar and the Outage Center to track Internet shutdowns: In addition to the route leaks and route hijacks insights, we have Radar notification functionality, enabling organizations to subscribe to notifications about traffic anomalies, confirmed Internet outages, route leaks, or route hijacks.

• JCDC’s CISA Awareness site: CISA—through JCDC—has compiled a list of cybersecurity resources intended to help high-risk communities who are at heightened risk of being targeted by cyber threat actors because of their identity or work.

There is still a lot of work to be done when it comes to protecting vulnerable voices. We hope that by collaborating with a range of stakeholders from governments, civil society, and tech companies we can better share tools and expertise to help these communities navigate the complex digital environments we find ourselves in. We remain committed to this crucial mission in the years to come and look forward to creating more partnerships to expand our products into new areas.If you are an organization looking for protection under Project Galileo, please visit our website: cloudflare.com/galileo.

At Cloudflare, through Project Galileo, we are committed to safeguarding Jewish and Holocaust educational websites. This initiative offers complimentary protection to vulnerable groups worldwide. You can apply for the project using this form.

Today more than ever, it’s important to ensure educational websites about the Holocaust are protected and available. Education about the Holocaust helps communities understand the dangers of prejudice and dehumanization, and can play an important role in combating antisemitism. As only 13 countries worldwide have mandated Holocaust education, publicly available resources play an important role in ensuring access to information.

According to the Anti-Defamation League, over 1 billion people globally are reported to hold antisemitic attitudes. In the United States, the Anti-Defamation League has reported that antisemitic sentiments are held by about 10% of the population and has identified a decade-long rise in antisemitic incidents, increasing by 360% following the October 7 Hamas-led attack on Israel. The European Commission has also described a dramatic surge in antisemitism in Europe, with incidents in London alone rising by 1,350% post-October 7. This alarming trend indicates a growing need for awareness and educational efforts. We are proud to do our part, and provide cyber defenses to ensure the availability of online educational resources.

In 2023, these defenses mitigated over 35.7 million malicious HTTP requests that targeted Jewish and Holocaust educational websites. This represents a staggering 2,190% increase in malicious requests compared to 1.6 million requests in 2022. This figure includes all types of application-layer cyber attacks including Distributed Denial of Service (DDoS) attacks that aim to take down websites and all other common application attacks that were mitigated by our Web Application Firewall (WAF) suite. On average, Cloudflare mitigated 4,000 malicious requests every hour.

Mitigated requests against Jewish and Holocaust education websites

The 35.7 million HTTP requests that were mitigated by Cloudflare accounted for 2.6% of all inbound requests to Jewish and Holocaust educational websites in 2023. When we normalize the amount of mitigated requests by the total inbound requests to those websites, in order to remove any data biases, we still see a significant increase.

In 2023, the percentage of mitigated requests towards Jewish and Holocaust educational websites grew from 0.3% in 2022 to 2.6% in 2023. This represents an 872% year-over-year growth. For comparison, between 2020 and 2021, this share of mitigated requests towards these websites grew by 60% and between 2021 and 2022 it grew by 78%. So in 2023, the growth rate of mitigated requests grew 12 times more than in previous years.

Percentage of mitigated requests against Jewish and Holocaust education websites out of total requests

The rise in cyber attacks against Jewish and Holocaust educational websites coincides with an overall increase of 27% in DDoS attacks against Israeli websites. More can be found in our latest DDoS threat report and our unique coverage of the cyber attacks that immediately followed the October 7 attack.

As we conclude this post on International Holocaust Remembrance Day, it's clear that the fight against antisemitism and cyber threats is more crucial than ever. At Cloudflare, we are steadfast in our commitment to helping build a safer, better Internet. We understand the importance of protecting educational websites and communities from cyber attacks, and we encourage everyone to take a stand with us. Even our free plan offers robust security and performance capabilities, ensuring that critical resources and websites are safeguarded and available. Together, we can make a meaningful difference and ensure that the lessons of history are preserved and protected.

If you follow Cloudflare, you know that Birthday Week is a big deal. We’ve taken a similar approach to Project Galileo since its founding in 2014. For the anniversary, we typically give an overview of what we have learned to protect the most vulnerable in the last year and announce new product features, partnerships, and how we’ve been able to expand the project.

When our Cloudflare Impact team was preparing for the anniversary, we noticed a theme. Many of the projects we worked on throughout the year involved Project Galileo. From access to new products, development of privacy-enhancing technologies, collaborations with civil society and governments, we saw that the project played a role in either facilitating conversation with the right people or bridging gaps.

After reflecting on the last year, we’ve seen a project that was initially intended to keep journalism and media sites online grew into more. So, for this year, in addition to new announcements, we want to take the time to reflect on how we have seen Project Galileo transform and how we look toward the future in protecting the most vulnerable on the Internet.

The original goal of Project Galileo was simple. Although Cloudflare had free services available to anyone online, including cyber security services like unmetered DDoS protection, based on meetings with the Committee to Protect Journalists and others, we thought there was more we could do to help important but vulnerable voices online.

To that end, we launched Project Galileo to provide free access to additional Cloudflare services for qualifying organizations. Predictably, our first challenge was deciding exactly how to determine which organizations should qualify for the program. We knew generally that we wanted to help journalists, human rights defenders, civil rights activists, and other humanitarian organizations. We also thought it would be a better, more transparent program if Cloudflare were not making those decisions on our own.

So, we recruited as many well-respected organizations working in those fields as we could. When we launched, we were incredibly excited that we had 14 organizations willing to volunteer their time to help us. Nine anniversaries later, not only are we still working with all of our original partners, often on a daily basis to review and approve new Project Galileo participants, but our partner list has actually grown to 50 organizations, including the Council of Europe and the Business & Human Rights Resource Centre.

With their help, Project Galileo now protects more than 2,271 organizations in 111 countries. In addition to helping us grow the number of organizations participating in the program, our growing list of partners has also helped drive a number of expansions and other projects, which continue to make the Internet a safer place.

• Helping with new issues: In September 2022, Cloudflare extended Project Galileo services to abortion rights groups through our partnership with Digital Defense Fund, an organization that works to provide digital security tools for the abortion access movement. Extending privacy and security services to those that support access to safe and legal abortion and advocated for the right to protect and expand reproductive freedom was the right thing to do and we were proud to do it.

• Adding new services — internal networks: As Cloudflare has developed new product features, we've worked with our partners to determine which would be the most helpful to provide to vulnerable communities. In 2022, Cloudflare added Zero Trust security products for organizations under Project Galileo (and the Athenian Project). As a result, Project Galileo not only protects our participants' web properties, but is also helping secure internal networks for organizations like CyberPeace Institute, Meedan, Organization of American States (OAS), and The Information Technology Disaster Resource Center (ITDRC). We also created the Cloudflare Social Impact Portal, which provides step-by-step onboarding instructions, videos, and tutorials to help onboard Cloudflare Zero Trust products, specifically tailored for nonprofit organizations.

• Tracking Internet shutdowns: In 2021, working with Access Now, Internews, the Carter Center, National Democratic Institute, Internet Society, and the International Foundation for Electoral Systems, the Cloudflare Radar team launched an alert tool to help identify outages for human rights organizations that track Internet shutdowns. In 2022, we launched alerts with Radar 2.0 and API access to make it easier for those organizations as well as other civil society groups and journalists to automatically integrate Cloudflare network data into their monitoring tools.

• Working with governments to protect human rights defenders: As a result of our work with Project Galileo, Cloudflare has been able to work with our partners to share our experience and best practices with the US State Department, US Agency for International Development (USAID), and other government agencies that are helping advance global privacy and security protocols to support democratic governance, privacy, and protections for human rights defenders online. As part of that work, Cloudflare made a number of additional commitments as part of the 2023 Summit for Democracy, including making post-quantum encryption available for all Cloudflare customers and Project Galileo participants at no charge.

At Cloudflare, we often talk about how we are just getting started, which is true for Project Galileo as well. But, before we talk about what's new this year, it's worth taking a moment to appreciate not only how the program has grown, but also how the community that has developed around it has helped launch other new ideas and initiatives to help advance human rights online.

For the ninth anniversary, we want to focus on access to affordable cyber security tools and what we have learned protecting the most vulnerable communities. That is in the form of new technical resources, a Radar report on cyber threats to Galileo organizations, partnerships to expand product offerings, and more.

This year, we are happy to announce an extension of our partnership with the CyberPeace Institute to provide Area 1 tools to Development and Humanitarian Organizations (DHOs) as part of Project Galileo. Over the course of the partnership, CyberPeace Institute will onboard their network of NGOs that are part of the CyberPeace Builders program  and act as a centralized point of contact to feed real-time security alerts  with a focus on phishing campaigns to civil society organizations.

"United against cyber threats, the CyberPeace Institute and CloudFlare stand tall, safeguarding civil society organizations from the treacherous tide of phishing campaigns. Together, we defend the defenders and empower the champions of peace in the digital realm."- Stéphane Duguin, CEO, CyberPeace Institute

At Cloudflare, we think it is important to have affordable cyber security tools, as the threats are increasing in frequency and sophistication, and organizations and individuals alike need effective tools to protect themselves from these threats. As part of our Zero Trust offering under Project Galileo, we have created a new Zero Trust Roadmap for high-risk organizations to make the complex world of cyber security more accessible and understandable to a wider audience.

For the Project Galileo 9th anniversary, we wanted to identify the types of attacks these groups face to better equip researchers, civil society, and organizations that are targeted with best practices for safeguarding their websites and internal data. With that, we developed a Radar report aimed at highlighting organizations that were the center of public debate in the last year. Specifically, organizations that support LGBTQ+ rights, civil society, pro-choice advocacy and health, and in Ukraine.

Our main findings:

• Between July 1, 2022, and May 5, 2023, Cloudflare mitigated 20 billion attacks against organizations protected under Project Galileo. This is an average of nearly 67.7 million cyber attacks per day over the last 10 months.

• For LGBTQ+ organizations, we saw an average of 790,000 attacks mitigated per day over the last 10 months, with a majority of those classified as DDoS attacks.

• Attacks targeting civil society organizations are generally increasing. We have broken down an attack aimed at a prominent organization, with the request volume climbing as high as 667,000 requests per second. Before and after this time the organization saw little to no traffic.

• In Ukraine, spikes in traffic to organizations that provide emergency response and disaster relief coincide with bombings of the country over the 10-month period.

In addition, we launched new case studies and added content to our Cloudflare Social Impact Portal to help organizations stay secure with our security offerings. Cloudflare is sponsoring Access Now’s RightsCon and we are excited to be attending the conference in Costa Rica to bring together many of our Project Galileo civil society partners. RightsCon convenes a broad range of civil society groups and business and public sector stakeholders to talk and learn about digital rights issues.

The last year has shown us a lot on how we can use Project Galileo beyond just protecting vulnerable voices, but to work in new avenues to extend Cloudflare’s protection and provide our expertise to a range of groups working in digital security issues. As we look toward the next year, we will continue to look for new ways to expand our protections to at-risk groups around the world.

If you are an organisation looking for protection under Project Galileo, please visit our website: cloudflare.com/galileo.

On Tuesday, March 28, 2023, the US Government will launch the Summit for Democracy 2023, following up on the inaugural Summit for Democracy 2021. The Summit is co-hosted by the United States, Costa Rica, Zambia, the Netherlands, and South Korea. Cloudflare is proud to participate in and contribute commitments to the Summit because we believe that everyone should have access to an Internet that is faster, more reliable, more private, and more secure.  We work to ensure that the responsibility to respect human rights is embedded throughout our business functions. Cloudflare’s mission — to help build a better Internet — reflects a long-standing belief that we can help make the Internet better for everyone.

Our mission and core values dovetail with the Summit’s goals of strengthening democratic governance, respect for human rights and human rights defenders, and working in partnership to strengthen respect for these values. As we have written about before, access to the Internet allows activists and human rights defenders to expose abuses across the globe, allows collective causes to grow into global movements, and provides the foundation for large-scale organizing for political and social change in ways that have never been possible before.

In December 2021, in an effort to respond to challenges to democracy worldwide, the United States held the first ever global Summit for Democracy. The Summit provided an opportunity to strengthen collaboration between democracies around the world and address common challenges from authoritarian threats.  The United States invited over 100 countries plus the President of the European Commission and the United Nations Secretary-General. The Summit focused on three key themes: (1) defending against authoritarianism; (2) addressing and fighting corruption; and (3) promoting respect for human rights, and gave participants an opportunity to announce commitments, reforms, and initiatives to defend democracy and human rights. The Summit was followed by a Year of Action, during which governments implemented their commitments to the Summit.

The 2023 Summit will focus more directly on partnering with the private sector to promote an affirmative vision for technology by countering the misuse of technology and shaping emerging technologies so that they strengthen democracy and human rights, which Cloudflare supports in theory and in practice.

The three-day Summit will highlight the importance of the private sector’s role in responding to challenges to democracy. The first day of the Summit is the Thematic Day, where Cabinet-level officials, the private sector and civil society organizations will spotlight key Summit themes. On the second day of the Summit, the Plenary Day, the five co-hosts will each host a high-level plenary session. On the final day of the Summit, Co-Host Event Day, each of the co-hosts will lead high-level regional conversations with partners from government, civil society, and the private sector.

Cloudflare will be participating in the Thematic Day and the Co-Host Event Day in Washington, DC, in addition to other related events.

In advance of the 2023 Summit, the United States issued a Call to Action to the private sector to consider commitments that advance an affirmative agenda for democratic renewal. The United States encouraged the private sector to make commitments that align with the Presidential Initiative on Democratic Renewal, the Declaration on the Future of the Internet, and the Summit’s four objectives:

• Countering the misuse of technology

• Fighting corruption

• Protecting civic space

• Advancing labor rights

Cloudflare answered the United States’s call to action and made commitments to (1) help democratize post-quantum cryptography; (2) work with researchers to share data on Internet censorship and shutdowns; and (3) engage with civil society on Internet protocols and the application of privacy-enhancing technologies.

At Cloudflare, we believe to enhance privacy as a human right the most advanced cryptography needs to be available to everyone, free of charge, forever. Cloudflare has committed to including post-quantum cryptography for free by default to all customers – including individual web developers, small businesses, non-profits, and governments. In particular, this will benefit at-risk groups using Cloudflare services like humanitarian organizations, human rights defenders, and journalists through Project Galileo, as well as state and local government election websites through the Athenian Project, to help secure their websites, APIs, cloud tools and remote employees against future threats.

We believe everyone should have access to the next era of cybersecurity standards–instantly and for free. To that end, Cloudflare will also publish vendor-neutral roadmaps based on NIST standards to help businesses secure any connections that are not protected by Cloudflare. We hope that others will follow us in making their implementations of post-quantum cryptography free so that we can create a secure and private Internet without a “quantum” up-charge.  More details about our commitment is here and here.

Cloudflare commits to working with researchers to share data about Internet shutdowns and selective Internet traffic interference and to make the results of the analysis of this data public and accessible. The Cloudflare Network includes 285 locations in over 100 countries, interconnects with over 11,500 networks globally, and serves a significant portion of global Internet traffic. Cloudflare shares aggregated data on the Internet's patterns, insights, threats and trends with the public through Cloudflare Radar, including providing alerts and data to help organizations like Access Now's KeepItOn coalition, the Freedom Online Coalition, the Internet Society, and Open Observatory of Network Interference (OONI) monitor Internet censorship and shutdowns around the world. Cloudflare commits to working with research partners to identify signatures associated with connection tampering and failures, which are believed to be caused primarily by active censorship and blocking. Cloudflare is well-positioned to observe and report on these signatures from a global perspective, and will provide access to its findings to support additional tampering detection efforts.

Cloudflare believes that meaningful consultation with civil society is a fundamental part of building an Internet that advances human rights. As Cloudflare works with Internet standards bodies and other Internet providers on the next-generation of privacy-enhancing technologies and protocols, like protocols to encrypt Domain Name Service records and Encrypted Client Hello (ECH) and privacy enhancing technologies like OHTTP, we commit to direct engagement with civil society and human rights experts on standards and technologies that might have implications for human rights.

Cloudflare has long worked with industry partners, stakeholders, and international standards organizations to build a more private, secure, and resilient Internet for everyone. For example, Cloudflare has built privacy technologies into its network infrastructure, helped develop and deploy TLS 1.3 alongside helping lead QUIC  and other Internet protocols, improve transparency around routing and public key infrastructure (PKI), and operating a public DNS resolver that supports encryption protocols. Ensuring civil society and human rights experts are able to contribute and provide feedback as part of those efforts will make certain that future development and application of privacy-enhancing technologies and protocols are consistent with human rights principles and account for human rights impacts.

Our commitments to democratizing post-quantum cryptography, working with researchers on Internet censorship and shutdowns, and engaging with civil society on Internet protocols and the development and application of privacy-preserving technologies will help to secure access to a free, open, and interconnected Internet.

In the lead-up to the Summit, Cloudflare has been working in partnership with the US Department of State, the National Security Council, the US Agency for International Development (USAID), and various private sector and civil society partners to prepare for the Summit. As part of our involvement, we have also contributed to roundtables and discussions with the Center for Strategic and International Studies, GNI, the Design 4 Democracy Coalition, and the Freedom Online Coalition. Cloudflare is also participating in official meetings and side events including at the Carnegie Endowment for International Peace and the Council on Foreign Relations.

In addition to the official Summit events, there are a wide range of events organized by civil society which the Accountability Lab has created a website to highlight. Separately, on Monday, March 27 the Global Democracy Coalition convened a Partners Day to organize civil society and other non-governmental events. Many of these events are being held by some of our Galileo partners like the National Democratic Institute, the International Republican Institute, Freedom House, and the Council of Europe.

Cloudflare is grateful for all of the hard work that our partners in government, civil society, and the private sector have done over the past few months to make this Summit a success. At a time where we are seeing increasing challenges to democracy and the struggle for human rights around the world, maintaining a secure, open, Internet is critical. Cloudflare is proud of our participation in the Summit and in the commitments we are making to help advance human rights. We look forward to continuing our engagement in the Summit partnership to fulfill our mission to help build a better Internet.

The Internet has become a significant factor in geopolitical conflicts, such as the ongoing war in Ukraine. Tomorrow marks one year since the Russian invasion of that country. This post reports on Internet insights and discusses how Ukraine's Internet remained resilient in spite of dozens of disruptions in three different stages of the conflict.

Key takeaways:

• Internet traffic shifts in Ukraine are clearly visible from east to west as Ukrainians fled the war, with country-wide traffic dropping as much as 33% after February 24, 2022.

• Air strikes on energy infrastructure starting in October led to widespread Internet disruptions that continue in 2023.

• Application-layer cyber attacks in Ukraine rose 1,300% in early March 2022 compared to pre-war levels.

• Government administration, financial services, and the media saw the most attacks targeting Ukraine.

• Traffic from a number of networks in Kherson was re-routed through Russia between June and October, subjecting traffic to Russia’s restrictions and limitations, including content filtering. Even after traffic ceased to reroute through Russia, those Ukrainian networks saw major outages through at least the end of the year, while two networks remain offline.

• Through efforts on the ground to repair damaged fiber optics and restore electrical power, Ukraine’s networks have remained resilient from both an infrastructure and routing perspective. This is partly due to Ukraine’s widespread connectivity to networks outside the country and large number of IXPs.

• Starlink traffic in Ukraine grew over 500% between mid-March and mid-May, and continued to grow from mid-May through mid-November, increasing nearly 300% over that six-month period. For the full period from mid-March (two weeks after it was made available) to mid-December, it was over a 1,600% increase, dropping a bit after that.

In Ukraine, human Internet traffic dropped as much as 33% in the weeks following February 24. The following chart shows Cloudflare’s perspective on daily traffic (by number of requests).

Internet traffic levels recovered over the next few months, including strong growth seen in September and October, when many Ukrainian refugees returned to the country. That said, there were also country-wide outages, mostly after October, that are discussed below.

14% of total traffic from Ukraine (including traffic from Crimea and other occupied regions) was mitigated as potential attacks, while 10% of total traffic to Ukraine was mitigated as potential attacks in the last 12 months.

Before February 24, 2022, typical weekday Internet traffic in Ukraine initially peaked after lunch, around 15:00 local time, dropped between 17:00 and 18:00 (consistent with people leaving work), and reached the biggest peak of the day at around 21:00 (possibly after dinner for mobile and streaming use).

After the invasion started, we observed less variation during the day in a clear change in the usual pattern given the reported disruption and “exodus” from the country​. During the first few days after the invasion began, peak traffic occurred around 19:00, at a time when nights for many in cities such as Kyiv were spent in improvised underground bunkers. By late March, the 21:00 peak had returned, but the early evening drop in traffic did not return until May.

When looking at Ukraine Internet requests by type of traffic in the chart below (from February 10, 2022, through February 2023), we observe that while traffic from both mobile and desktop devices dropped after the invasion, request volume from mobile devices has remained higher over the past year. Pre-war, mobile devices accounted for around 53% of traffic, and grew to around 60% during the first weeks of the invasion. By late April, it had returned to typical pre-war levels, falling back to around 54% of traffic. There’s also a noticeable December drop/outage that we’ll go over below.

The invasion brought attacks and failing infrastructure across a number of cities, but the target in the early days wasn’t the country’s energy infrastructure, as it was in October 2022. In the first weeks of the war, Internet traffic changes were largely driven by people evacuating conflict zones with their families. Over eight million Ukrainians left the country in the first three months, and many more relocated internally to safer cities, although many returned during the summer of 2022. The Internet played a critical role during this refugee crisis, supporting communications and access to real-time information that could save lives, as well as apps providing services, among others.

There was also an increase in traffic in the western part of Ukraine, in areas such as Lviv (further away from the conflict areas), and a decrease in the east, in areas like Kharkiv, where the Russian military was arriving and attacks were a constant threat. The figure below provides a view of how Internet traffic across Ukraine changed in the week after the war began (a darker pink means a drop in traffic — as much as 60% — while a darker green indicates an increase in Internet traffic — as much as 50%).

Source: https://datawrapper.dwcdn.net/dsUSJ/2/

The biggest drops in Internet traffic observed in Ukraine in the first days of the war were in Kharkiv Oblast in the east, and Chernihiv in the north, both with a 60% decrease, followed by Kyiv Oblast, with traffic 40% lower on March 2, 2022, as compared with February 23.

In western Ukraine, traffic surged. The regions with the highest observed traffic growth included Rivne (50%), Volyn (30%), Lviv (28%), Chernivtsi (25%), and Zakarpattia (15%).

At the city level, analysis of Internet traffic in Ukraine gives us some insight into usage of the Internet and availability of Internet access in those first weeks, with noticeable outages in places where direct conflict was going on or that was already occupied by Russian soldiers.

North of Kyiv, the city of Chernihiv had a significant drop in traffic the first week of the war and residual traffic by mid-March, with traffic picking up only after the Russians retreated in early April.

In the capital city of Kyiv, there is a clear disruption in Internet traffic right after the war started, possibly caused by people leaving, attacks and use of underground shelters.

Near Kyiv, we observed a clear outage in early March in Bucha. After April 1, when the Russians withdrew, Internet traffic started to come back a few weeks later.

In Irpin, just outside Kyiv, close to the Hostomel airport and Bucha, a similar outage pattern to Bucha was observed. Traffic only began to come back more clearly in late May.

In the east, in the city of Kharkiv, traffic dropped 50% on March 3, with a similar scenario seen not far away in Sumy. The disruption was related to people leaving and also by power outages affecting some networks.

Other cities in the south of Ukraine, like Berdyansk, had outages. This graph shows Enerhodar, the small city where Europe’s largest nuclear plant, Zaporizhzhya NPP, is located, with residual traffic compared to before.

In the cities located in the south of Ukraine, there were clear Internet disruptions. The Russians laid siege to Mariupol on February 24. Energy infrastructure strikes and shutdowns had an impact on local networks and Internet traffic, which fell to minimal levels by March 1. Estimates indicate that 95% of the buildings in the city were destroyed, and by mid-May, the city was fully under Russian control. While there was some increase in traffic by the end of April, it reached only ~22% of what it was before the war’s start.

When looking at Ukrainian Internet Service Providers (ISPs) or the autonomous systems (ASNs) they use, we observed more localized disruptions in certain regions during the first months of the war, but recovery was almost always swift. AS6849 (Ukrtel) experienced problems with very short-term outages in mid-March. AS13188 (Triolan), which services Kyiv, Chernihiv, and Kharkiv, was another provider experiencing problems (they reported a cyberattack on March 9), as could be observed in the next chart:

We did not observe a clear national outage in Ukraine’s main ISP, AS15895 (Kyivstar) until the October-November attacks on energy infrastructure, which also shows some early resilience of Ukrainian networks.

As Russian troops retreated from the northern front in Ukraine, they shifted their efforts to gain ground in the east (Battle of Donbas) and south (occupation of the Kherson region) after late April. This resulted in Internet disruptions and traffic shifts, which are discussed in more detail in a section below. However, Internet traffic in the Kherson region was intermittent and included outages after May, given the battle for Internet control. News reports in June revealed that ISP workers damaged their own equipment to thwart Russia’s efforts to control the Ukrainian Internet.

Before the September Ukrainian counteroffensive, another example of the war’s impact on a city’s Internet traffic occurred during the summer, when Russian troops seized Lysychansk in eastern Ukraine in early July after what became known as the Battle of Lysychansk. Internet traffic in Lysychansk clearly decreased after the war started. That slide continues during the intense fighting that took place after April, which led to most of the city’s population leaving. By May, traffic was almost residual (with a mid-May few days short term increase).

In early September the Ukrainian counteroffensive took off in the east, although the media initially reported a south offensive in Kherson Oblast that was a “deception” move. The Kherson offensive only came to fruition in late October and early November. Ukraine was able to retake in September over 500 settlements and 12,000 square kilometers of territory in the Kharkiv region. At that time, there were Internet outages in several of those settlements.

In response to the successful Ukrainian counteroffensive, Russian airstrikes caused power outages and Internet disruptions in the region. That was the case in Kharkiv on September 11, 12, and 13. The figure below shows a 12-hour near-complete outage on September 11, followed by two other periods of drop in traffic.

In the Zaporizhzhia region, there were also outages. On September 1, 2022, the day the International Atomic Energy Agency (IAEA) inspectors arrived at the Russian-controlled Zaporizhzhia nuclear power plant in Enerhodar, there were Internet outages in two local ASNs that service the area: AS199560 (Engrup) and AS197002 (OOO Tenor**)**. Those outages lasted until September 10, as shown in the charts below.

More broadly, the city of Enerhodar, where the nuclear power plant is located, experienced a four-day outage after September 6.

In mid-September, following Ukraine’s counteroffensive, there were questions as to when Crimea might be targeted by Ukrainian forces, with news reports indicating that there was an evacuation of the Russian population from Crimea around September 13. We saw a clear drop in traffic on that Tuesday, compared with the previous day, as seen in the map of Crimea below (red is decrease in traffic, green is increase).

As we have seen, the Russian air strikes targeting critical energy infrastructure began in September as a retaliation to Ukraine's counteroffensive. The following month, the Crimean Bridge explosion on Saturday, October 8 (when a truck-borne bomb destroyed part of the bridge) led to more air strikes that affected networks and Internet traffic across Ukraine.

On Monday, October 10, Ukraine woke up to air strikes on energy infrastructure and experienced severe electricity and Internet outages. At 07:35 UTC, traffic in the country was 35% below its usual level compared with the previous week and only fully recovered more than 24 hours later. The impact was particularly significant in regions like Kharkiv, where traffic was down by around 80%, and Lviv, where it dropped by about 60%. The graph below shows how new air strikes in Lviv Oblast the following day affected Internet traffic.

There were clear disruptions in Internet connectivity in several regions on October 17, but also on October 20, when the destruction of several power stations in Kyiv resulted in a 25% drop in Internet traffic from Kyiv City as compared to the two previous weeks. It lasted 12 hours, and was followed the next day by a shorter partial outage as seen in the graph below.

In late October, according to Ukrainian officials, 30% of Ukraine’s power stations were destroyed. Self-imposed power limitations because of this destruction resulted in drops in Internet traffic observed in places like Kyiv and the surrounding region.

The start of a multi-week Internet disruption in Kherson Oblast can be seen in the graph below, showing ~70% lower traffic than in previous weeks. The disruption began on Saturday, October 22, when Ukrainians were gaining ground in the Kherson region.

Traffic began to return after Ukrainian forces took Kherson city on November 11, 2022. The graph below shows a week-over-week comparison for Kherson Oblast for the weeks of November 7, November 28, and December 19 for better visualization in the chart while showing the evolution through a seven-week period.

Throughout the rest of the year and into 2023, Ukraine has continued to face intermittent Internet disruptions. On November 23, 2022, the country experienced widespread power outages after Russian strikes, causing a nearly 50% decrease in Internet traffic in Ukraine. This disruption lasted for almost a day and a half, further emphasizing the ongoing impact of the conflict on Ukraine's infrastructure.

Although there was a recovery after that late November outage, only a few days later traffic seemed closer to normal levels. Below is a chart of the week-over-week evolution of Internet traffic in Ukraine at both a national and local level during that time:

In Kyiv Oblast:

In the Odessa region:

And Kharkiv (where a December 16 outage is also clear — in the green line):

On December 16, there was another country-level Internet disruption caused by air strikes targeting energy infrastructure. Traffic at a national level dropped as much as 13% compared with the previous week, but Ukrainian networks were even more affected. AS13188 (Triolan) had a 70% drop in traffic, and AS15895 (Kyivstar) a 40% drop, both shown in the figures below.

In January 2023, air strikes caused additional Internet disruptions. One such recent event was in Odessa, where traffic dropped as low as 54% compared with the previous week during an 18-hour disruption.

The US government and the FBI issued warnings in March to all citizens, businesses, and organizations in the country, as well as allies and partners, to be aware of the need to “enhance cybersecurity.” The US Cybersecurity and Infrastructure Security Agency (CISA) launched the Shields Up initiative, noting that “Russia’s invasion of Ukraine could impact organizations both within and beyond the region.” The UK and Japan, among others, also issued warnings.

Below, we discuss Web Application Firewall (WAF) mitigations and DDoS attacks. A WAF helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. Distributed Denial of Service (DDoS) attacks are cyber attacks that aim to take down Internet properties and make them unavailable for users.

The charts below are based on normalized data, and show threats mitigated by our WAF.

Mitigated application-layer threats blocked by our WAF skyrocketed after the war started on February 24. Mitigated requests were 105% higher on Monday, February 28 than in the previous (pre-war) Monday, and peaked on March 8, reaching 1,300% higher than pre-war levels.

Between February 2022 and February 2023, an average of 10% of all traffic to Ukraine was mitigations of potential attacks.

The graph below shows the daily percentage of application layer traffic to Ukraine that Cloudflare mitigated as potential attacks. In early March, 30% of all traffic was mitigated. This fell in April, and remained low for several months, but it picked up in early September around the time of the Ukrainian counteroffensive in east and south Ukraine. The peak was reached on October 29 when DDoS attack traffic constituted 39% of total traffic to Cloudflare’s Ukrainian customer websites.

This trend is more evident when looking at all traffic to sites on the “.ua” top-level domain (from Cloudflare’s perspective). The chart below shows that DDoS attack traffic accounted for over 80% of all traffic by early March 2022. The first clear spikes occurred on February 16 and 19, with around 25% of traffic mitigated. There was no moment of rest after the war started, except towards the end of November and December, but the attacks resumed just before Christmas. An average of 13% of all traffic to “.ua”, between February 2022 and February 2023 was mitigations of potential attacks. The following graph provides a comprehensive view of DDoS application layer attacks on “.ua” sites:

Moving on to types of mitigations of product groups that were used (related to “.ua” sites), as seen in the next chart, around 57% were done by the ruleset which automatically detects and mitigates HTTP DDoS attacks (DDoS Mitigation), 31% were being mitigated by firewall rules put in place (WAF), and 10% were blocking requests based on our IP threat reputation database (IP Reputation).

It’s important to note that WAF rules in the graph above are also associated with custom firewall rules created by customers to provide a more tailored protection. “DDoS Mitigation” (application layer DDoS protection) and “Access Rules” (rate limiting) are specifically used for DDoS protection.

In contrast to the first graph shown in this section, which looked at mitigated attack traffic targeting Ukraine, we can also look at mitigated attack traffic originating in Ukraine. The graph below also shows that the share of mitigated traffic from Ukraine also increased considerably after the invasion started.

The industries sectors that had a higher share of WAF mitigations were government administration, financial services, and the media, representing almost half of all WAF mitigations targeting Ukraine during 2022.

Looking at DDoS attacks, there was a surge in attacks on media and publishing companies during 2022 in Ukraine. Entities targeting Ukrainian companies appeared to be focused on information-related websites. The top five most attacked industries in the Ukraine in the first two quarters of 2022 were all in broadcasting, Internet, online media, and publishing, accounting for almost 80% of all DDoS attacks targeting Ukraine.

In a more focused look at the type of websites Cloudflare has protected throughout the war, the next two graphs provide a view of mitigated application layer attacks by the type of “.ua” sites we helped to protect. In the first days of the war, mitigation spikes were observed at a news service, a TV channel, a government website, and a bank.

In July, spikes in mitigations we observed across other types of “.ua” websites, including food delivery, e-commerce, auto parts, news, and government.

More recently, in February 2023, the spikes in mitigations were somewhat similar to what we saw one year ago, including electronics, e-commerce, IT, and education websites.

Network-layer (layer 3 and 4) traffic is harder to attribute to a specific domain or target because IP addresses are shared across different customers. Looking at network-level DDoS traffic hitting our Kyiv data center, we saw peaks of DDoS traffic higher than before the war in early March, but they were much higher in June and August.

In our Q1 2022 DDoS report, we also noted that 12.6% of Ukraine’s traffic was DDoS activity, compared with 1% in the previous quarter, a 1,160% quarter-over-quarter increase.

Several of our quarterly DDoS reports from 2022 include attack trends related to the war in Ukraine, with quarter over quarter interactive comparisons.

On February 24, 2022, Russian forces invaded Ukraine's Kherson Oblast region. The city of Kherson was captured on March 2, as the first major city and only regional capital to be captured by Russian forces during the initial invasion. The Russian occupation of Kherson Oblast continued until Ukrainian forces resumed control on November 11, after launching a counteroffensive at the end of August.

On May 4, 2022, we published Tracking shifts in Internet connectivity in Kherson, Ukraine, a blog post that explored a re-routing event that impacted AS47598 (Khersontelecom), a telecommunications provider in Kherson Oblast. Below, we summarize this event, and explore similar activity across other providers in Kherson that has taken place since then.

On May 1, 2022, we observed a shift in routing for the IPv4 prefix announced by Ukrainian network AS47598 (Khersontelecom). During April, it reached the Internet through several other Ukrainian network providers, including AS12883 (Vega Telecom) and AS3326 (Datagroup). However, after the shift, its routing path now showed a Russian network, AS201776 (Miranda-Media), as the sole upstream provider. With traffic from KhersonTelecom passing through a Russian network, it was subject to the restrictions and limitations imposed on any traffic transiting Russian networks, including content filtering.

The flow of traffic from Khersontelecom before and after May 1, with rerouting through Russian network provider Miranda-Media, is illustrated in the chart below. This particular re-routing event was short-lived, as a routing update for AS47598 on May 4 saw it return to reaching the Internet through other Ukrainian providers.

As a basis for our analysis, we started with a list of 15 Autonomous System Numbers (ASNs) belonging to networks in Kherson Oblast. Using that list, we analyzed routing information collected by route-views2 over the past year, from February 1, 2022, to February 15, 2023. route-views2 is a BGP route collector run by the University of Oregon Route Views Project. Note that with respect to the discussions of ASNs in this and the following section, we are treating them equally, and have not specifically factored estimated user population into these analyses.

The figure below illustrates the result of this analysis, showing that re-routing of Kherson network providers (listed along the y-axis) through Russian upstream networks was fairly widespread, and for some networks, has continued into 2023. During the analysis time frame, there were three primary Russian networks that appeared as upstream providers: AS201776 (Miranda-Media), AS52091 (Level-MSK Ltd.), and AS8492 (OBIT Ltd.).

Within the graph, black bars indicate periods when the ASN effectively disappeared from the Internet; white segments indicate the ASN was dependent on other Ukraine networks as immediate upstreams; and red indicates the presence of Russian networks in the set of upstream providers. The intensity of the red shading corresponds to the percentage of announced prefixes for which a Russian network provider is present in the routing path as observed from networks outside Ukraine. Bright red shading, equivalent to “1” in the legend, indicates the presence of a Russian provider in all routing paths for announced prefixes.

In the blog post linked above, we referenced an outage that began on April 30. This is clearly visible in the figure as a black bar that runs for several days across all the listed ASNs. In this instance, AS47598 (KhersonTelecom) recovered a day later, but was sending traffic through AS201776 (Miranda-Media), a Russian provider, as discussed above.

Another Ukrainian network, AS49168 (Brok-X), recovered from the outage on May 2, and was also sending traffic through Miranda-Media. By May 4, most of the other Kherson networks recovered from the outage, and both AS47598 and AS49168 returned to using Ukrainian networks as immediate upstream providers. Routing remained “normal” until May 30. Then, a more widespread shift to routing traffic through Russian providers began, although it appears that this shift was preceded by a brief outage for a few networks. For the most part, this re-routing lasted through the summer and into October. Some networks saw a brief outage on October 17, but most stopped routing directly through Russia by October 22.

However, this shift away from Russia was followed by periods of extended outages. KhersonTelecom suffered such an outage, and has remained offline since October, except for the first week of November when all of its traffic routed through Russia. Many other networks rejoined the Internet in early December, relying mostly on other Ukrainian providers for Internet connectivity. However, since early December, AS204485 (PE Berislav Cable Television), AS56359 (CHP Melnikov Roman Sergeevich), and AS49465 (Teleradiocompany RubinTelecom Ltd.) have continued to use Miranda-Media as an upstream provider, in addition to experiencing several brief outages. In addition, over the last several months, AS25082 (Viner Telecom) has used both a Ukrainian network and Miranda-Media as upstream providers.

In the context of the Internet, “resilience” refers to the ability of a network to operate continuously in a manner that is highly resistant to disruption. This includes the ability of a network to: (1) operate in a degraded mode if damaged, (2) rapidly recover if failure does occur, and (3) scale to meet rapid or unpredictable demands. Throughout the Russia-Ukraine conflict, media coverage (VICE, Bloomberg, Washington Post) has highlighted the work done in Ukraine to repair damaged fiber-optic cables and mobile network infrastructure to keep the country online. This work has been critically important to maintaining the resilience of Ukrainian Internet infrastructure.

According to PeeringDB, as of February 2023, there are 25 Internet Exchange Points (IXPs) in Ukraine and 50 interconnection facilities. (An IXP may span multiple physical facilities.) Within this set of IXPs, Autonomous Systems (ASes) belonging to international providers are currently present in over half of them. The number of facilities, IXPs, and international ASes present in Ukraine points to a resilient interconnection fabric, with multiple locations for both domestic and international providers to exchange traffic.

To better understand these international interconnections, we first analyze the connectivity of ASes in Ukraine, and we classify the links to domestic networks (links where both ASes are registered in Ukraine) and international networks (links between ASes in Ukraine and ASes outside Ukraine). To determine which ASes are domestic in Ukraine, we can use information from the extended delegation reports from the Réseaux IP Européens Network Coordination Centre (RIPE NCC), the Regional Internet Registry that covers Ukraine. We also parsed collected BGP data to extract the AS-level links between Ukrainian ASes and ASes registered in a different country, and we consider these the international connectivity of the domestic ASes.

A March 2022 article in The Economist noted that “For one thing, Ukraine boasts an unusually large number of internet-service providers—by one reckoning the country has the world’s fourth-least-concentrated Internet market. This means the network has few choke points, so is hard to disable.” As of the writing of this blog post, there are 2,190 ASes registered in Ukraine (UA ASes), and 1,574 of those ASes appear in the BGP routing table as active. These counts support the article’s characterization, and below we discuss several additional observations that reinforce Ukraine’s Internet resilience.

The figure above is a cumulative distribution function showing the fraction of domestic Ukrainian ASes that have direct connections to international networks. In February 2023, approximately 50% had more than one (100) international link, while approximately 10% had more than 10, and approximately 2% had 100 or more. Although these numbers have dropped slightly over the last year, they underscore the lack of centralized choke points in the Ukrainian Internet.

For the networks with international connectivity, we can also look at the distribution of “next-hop” countries – countries with which those international networks are associated. (Note that some networks may have a global footprint, and for these, the associated country is the one recorded in their autonomous system registration.) Comparing the choropleth maps below illustrates how this set of countries, and their fraction of international paths, have changed between February 2022 and February 2023. The data underlying these maps shows that international connectivity from Ukraine is distributed across 18 countries — unsurprisingly, mostly in Europe.

In February 2022, these countries/locations accounted for 77% of Ukraine’s next-hop international paths. The top four all had 7.8% each. However, in February 2023, the top 10 next-hop countries/locations dropped slightly to 76% of international paths. While just a slight change from the previous year, the set of countries/locations and many of their respective fractions saw considerable change.

Russia’s share grew by 50% year to 11.6%, giving it the biggest share of next-hop ASes. Germany also grew to account for more than 11% of paths.

Cloudflare observed a rapid growth in Starlink’s ASN (AS14593) traffic to Ukraine during 2022 and into 2023. Between mid-March and mid-May, Starlink’s traffic in the country grew over 530%, and continued to grow from mid-May up until mid-November, increasing nearly 300% over that six-month period — from mid-March to mid-December the growth percentage was over 1600%. After that, traffic stabilized and even dropped a bit during January 2023.

Our data shows that between November and December 2022, Starlink represented between 0.22% and 0.3% of traffic from Ukraine, but that number is now lower than 0.2%.

One year in, the war in Ukraine has taken an unimaginable humanitarian toll. The Internet in Ukraine has also become a battleground, suffering attacks, re-routing, and disruptions. But it has proven to be exceptionally resilient, recovering time and time again from each setback.

We know that the need for a secure and reliable Internet there is more critical than ever. At Cloudflare, we’re committed to continue providing tools that protect Internet services from cyber attack, improve security for those operating in the region, and share information about Internet connectivity and routing inside Ukraine.

Today we mark the International Holocaust Remembrance Day. We commemorate the victims that were robbed of their possessions, stripped of their rights, deported, starved, dehumanized and murdered by the Nazis and their accomplices. During the Holocaust and in the events that led to it, the Nazis exterminated one third of the European Jewish population. Six million Jews, along with countless other members of minority and disability groups, were murdered because the Nazis believed they were inferior.

Seventy eight years later, after the liberation of the infamous Auschwitz death camp, antisemitism still burns with hatred. According to a study performed by the Campaign Against Antisemitism organization on data provided by the UK Home Office, Jews are 500% more likely to be targeted by hate crime than any other faith group per capita.

From Cloudflare’s vantage point we can point to distressing findings as well. In 2021, cyberattacks on Holocaust educational websites doubled year over year. In 2021, one out of every 100 HTTP requests sent to Holocaust educational websites behind Cloudflare was part of an attack. In 2022, the share of those cyber attacks grew again by 49% YoY. Cyberattacks represented 1.6% of all traffic to Holocaust educational websites (almost 1 out of every 50 HTTP requests), as can be seen in the chart below in 2022.

We’re representing cyberattacks as a percentage to normalize natural growth of traffic to websites, mitigation methods and other potential data biases. But even if we look at the raw numbers, between 2021 and 2022, the absolute cyberattack traffic (in HTTP requests) that targeted Holocaust education websites behind Cloudflare grew by 640% in contrast to the total growth of 397% in the number of all requests (attack and non-attack HTTP requests).

Share of cyberattack targeting Holocaust education websites

(Please note that the graph starts in 95% in order to provide better visibility into the share of attacks)

The threat that Holocaust educational websites face is one that many other non-profit organizations face. In fact, in our most recent DDoS Trends report, non-profit organizations were the sixth most targeted industry. Ten percent of all traffic to non-profit websites behind Cloudflare was DDoS attack traffic.

Top industries targeted by HTTP DDoS attacks in 2022 Q4

However, nonprofits such as Holocaust educational organizations might not always have the resources to fend off attacks. For this reason, we provide free protection to at-risk groups across the world. We do this through Project Galileo. It helps keep vulnerable websites online. It provides free cyber security services for groups working in the arts, human rights, civil society, journalism, or democracy. As detailed in our recent Impact Report, in 2022, through Project Galileo, we protected vulnerable websites from an average of 59M cyber threats every day.

If you’re representing a vulnerable public interest group and want to protect your website with Project Galileo, please follow the steps and apply here. While you wait to hear back, you can also get started with our Free plan.

Here at Cloudflare, some of us are descendants of Holocaust survivors. My grandparents escaped Nazi-occupied Poland after the German invasion. Sadly, my grandparents — as other elderly survivors, have already passed. I grew up hearing about their stories of bravery — and of deep torment. It’s not always easy to hear these stories, but we must — especially in times like these when war in Europe has been ongoing for almost a year now. We have the responsibility to ensure the world remembers and never forgets the atrocities of the Holocaust and what antisemitism, racism and hatred in general can lead to.

To this extent, a few months ago, here at the Cloudflare London office, we had the honor of hosting Janine Webber, recipient of the British Empire Medal (BEM) in an event hosted by Judeoflare, Cloudflare's Jewish employee resource group. The event was made possible due to our partnership with the Holocaust Education Trust. And so in a fully packed auditorium and an oversubscribed Zoom call, we listen to Janine’s story of survival and bravery first hand. We asked questions and we learned.

We’re privileged to be able to share her story here with all of you via Cloudflare TV.

The organizations served by Projects Galileo and Athenian face the same security challenges as some of the world’s largest companies, but lack the budget to protect themselves. Sophisticated phishing campaigns attempt to compromise user credentials. Bad actors find ways to disrupt connectivity to critical resources. However, the tools to defend against these threats have historically only been available to the largest enterprises.

We’re excited to help fix that. Starting today, we are making the Cloudflare One Zero Trust suite available to teams that qualify for Project Galileo or Athenian at no cost. Cloudflare One includes the same Zero Trust security and connectivity solutions used by over 10,000 customers today to connect their users and safeguard their data.

Athenian Project candidates work to safeguard elections in the United States. Project Galileo applicants launched their causes to support journalists, encourage artistic expression, or protect persecuted groups. They each set out to fix difficult and painful problems. None of the applications to our programs wrote their mission statement to deal with phishing attacks or internal data loss.

However, security problems plague these teams. Instead of being able to focus on their unique mission, these groups spend money, time, and energy attempting to defend from attacks. The headaches range from expensive distractions to outright breaches. Even the mundane work to connect employees to important tools continues to be a headache. Every chore or incident takes away from the ability of these organizations to advance their cause.

We built Cloudflare One to solve the common security problems that can derail any team. Our mission is to help build a better Internet and, in doing so, we create tools that allow the groups served by the Athenian Project and Project Galileo spend as much of their day solving their own unique challenges.

The products we are making available today provide security against a broad, and growing, range of attacks that target how a team works together on the Internet. Project Galileo and Athenian candidates can choose to start in any place depending on their existing security challenges. If you need a guide on where to get started, we’ve broken down three common first steps that we recommend.

Many phishing attacks start with a malicious link buried in a single email from a sender that seems trustworthy. A user in your organization clicks on that link, believing it to be from a teammate or manager, and lands on a website that looks almost identical to your identity provider or one of the web applications they use every day. They input their username and password, sending their credentials directly to the attacker.

Cloudflare One’s email security, our Area 1 product, is our first line of phishing defense. Area 1 scans the emails headed to your organization for the presence of potential phishing campaigns and other types of security attacks. Malicious messages never arrive without interrupting the emails that your team should receive. You can deploy Area 1 in minutes with a few changes to your DNS records to safeguard your Microsoft 365, Gmail, or nearly any other email deployment.

As part of today’s announcement, we are making Area 1 available to Project Galileo and Athenian organizations at no cost. The same level of protection trusted by large corporations from Werner Enterprises to Fortune 500 consumer packaged goods firms is now available to your team.

In some cases, an email evades detection or the phishing link reaches your users through other channels. Cloudflare One can still help. When your team members navigate the Internet, they rely on DNS queries made by their device in order to translate the hostname of a website to the IP address of the server. Their device sends those queries to a DNS resolver.

Cloudflare runs the world’s fastest DNS resolver, 1.1.1.1, and we offer a security version that also filters DNS queries made to destinations that are known to be malicious. If a user accidentally clicks on a link from a text message or in a website, their device first sends that DNS query to Cloudflare. If dangerous, we stop the query before the malicious destination can load. If benign, we’ll respond with the destination faster than other resolvers.

Cloudflare’s DNS filtering keeps the US Federal Government safe, but can be deployed by teams of any size. You can secure entire office networks with the change of one router setting or deploy our roaming agent to keep your users safe wherever they work. Together with email protection, your team can filter out phishing attacks in a defense-in-depth approach.

Many teams that qualify for Project Galileo had to find ways to work across geographies long before the pandemic sent employees home from other companies. These teams typically deployed a legacy virtual private network (VPN) to allow team members from across the world to reach the tools they needed to collect data, file stories, or submit research. At best, those VPN deployments slowed down user connectivity and introduced maintenance headaches. At worst, they gave anyone on the network overly broad access to nearly any resource.

With Cloudflare One, your team can operate in any location and still reach your internal tools while controlling exactly who can access which application or service. Organizations that need to operate a traditional private network can run one on Cloudflare by deploying our device client (WARP) on user endpoints and establishing outbound connections to our global network via Cloudflare Tunnel. Users enjoy the performance and availability of Cloudflare’s network while administrators can build granular permissions without the need for additional application development.

We also know that many Galileo and Athenian organizations work alongside hundreds or thousands of partners and volunteers. Those users need to also reach internal resources but are not willing or able to install software on their personal devices.

To solve that challenge, Cloudflare One can be deployed in a fully clientless mode that can use multiple identity providers including consumer options like Google, Facebook, and LinkedIn. Users authenticate with the single-sign on option they already use from any mobile or desktop device. Administrators control which users can reach specific applications while logging every attempt.

Beyond phishing attacks, bad actors target organizations with other types of threats like malware hidden in downloads. Researchers and journalists exploring a topic with untrusted sources can bring ransomware back into the entire organization. Team members connecting to the Internet from a hotel Wi-Fi network can have unencrypted DNS queries monitored and reported.

Cloudflare One provides every member of your team with an encrypted, secured on-ramp to the entire Internet. Powered by the same Cloudflare WARP agent that helps millions of users enjoy a more private Internet connection, Cloudflare’s Secure Web Gateway filters all Internet-bound for hidden threats.

When users inadvertently connect to a malicious destination, Cloudflare One will block the attempt and present them with a page explaining what just happened. In the other direction, Cloudflare’s network scans downloads for malware and blocks the download before the user can open it.

The same filtering can be extended to keep sensitive data from leaving your organization. You can build rules that flag file uploads that contain personal information or patterns that are unique to your team or focus area. With just a few clicks, you can create policies that prevent the accidental or malicious loss of data while also restricting uploads to approved destinations.

Today’s announcement makes the security technology deployed by the world’s largest enterprises available to organizations of any size. And, despite the broad impact of Athenian and Galileo organizations, that size tends to be smaller.

The teams supported by Project Galileo focus limited resources on advancing journalism, artistic expression, human rights, and other causes. The state and local governments who qualify for the Athenian Project spend their days protecting democracy in the United States. Both groups tend to lack the resources of a Fortune 500 to staff and operate a large IT department.

We built Cloudflare One as a service that a team could configure and deploy in a matter of hours and still benefit from comprehensive Zero Trust security. We’ve published a Zero Trust Roadmap that your team can use to determine how to get started with guidelines for the time required at each step.

We’re excited to extend Projects Galileo and Athenian to include Cloudflare One. Are you an existing qualified organization or interested in applying? Follow the link here and here to get started.

If you are not part of Project Galileo or Athenian, but still want to begin deploying Cloudflare One, we make the service available at no cost to teams of up to 50 users. Click here to sign up.

Project Galileo was started in 2014 to protect free expression from cyber attacks. Many of the organizations in the world that champion new ideas are underfunded and lack the resources to properly secure themselves. This means they are exposed to Internet attacks aimed at thwarting and suppressing legitimate free speech.

In the last eight years, we have worked with 50 partners across civil society to onboard more than 2,000 organizations in 111 countries to provide our powerful cyber security products to those who work in sensitive yet critical areas of human rights and democracy building.

As Cloudflare has grown as a company, we have adapted and evolved Project Galileo especially amid global events such as COVID-19, social justice movements after the death of George Floyd, the war in Ukraine, and emerging threats to these groups intended to silence them. Early in the pandemic, as organizations had to quickly implement work-from-home solutions, new risks stemmed from this shift.

In our conversations with partners and participants, we noticed a theme. The digital divide in terms of cyber security products on the market and the “one size fits all” model mean that only large enterprises with a dedicated security team and extensive budgets have the ability to keep their internal resources and data secure. For Project Galileo, we work with a range of organizations that vary in size, internal capacity, and technical expertise. Especially since many of these groups rely on their online presence to collect donations, organize volunteers, and promote their mission, one size fits all security products do not match the needs and expertise for these groups.

With this, we have extended our Zero Trust products to all domains under Project Galileo, as we want organizations to have access to Enterprise-level cyber security products no matter their size and budgets. Zero Trust security means that no one is trusted by default from inside or outside the network, and verification is required from everyone trying to gain access to resources on the network. This allows organizations of any size to solve the common security problems such as data loss, malware and phishing so these organizations can focus on their unique missions.

For Impact Week, we are excited to share how Project Galileo participants and partners use Cloudflare’s Zero Trust products to keep their operations running smoothly.

We started partnering with the CyberPeace Institute for Project Galileo in 2022. As part of our partnership, we have worked to provide our cyber security services to at-risk organizations around the world.

Established in 2019, the CyberPeace Institute is an independent and neutral nongovernmental organization, headquartered in Switzerland, whose mission is to ensure the rights of people to security, dignity and equity in cyberspace. The Institute works in close collaboration with relevant partners to reduce the harms from cyberattacks on people’s lives worldwide. By analyzing cyberattacks, the Institute exposes their societal impact, how international laws and norms are being violated, and advances responsible behavior to enforce cyberpeace.Since our partnership, we've been working to onboard their organization to Cloudflare Zero Trust, to secure critical applications and protect employees from online threats.

“The CyberPeace Institute works with humanitarian non-governmental organizations (NGOs) to protect their operations and build their cyber capabilities, data and resources in an increasingly complex digital environment. Both the Institute and Cloudflare share a core motivation to ensure the rights of people to security, dignity and equity in cyberspace. This alignment gives us confidence that Cloudflare is the right strategic partner as we evolve with our mission. We are grateful for the support of Project Galileo” stated Stéphane Duguin, Chief Executive Officer, CyberPeace Institute.

The Information Technology Disaster Resource Center is a nonprofit composed of thousands of service oriented technical professionals and private sector partners that assist in disaster response operations in the United States. These teams train and work in collaboration with NGOs and first responders to deliver emergency communications and technical solutions to aid communities in crisis. ITDRC provides connectivity, Wi-Fi hotspots, cell phone charging stations, and Internet-enabled computers for shelters, fire camps, and community recovery. A key part of their mission is to leverage technology to connect survivors and responders amid crises.

ITDRC started using Cloudflare in 2020 when they were accepted to Project Galileo. Since then, they have implemented many Zero Trust products to secure their volunteers and employees.

Chris Hillis, Co-founder at ITDRC says, "Cloudflare Zero Trust is essential to securing our employees, volunteers, and disaster survivors on site and in the field. Cloudflare delivers secure, reliable, and fast connectivity to the Internet and critical applications that our teams need to respond to disasters effectively. Setting up policies has been simple for our administrators, and our team benefits from a safer, faster experience, whether accessing internally hosted applications, or the broader Internet. With Cloudflare Access, we are able to ensure that team members receive a consistent user experience accessing internal applications based on their role, all while utilizing our existing identity provider and securing our infrastructure. Utilizing Cloudflare Gateway adds an additional layer of security to our networks and devices, helping to protect our users from external threats, and themselves."

Meedan is a global technology not-for-profit that builds software and programmatic initiatives to strengthen journalism, digital literacy, and accessibility of information online and off. They develop open-source tools for creating and sharing context on digital media through crowdsourcing, annotation, verification, archival, and translation. Their projects span issues including election monitoring, pandemic response, and human rights documentation.

Aaron Huslage, Director of Systems and Security at Meedan says, “Meedan and Cloudflare both share a vision of a more equitable, safer Internet. We were proud to be a founding member of Project Galileo in 2014 and support the work that program has done to protect Human Rights Defenders around the world. Closer to home Cloudflare helps our employees be more secure and productive when creating and distributing our open source software.”

The Organization of American States is the world’s oldest regional organization, dating back to the First International Conference of American States, held in Washington, D.C., from October 1889 to April 1890. Its 35 members focus on four main pillars — democracy, human rights, security, and development. It serves as a home for multilateral dialogue on topics such as the rights of indigenous peoples, territorial disputes, and regional goals for education.

"The partnership with Cloudflare will help the Organization of American States (OAS) democratize best-in-class security to modernize and strengthen our internal cybersecurity posture with a Zero Trust approach, delivered in the cloud, without sacrificing our workforce performance." Andrew Vanjani, OAS Chief Information Officer.

First, we want to thank all of our civil society partners that we work alongside to offer Cloudflare protection and work with us to extend even more products to organizations around the world. If you are an organization looking for protection under Project Galileo, please visit our website: cloudflare.com/galileo.

Each anniversary of Project Galileo serves as an impetus for big-picture thinking among the Cloudflare team about where to take the initiative next. For this eighth anniversary, we want to help participants get the most out of their free security and performance services and simplify the onboarding process.

Organizations protected under Galileo are a diverse bunch, with 111 countries represented across 1,900+ web domains. Some of these organizations are very small and sometimes operated solely by volunteers. It is understandable that many do not have IT specialists or other employees with technical knowledge about security and performance capabilities. We strive to give them the tools and training to succeed, and we felt it was imperative to take this effort to a new level.

To provide Galileo participants with one place to access resources, configuration tips, product explainers, and more, we built the Cloudflare Social Impact Projects Portal.

The crisis in Ukraine was a key source of inspiration for this endeavor. With overall applications for the project skyrocketing by 177% in March 2022, we were rushing to onboard new participants and get them protected from devastating attacks online. The invasion has sparked conversations among our team about how to effectively communicate the wide variety of products available under the project, get groups onboarded more quickly, and make the process easier for those who speak English as a second language.

With this portal, we hope to accomplish all of these goals across all Cloudflare Impact programs. In addition to Project Galileo, which protects groups that might otherwise be in danger of being silenced by attacks, we also have:

• Athenian Project for government election sites

• Cloudflare for Campaigns for securing federal candidates and national parties

• Project Pangea for connecting underserved communities to the Internet

With the help of numerous volunteers among the Cloudflare team, we are launching the portal with the following resources:

• New engineer-led video walkthroughs on setting up security and performance tools

• Quick summaries of technical terms, including DNS lookups, web application firewalls, caching, and Zero Trust

• Resources for support and troubleshooting

Throughout the portal, we have included links to our Learning Center, developer docs, and Help Center so participants can get user-friendly explanations of terminology and troubleshooting tips.

Since we started Project Galileo back in 2014, we have routinely added new products and tools to the program as Cloudflare innovates in new areas and as participants’ security, performance, and reliability needs change. We are now working toward adding more Zero Trust capabilities within Project Galileo.

For more information about Project Galileo, check out our other 8th anniversary blog posts:

• Let’s celebrate the 8th anniversary of Project Galileo!

• In Ukraine and beyond, what it takes to keep vulnerable groups online

As we celebrate the eighth anniversary of Project Galileo, we want to provide a view into the type of cyber attacks experienced by organizations protected under the project. In a year full of new challenges for so many, we hope that analysis of attacks against these vulnerable groups provides researchers, civil society, and targeted organizations with insight into how to better protect those working in these spaces.

For this blog, we want to focus on attacks we have seen against organizations in Ukraine, including significant growth in DDoS attack activity after the start of the conflict. Within the related Radar dashboard, we do a deep dive into attack trends against Project Galileo participants in a range of areas including human rights, journalism, and community led non-profits.

To read the whole report, visit the Project Galileo 8th anniversary Radar Dashboard.

• For this dashboard, we analyzed data from July 1, 2021 to May 5, 2022 from 1,900 organizations from around the world that are protected under the project.

• For DDoS attacks, we classify this as traffic that we have determined is part of a Layer 7 (application layer) DDoS attack. Such attacks are often malicious floods of requests designed to overwhelm a site with the intention of knocking it offline. We block the requests associated with the attack, ensuring that legitimate requests reach the site, and that it stays online.

• For traffic mitigated by the web application firewall, this is traffic that was determined to be malicious and was blocked by Cloudflare’s firewall. We provide free Business level services under Project Galileo, and our WAF is one of the valuable tools used to mitigate attempts to exploit vulnerabilities intended to gain unauthorized access to an organization's online application.

• For graphs that represent changes in traffic or domains under Project Galileo, we are using the average daily traffic (number of requests) of the first two weeks of July 2021 as the baseline.

• We continue to see cyberattack activity increase, with nearly 18 billion attacks between July 2021 and May 2022. This is an average of nearly 57.9 million cyberattacks per day over the last nine months, an increase of nearly 10% over last year.

• Mitigated DDoS traffic targeting organizations in Ukraine reached as much as 90% of total traffic during one significant attack in April.

• After the war in Ukraine started, applications to the project increased by 177% in March 2022.

• Journalism and media organizations in Europe and the Americas saw traffic grow ~150% over the last year.

• We see a range of unsophisticated cyberattacks against organizations that work in human rights and journalism. Up to 40% of WAF mitigated requests were classified as HTTP Anomalies, the largest of any WAF rule type, a type of attack that can be damaging to unprotected organizations but is automatically blocked by Cloudflare.

• From July 2021 to May 2022, organizations based in Europe consistently accounted for half to two-thirds of request traffic out of all the regions covered under the project.

As the war started in Ukraine, we saw an increase in applications for participation in Project Galileo from organizations looking for our assistance. Many came in while under DDoS attack, but we also saw sites subject to large influxes of traffic from people on the ground in Ukraine attempting to access information due to the ongoing Russian invasion. While traffic from organizations in Ukraine was largely flat before the start of the war, since that time, traffic increases primarily have been driven by organizations that work in journalism and media.

Ahead of the war, organizations that work in community building/social welfare, such as those who provide direct assistance to refugees, or provide donation platforms to support those in Ukraine were responsible for what little traffic that was mitigated by the web application firewall (WAF). However, after the war began, journalism organizations saw the most WAF-mitigated traffic, with frequent spikes, including one on March 13 representing 69% of traffic. During this period of increased WAF-mitigated requests that started in late February, the majority of the attacks were classified as SQLi. WAF mitigated traffic for human rights organizations increased in mid-March, growing to between 5-10% of traffic.

Mitigated DDoS traffic for organizations in Ukraine was concentrated in the mid-March to May timeframe, with rapid growth in the percentage of traffic it represents. The first spikes were in the 20% range, but rapidly grew before receding, including an attack on April 19 that accounted for over 90% of traffic that day.

Since the start of the war, growth in traffic from protected organizations has varied across the categories. Traffic among Health organizations increased by 20-30x over baseline between late March and later April. Setting aside attack spikes, traffic from Journalism organizations was generally up 3-4x over baseline. Growth in the other categories was generally below 3x.

For traffic mitigated by the web application firewall (WAF), the most frequently applied rule was HTTP Anomaly, associated with 92% of requests. Requests for Web content (HTTP requests) have an expected structure, set of headers, and related values. Some attackers will send malformed requests, including anomalies like missing headers, unsupported request methods, using non-standard ports, or invalid character encoding. These requests are classified as "HTTP anomalies". These anomalous requests are frequently associated with unsophisticated attacks, and are automatically blocked by Cloudflare's WAF.

With the ongoing war, we continue to onboard and provide protection to organizations in Ukraine and neighboring countries to ensure they have access to information. Any Ukrainian organizations that are facing attack can apply for free protection under Project Galileo by visiting www.cloudflare.com/galileo, and we will expedite their review and approval.

Across the Americas, Asia Pacific, Europe, and Africa/Middle East regions, the largest fraction (28%) of mitigated requests were classified as “HTTP Anomaly”, with 20% of mitigated requests tagged as SQL injection attempts and nearly 13% as attempts to exploit specific CVEs. CVEs are publicly disclosed cybersecurity vulnerabilities. Cloudflare monitors new vulnerabilities and quickly determines which require additional rulesets to protect our users.

In our previous report, we identified similar attack trends with SQLi injection and HTTP anomalies, classified as User agent anomalies, making up a large part of mitigated requests.

We protect a range of organizations under Project Galileo. For this dashboard, we categorized them in 6 groups: community building/social welfare, education, environmental/disaster relief, human rights and journalism. To help understand threats against these groups, we broke down the types of attacks we saw that were mitigated by the web application firewall. A majority of the mitigated traffic is from HTTP anomalies and SQLi (SQL injection).

SQLi is an attack technique designed to modify or retrieve data from SQL databases. By inserting specialized SQL statements into a form field, attackers attempt to execute commands that allow for the retrieval of data from the database, modification of data within the database, the destruction of sensitive data, or other manipulative behaviors.

Learn more on the 8th Anniversary Radar DashboardSee the full report on attack trends we observed against a wide range of organizations protected under Project Galileo.

We started Project Galileo in 2014 with the simple idea that organizations that work in vulnerable yet essential areas of human rights and democracy building should not be taken down because of cyber attacks. In the past eight years, this idea has grown to more than just keeping them secure from a DDoS attack, but also how to foster collaboration with civil society to offer more tools and support to these groups. In March 2022, after the war in Ukraine started, we saw an increase in applications to Project Galileo by 177%.

Read ahead for details on all of our eighth anniversary announcements:

• Two new civil society partners helping choose participants

• New insights on attack patterns using data from Cloudflare Radar

• A portal designed to ease onboarding for Galileo participants

• Details on our sessions at RightsCon this week

• New case studies highlighting Galileo participants and the important work they are doing

This year, we are excited to welcome two new partners, International Media Support and CyberPeace Institute. As we introduce new partners, we are able to expand the project to protect a range of groups on the Internet. With this, we currently protect 1,900+ organizations in 111 countries.

With almost three years working on Project Galileo at Cloudflare, I get a front row seat to how we use security tools to protect the most vulnerable on the Internet. From journalism groups in Brazil reporting on environmental issues to social justice organizations in the United States to activists in authoritarian countries, we see a range of voices that come to Cloudflare for protection.

The anniversary of the project is one of my favorite times of the year, as it gives us the opportunity to show the world a glimpse of what we see on a daily basis. With the anniversary, it also gives us time to reflect on lessons learned and how we can improve the project.

One of the most important lessons we have learned about Project Galileo is that in a time of crisis, whether it be the spread of COVID-19 and shift to remote work or geopolitical conflicts, we are able to quickly mobilize to offer our assistance. One way we do this is to leverage our partnerships with civil society to offer our security tools and technical expertise to those who need help to keep their online platforms secure and reliable.

This became clear at the end of February 2022 and the start of the Russian invasion of Ukraine.

After the war in Ukraine started, applications to the project increased by 177% in March 2022. Since then, we onboarded 43 organizations in Ukraine to Project Galileo. In the region, we protect 116 organizations with 62 organizations onboarded to the project during the crisis, this includes organizations in Ukraine. Many of these organizations are working in journalism and reporting on the ground in Kyiv, human rights activists that are assisting refugees fleeing the country, and groups who have built applications to alert users of incoming air raids.

We have seen how partnerships between civil society, governments, and private sector companies have given us the ability to provide a swift response in providing support to Ukraine.

We see this in the form of donations of security services to ensure that people on the ground have access to information. There has been a focus on the conflict in Ukraine primarily on how to protect organizations that work in human rights. But, many civil society groups that have been working to provide assistance may have been overlooked in the digital security context. Many times, civil society does not get as many resources to protect themselves, and we strive to provide our services to human rights defenders, but also those who support them.

We have learned in the past few months that collaboration in a time of crisis is essential to responsibly provide our protections under the project. Any Ukrainian organizations that are facing attack can apply for free protection under Project Galileo by visiting www.cloudflare.com/galileo, and we will expedite their review and approval.

For the Project Galileo 8th anniversary, we wanted to identify the types of attacks these groups face to better equip researchers, civil society, and organizations that are targeted with best practices for safeguarding their websites and internal data.

We created a Radar dashboard to focus on attacks against organizations in areas such as human rights, journalism, and community building groups. We onboarded a range of organizations in Ukraine and neighboring countries during the ongoing Russian invasion.

Learn more about the attacks we see against vulnerable groups protected under Project Galileo with an additional blog post and Radar dashboard tomorrow.

Project Galileo has grown to support more than 1,900 organizations. These organizations typically fall into two categories. The first are organizations that are familiar with the security landscape and the Cloudflare tools they need to keep their organization secure. The second, which is a majority of organizations we protect under the project, are not familiar with the threat landscape and do not have a dedicated IT staff.

We know too well that organizations that work to support democracy, accountability, and human rights face an increased rate of cyber attacks because of the sensitive nature of their work. Many times, organizations come to Cloudflare because they come under a cyber attack and need our help with mitigation and getting back online. Unfortunately, we see applications like this come in every day for Project Galileo.

With this, we wanted to create a new resource to help these organizations on their Cloudflare journey. We are proud to release a new centralized area that organizations protected under our many projects can turn to when they have questions about configurations, product requests, and training on how to keep their organization secure. With tailored videos on security products with a focus on Cloudflare Zero Trust products, we are excited to offer more resources to organizations with very little or no dedicated IT staff, to ensure they stay online and secure from cyber attacks.

Learn more about our Cloudflare Social Impact Project portal and how we built this specifically for organizations protected under our Cloudflare Impact projects this week.

Every year, Cloudflare sponsors Access Now’s RightsCon. RightsCon brings together a broad range of civil society groups and business and public sector stakeholders to talk and learn about digital rights issues. With topics including Internet shutdowns, digital security, privacy, and surveillance, it has it all for a great week of engaging with a range of players in the digital rights space.

This year, we are participating in a variety of events, but particularly excited about a community lab we are hosting with partner organizations like National Democratic Institute, Internews, CyberPeace Institute, and Okta. The session is focused on tools available for at-risk organizations and to learn more on how the private sector and civil society can improve security resources. We’ve learned in the last few years of Project Galileo that we are one part of the broader ecosystem. When it comes to providing tools to organizations, it is important to work together with the many players to find the best way to support organizations online and offline. We hope this session will generate further ideas on how we can work closely with others  and learn more on how organizations view security resources.

If you plan to attend RightsCon, please check out our session on Wednesday, June 8, at 12:30 pm ET. More information can be found on the RightsCon website.

As we celebrate the anniversary, we want to highlight many of the organizations protected under the project and how they keep their organization secure from cyber attacks. We value organizations that want to tell their story of the amazing work they do in human rights and community building and how they stay online with Cloudflare. Our goal with telling their stories is to encourage others who may work in similar spaces to take advantage of security tools available to them. Case studies also help other organizations that may be new to the project.

Check out some of their stories on how they use Project Galileo to stay secure from cyber attacks.

As we kick off the 8th anniversary of Project Galileo, we want to thank all of our civil society partners that we work alongside to offer Cloudflare protection. If you are an organization looking for protection under Project Galileo, please visit our website: cloudflare.com/galileo.

“A free press can, of course, be good or bad, but, most certainly without freedom, the press will never be anything but bad.”― Albert Camus

Since its founding in 1993, World Press Freedom Day has been a time to acknowledge the importance of press freedom and call attention to concerted attempts to thwart journalists’ essential work. That mission is also embedded in the foundations of our Project Galileo, which has a goal of protecting free expression online — after the war in Ukraine started, applications to the project increased by 177% in March 2022 alone.

In Uruguay today, UNESCO’s World Press Freedom Day Global Conference is underway, with a 2022 theme of “Journalism under Digital Siege.”

It is a fitting and timely theme.

While the Internet has limitless potential to make every person a publisher, bad actors — both individuals and governments — routinely deploy attacks to silence free expression. For example, Cloudflare data illustrate a trend of increased cyber attacks since the invasion of Ukraine, and journalists are frequent targets. Covering topics such as war, government corruption, and crime makes journalists vulnerable to aggression online and offline. Beyond the issue of cyber attacks, Russian authorities’ decision to block websites they find objectionable has hindered citizens’ ability to access news.

The UNESCO report Threats that Silence: Trends in the Safety of Journalists spotlights the methods that criminals use to interfere with press freedom, including hacking (such as to steal confidential data) and digital attacks (one example is DDoS attacks to overwhelm a site with traffic).

Web traffic closely follows world events, and sudden increases in interest in a topic can leave sites struggling to adjust. For example, during and after the Oscars, movie news sites like Variety and The Hollywood Reporter see drastic changes in traffic. This year, the day after the Oscars, DNS requests rose to 1,200% more than usual.

We spot the same trend during elections. As polling stations closed for the recent French presidential race, traffic to news sites rose 142% while citizens tracked results.

In wartime, ensuring the availability of a wide variety of news sources is vital so that citizens can access information relevant to their safety. In an April blog post, we highlighted Russian authorities’ decisions to block news websites. Meanwhile, traffic to several Western media outlets rose as Russian citizens sought out international sources.

Take a look at the DNS traffic from Russia to one well-known US newspaper:

DNS traffic from Russia for a large French news source also grew enormously:

As previously discussed on our blog, Project Galileo was born from a mistake we made during the Russian invasion of Crimea in 2014. Because of an attack, we stopped proxying traffic of an independent newspaper in Ukraine that had been covering the ongoing Russian invasion, and the site went offline. That day prompted reflection on how we could truly live up to our mission to help build a better Internet.

Particularly during wartime, news publishers need proper resources to prevent bad actors from knocking websites offline and to manage traffic spikes. As part of Project Galileo, we provide free security and performance services to journalists, humanitarian groups, and civil rights organizations around the world. Independent media and journalism organizations make up a majority of the domains protected under the project.

The number of cyber attacks on journalists is staggering. When we examined traffic data last year, we found that journalism and media sites protected under Project Galileo are subject to over 30 million cyber attacks per day.

To identify candidates for participation in Project Galileo, we partner with dozens of free speech, public interest, and civil society organizations, including Fourth Estate, Free Press, Reporters Sans Frontières, and Institute for War & Peace Reporting.

According to W. Jeffrey Brown, founder of Fourth Estate, “The right to freedom of expression and information is an essential element of free and democratic societies. Historically, times of war and conflict are rife with weaponized misinformation, disinformation, and propaganda. The work of the free press is essential in providing people with accurate, timely, and trustworthy information: news that saves lives and property and shines a light on war crimes and human rights abuses.”

Since many of these organizations are particularly vulnerable and subject to backlash, we do not publicly discuss participants unless we receive explicit permission. We also have never removed an organization from protection in the face of political pressure.

Below are some journalism-related organizations that have agreed to publicly talk about their participation. Check out these case studies to see what makes journalism in the digital era so challenging:

• Sin Embargo

• The Reporter

• New Brunswick Today

• Sarawak Report

• Raissa Robles

• Lake County News

• Diário de Araxá

• Cagle Cartoons

Applications to Project Galileo have skyrocketed since the invasion began, with many coming from organizations within Ukraine and neighboring countries. We are rapidly onboarding sites dedicated to journalism, human rights, and nonprofits that are organizing refugee efforts.

Know a site that could use our help? Public interest groups can quickly apply online, and we engage our partners to identify the at-risk websites that can benefit from the project.

Our Project Galileo partners are excellent resources for understanding the challenges journalists face, both in Ukraine and the rest of the world. Here are a few examples:

• Committee to Protect Journalists: Examine data on the deadly risks for journalists; CPJ finds that at least 27 journalists were killed in 2021 because of their work.

• Access Now: Get security tips and view regular updates on how the invasion of Ukraine is affecting freedom of expression online.

• Reporters Sans Frontières: View the interactive 2021 World Press Freedom Index. It incorporates criteria including media independence, transparency, and legislative frameworks.

• Institute for War & Peace Reporting: Learn about the dangers of covering the war in Ukraine.

• Center for International Media Assistance: See how news outlets are leveraging encrypted messaging apps to reach audiences in developing countries and emerging democracies.

• Council of Europe: Read the new annual report by the Council of Europe Platform for the Protection of Journalism and the Safety of Journalists; it notes that 2021 was the deadliest year for journalists in Europe since 2015.

The eighth anniversary of Project Galileo is just weeks away. Stay tuned for case studies highlighting new and long-time participants as well as updated data from Cloudflare Radar. And for a look back at 2021 highlights from Project Galileo, download our Impact Report.

We've worked hard over the years to level the playing field. This has meant making more and more of the essential tools for protecting an online presence available to as many people as possible. Cloudflare offers unmetered DDoS protection — for free. We were the first to introduce SSL at scale — for free. And it’s not just protection for your external-facing infrastructure: we have a free Zero Trust plan that enables teams to protect their internal-facing infrastructure, too.

These types of tools have always been important for the billions of people on the Internet. But perhaps never as important as they've become this week.

Concurrent with the Russian invasion of Ukraine, we've seen increasing cyberattacks on the Internet, too. Governments around the world are encouraging organizations to go “shields up” — with warnings coming from the United States’ Cybersecurity & Infrastructure Security Agency, the United Kingdom’s National Cyber Security Center, and Japan’s Ministry of Economy, Trade, and Industry, amongst others.

Not surprisingly, we’ve been fielding many questions from our customers about what they should be doing to increase their cyber resilience. But helping to build a better Internet is broader than just helping our customers. We want everyone to be safe and secure online.

So: what should you do?

Whether you’re a seasoned IT professional or a novice website operator, these free Cloudflare resources are available for you today. Beyond these free resources, there are a few simple steps that you can take to help stay protected online.

These Cloudflare services are available to everyone on the Internet. If you’re a qualified vulnerable public interest group, or an election entity, we have additional free services available to you.

Let’s start with the services that are freely available to everyone.

For your public-facing infrastructure, such as a website, app, or API:

Protect your public-facing infrastructure using the Cloudflare Network

This provides the basics you need to protect public-facing infrastructure: unmetered DDoS mitigation, free SSL, protection from vulnerabilities including Log4J. Furthermore, it includes built-in global CDN and DNS.

For your internal-facing infrastructure, such as cloud apps, self-hosted apps, and devices:

Protect your team with Cloudflare Zero Trust

These essential security controls keep employees and apps protected online by ensuring secure access to the Internet, self-hosted applications and SaaS applications. Free for up to 50 users.

For your personal devices, such as phones, computers, and routers:

Protect your devices with 1.1.1.2

Otherwise known as Cloudflare for Families. This is the same as Cloudflare’s privacy-protecting, superfast 1.1.1.1 DNS resolver. However, 1.1.1.2 has one big added benefit over 1.1.1.1: if you click on a link that’s about to take you to malware, we step in on your behalf, preventing you from ending up on the malicious site. It’s super simple to set up:  you can follow the instructions here, then click the “Protect your home against malware” button; or simply update your DNS settings to use the following:

1.1.1.21.0.0.22606:4700:4700::11122606:4700:4700::1002

And while we’ve called it Cloudflare for Families, we should note: it works equally well for businesses, too.

All the services listed above are available now. They can scale to the most demanding applications and withstand the most determined attacks. And they are made freely available to everyone on the Internet.

Cloudflare provides an additional level of free services to special types of organizations.

Founded in 2014, Project Galileo is Cloudflare’s response to cyberattacks launched against important yet vulnerable targets like artistic groups, humanitarian organizations, and the voices of political dissent. Perhaps now more than ever, protecting these organizations is crucial to delivering the promise of the Internet. Importantly, it’s not us deciding who qualifies: we work with a range of partner organizations such as the Freedom of the Press Foundation, the Electronic Frontier Foundation, and the Center for Democracy and Technology to help identify qualified organizations.

Over the past week we’ve seen an influx of applications to Project Galileo from civil society and community organizations in Ukraine and the region who are increasingly organizing to provide support and essential information to the people of Ukraine. To the vulnerable organizations that qualify, we offer a range of further Cloudflare services that we usually reserve for our largest enterprise customers. You can visit here to find out more about Project Galileo, or if you think your organization might qualify, we encourage you to apply here.

As with public interest groups, there are many malicious actors today who try to interfere with free and democratic elections. One very simple way that they can do this is through cyberattacks. Just like every other Internet property, election websites need to be fast, they need to be reliable, and they need to be secure. Yet, scarce budgets often prevent governments from getting the resources needed to prevent attacks and keep these sites online.

Just like with Project Galileo, for election entities that qualify, we offer a range of further Cloudflare services to help keep them safe, fast, and online. We have more information about the Athenian Project here, and if you’re working at an election entity, you can apply at the bottom of that same page.

We’re all dependent on the Internet more than ever. But as that dependency grows, so too does our vulnerability to attack. Cloudflare provides these no cost services in the spirit of helping to build a better Internet. Please take advantage of them, and spread the word to other people and organizations who could benefit from them too.

Beyond Cloudflare’s free services, there are a range of basic steps that you can take to help protect your online presence. We’re imagining that almost everyone will have heard of these steps before. For those of you who have heard it but have been putting it off, now is the time. Taking these simple steps today can save you a world of cyber heartache tomorrow.

Don’t re-use passwords across accounts. It’s unfortunate, but websites and applications are compromised every day. Sometimes, a compromise will result in a hacker gaining access to all the usernames and passwords on that website or app. One of the first things a hacker will then do is try all those username and password combinations on other popular websites. If you had an account on a compromised website, and your password there is the same as the one you use for (say) your online banking account, well… they’re now in your bank account. Compounding this, compromised credentials are frequently bought and sold in illegal online marketplaces. You can check if your credentials have been compromised on this site. It’s extremely important to ensure that you don’t use the same credentials on multiple sites or apps.

Use multi-factor authentication on your accounts. This adds a second layer of identification beyond just your password. It often takes the form of a confirmation code in a text message or email, or better yet, a randomly generated code from an authentication app, or, best of all, a hardware key that you insert into your computer or wave at your phone. This helps ensure that the person logging into your account is actually you. Internally at Cloudflare, we use hardware keys exclusively because of their high security.

Use a password manager. If you want to compress the two above steps down into one, find and begin using a password manager. A password manager helps you manage passwords across multiple accounts; it automatically creates a random and unique password for each login you have. It can also manage randomly generated multi-factor authentication for you. If you’re in the Apple ecosystem, Apple has one built into iOS and macOS that will sync across your devices. 1Password and LastPass are also very popular examples. We require the use of a password manager at Cloudflare, and recommend their use to everyone.

Keep your software up to date. This applies for all your software — both operating systems and applications, on computers and on your phone. Flaws and potential security holes are being discovered all the time. While vendors are increasingly quick to react, and software can be patched over the Internet in a matter of minutes — this only works if you click the “Install Update Now” button. Or better yet, you can set updates to be automatic, and this can help to guarantee that your systems stay current.

Be extra cautious before clicking on links in emails. According to the CISA, more than 90% of successful cyber-attacks start with a phishing email.  This is when a link or webpage looks legitimate, but it’s actually designed to have you reveal your passwords or other sensitive information. You can double-check the URL of any links you click on. Or better yet, type the URL in yourself, or search for the site you’re looking for from your search engine. Finally, 1.1.1.2 (see above in this post) can help protect you in the event that you do click on one of these phishing links.

Be extra cautious giving credentials to people who have called you. Phishing doesn’t just happen via email. It can happen over the phone, too. It might be a call from someone claiming to work at your bank, telling you there’s strange activity on your account. Or someone claiming to be an IT administrator at your company, asking why you’ve been looking at strange websites. After putting you on the back foot, they’ll ask for something so they “can help you” — possibly a password or a text confirmation code. Don’t give it to them. If you’re at all unsure of anyone who just called you, there’s a simple solution: ask them for their name, their department, and their organization, and then hang up. You can then call them back through a phone number that their organization advertises on their homepage.

Have an offline, or at least a cloud-based, backup of critical or irreplaceable data. Even if you follow every last piece of advice above, there is still the risk that something bad happens. A backup of your critical data — ideally offline, but even one up in the cloud — is your last line of defense. Beyond security resilience, backups also improve your general resilience. Lost devices, natural disasters, and accidents happen. Backups mitigate the impact.

These are simple and immediate actions you can take to help keep your online presence secure.

From everyone at Cloudflare: we hope that you and your loved ones are safe during these unpredictable times.