Democratic National Committee Creates A 'Cybersecurity Board' Without A Single Cybersecurity Expert

from the this-is-not-good dept

The Democratic National Committee, still reeling from the hack on its computer system that resulted in a bunch of leaked emails and the resignation of basically all of its top people, has now created a “cybersecurity advisory board” to improve its cybersecurity and to “prevent future attacks.”

?To prevent future attacks and ensure that the DNC?s cybersecurity capabilities are best-in-class, I am creating a Cybersecurity Advisory Board composed of distinguished experts in the field,? interim DNC Chairwoman Donna Brazile wrote in a memo. ?The Advisory Board will work closely with me and the entire DNC to ensure that the party is prepared for the grave threats it faces?today and in the future.?

Sure. That sounds like a good idea. But, then there’s this:

Members include Rand Beers, former Department of Homeland Security acting secretary; Nicole Wong, former deputy chief technology officer of the U.S. and a former technology lawyer for Google and Twitter; Aneesh Copra, co-founder of Hunch Analytics and former chief technology officer of the U.S.; and Michael Sussmann, a partner in privacy and data security at the law firm Perkins Coie and a former Justice Department cybercrime prosecutor.

I’ve met and/or dealt with Chopra (misspelled Copra in the article) and Wong — and both are very smart and good policy people. The other two seem to have good policy chops as well. But none of them are actual cybersecurity experts. I have no problem with these people being on this advisory board, but it’s insane to put together a cybersecurity advisory board that doesn’t include at least a single (and probably more) actual technologist with experience in cybersecurity. And that’s doubly true when the goal of the board is to help the DNC with its own cybersecurity.

If the goal of the board was to advise on cybersecurity policy, then the makeup of it is at least slightly more understandable, but that’s not the goal. It’s to actually improve the cybersecurity of the DNC. Even if the goal were just policy, having someone with actual technology experience with cybersecurity would be sensible. Again, I don’t think there’s anything wrong with these four people on the board if they also included some actual technologists who understood this stuff at a core level. Instead, they’re just asking for more problems.

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Democratic National Committee Creates A 'Cybersecurity Board' Without A Single Cybersecurity Expert”

Subscribe: RSS Leave a comment
46 Comments
Dave Howe (profile) says:

Re: politicians

Probably the actual problem there – they don’t know anyone else, and if you add in the usual management “you don’t need to understand something to manage it” attitude you end up with an advisory board full of chiefs, who will probably direct that an external company (that they have a financial interest in, naturally) be directed to generate a report, which they will then pass on….

JustShutUpAndObey says:

These are EXPERTS!!

You clearly don’t understand.
Why are you disrespecting these fine policy experts?
POLICY is what’s important. Mere technical expertise is never as important (or as valuable) as that. I’m sure these geniuses will take a few minutes to research the technical issues. That should be more than sufficient, right?
All problems are solvable with just the right policy, right?
/s

DannyB (profile) says:

They may not really want actual security

If they got actual cybersecurity, then they would only be ripping it out again once Comey and others get their way of removing all encryption and cybersecurity from the US part of the internet.

Adding real cybersecurity to the DNC now might undermine both parties’ objective of taking away everyone else’s cybersecurity.

Maybe the price, maybe mostly already paid in loss of top people, is not so high as to warrant getting actual cybersecurity. Just look like you’re outraged and trying to do something about it. Appoint a board full of know nothing politicians.

Anonymous Coward says:

Given the parties wanton disrespect for digital privacy rights,

I don’t see a lot of people coming out of the woodwork to offer them help. And even if they did, they’d probably be moles.

HRC is to digital privacy as John Kerry was to “binders full of women”, or racists are to: “I’m not racist, I have black friends!”. Bigots blinded by narcissism.

I think this election cycle your going to see some honeypot logs disclosed which are going to say quite a few disturbing things about the state of politically motivated hacking in this country. My guess is the DNC will be one of the bigger beneficiaries.

Personally I think the Trump “2nd Amendment” gaff and the HRC “coward” comment were coordinated between the parties.

It was basically the same move as the broken fresh condenser message at the battle of midway. The purpose of it was to increase chatter for a planned broad spectrum attack against nonconformist forums. Techdirt probably being among them.

Congrats Techdirt! You’ve now joined the ranks of other terrorist organizations like the ACLU and Greenpeace.

Johnson/Weld:
Because Trump would push the button for fun, and HRC would push it to be prom queen.

bshock says:

Re: Given the parties wanton disrespect for digital privacy rights,

HRC is to digital privacy as John Kerry was to “binders full of women”, or racists are to: “I’m not racist, I have black friends!”. Bigots blinded by narcissism.

— Please forgive the nitpicking, but I think you mean “Willard ‘Mitt’ Romney” and his “binders full of women.” Secretary Kerry has his problems (which has nothing to do with Swift Boats, despite what the political hitmen told us), but his flaws don’t amount to a flea on that back of that spoiled, oblivious, self-entitled, religious fanatic.

Anonymous Coward says:

Re: Re:

“Who is going to implement the policy these people come up with.”

No, no, no, you’re doing it wrong.

Remember, all committees, oversight and advisory boards, managers and bureaucrats must first plan how to have a plan. Always.

The aim here is to create a plan to have a plan. That plan will probably call for a committee to be set up to consider how to implement the plan to have a plan. They’ll need a plan to do that.

anonymous Dutch coward says:

national security

i find it odd, that the nsa and other agencies aren’t obliged by law to protect the 2 parties involved. non-partisan support of professionals instead of the work of well meaning amateurs, because there is to much at stake. its getting harder each day to take the usa seriously, with news like this every other day. nothing more than a shiny empty shell.

joelberman (profile) says:

Re: national security

Political parties are no different than any other organization and not entitled to any special treatment. They are not legitimized by the Constitution and many of the founding fathers warned of the dangers of political parties.

If they are as dishonest as the leaked emails show, they should be locked up, not protected.

Gilbert says:

Time will tell

First, those people will probably find and ask for help for experts. They will design policies, which is their job, by using their input and trying a best)fit with political objectives.

Now, the risk is they do their stuff without asking the best experts in the field.

We will see. If they do not bring around them experts, the next time they will get owned again, and it will hurt even more.

Hackers will exploit the weakest link. As the venerable security expert Bruce Schneier explained : security is a link. It is not stronger than the weakest of its links.

Monday (profile) says:

They are all Legends in their own Minds

” ‘Cybersecurity Board’ Without A Single Cybersecurity Expert ‘

Okay, where do we start? I want some ideas people”

“We could update Abode’s Flash Flyer. They got that McCafee thingy that downloads with the update and it’s FREE! Oh, you also get a new search engine… FREE!”

Right then. Let’s do it. OK people. Great day! See all next week.

I.T. Guy says:

Failure from the onset

Job description:
“To prevent future attacks and ensure that the DNC’s cybersecurity capabilities are best-in-class, I am creating a Cybersecurity Advisory Board composed of distinguished experts in the field,” interim DNC Chairwoman Donna Brazile wrote in a memo. “The Advisory Board will work closely with me and the entire DNC to ensure that the party is prepared for the grave threats it faces—today and in the future.”

Yet picked not a single person with a technical background. I guess they can always just shut down the servers for a little while. 😉

Anonymous Coward says:

In every conference room,

in every ISP, and in every major software vendor, there has been a conversation repeating for years.

Invariably it is a bunch of marketing people and execs asking technicians to do things that violate fundamental principles of civil liberty.

In most cases there are at least one or two guys who have been saying “this is going to bite us in the ass”, the whole time.

The DNC has aligned itself with lobbyists from every organization where these abusive practices have been most active, and where political means have been brought to bear to make the situation progressively worse.

So some chickens have come home to roost for the DNC. Must be a bitch. Good luck with that. Wonder if they want to borrow a book?

Yeah. Thought not.

And they want my vote? At what point have they shown any respect for the electoral process itself? They regard my vote with contempt. They regard the sovereignty of the individual mind with contempt.

If they want my vote they’re going to have to do what Bush did, and hire somebody who used to work for Diebold, and steal it. And my guess, based on their history, is that that is exactly what they will do.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...