Democratic National Committee Creates A 'Cybersecurity Board' Without A Single Cybersecurity Expert
from the this-is-not-good dept
The Democratic National Committee, still reeling from the hack on its computer system that resulted in a bunch of leaked emails and the resignation of basically all of its top people, has now created a “cybersecurity advisory board” to improve its cybersecurity and to “prevent future attacks.”
?To prevent future attacks and ensure that the DNC?s cybersecurity capabilities are best-in-class, I am creating a Cybersecurity Advisory Board composed of distinguished experts in the field,? interim DNC Chairwoman Donna Brazile wrote in a memo. ?The Advisory Board will work closely with me and the entire DNC to ensure that the party is prepared for the grave threats it faces?today and in the future.?
Sure. That sounds like a good idea. But, then there’s this:
Members include Rand Beers, former Department of Homeland Security acting secretary; Nicole Wong, former deputy chief technology officer of the U.S. and a former technology lawyer for Google and Twitter; Aneesh Copra, co-founder of Hunch Analytics and former chief technology officer of the U.S.; and Michael Sussmann, a partner in privacy and data security at the law firm Perkins Coie and a former Justice Department cybercrime prosecutor.
I’ve met and/or dealt with Chopra (misspelled Copra in the article) and Wong — and both are very smart and good policy people. The other two seem to have good policy chops as well. But none of them are actual cybersecurity experts. I have no problem with these people being on this advisory board, but it’s insane to put together a cybersecurity advisory board that doesn’t include at least a single (and probably more) actual technologist with experience in cybersecurity. And that’s doubly true when the goal of the board is to help the DNC with its own cybersecurity.
If the goal of the board was to advise on cybersecurity policy, then the makeup of it is at least slightly more understandable, but that’s not the goal. It’s to actually improve the cybersecurity of the DNC. Even if the goal were just policy, having someone with actual technology experience with cybersecurity would be sensible. Again, I don’t think there’s anything wrong with these four people on the board if they also included some actual technologists who understood this stuff at a core level. Instead, they’re just asking for more problems.