Democratic National Committee Creates A 'Cybersecurity Board' Without A Single Cybersecurity Expert

from the this-is-not-good dept

The Democratic National Committee, still reeling from the hack on its computer system that resulted in a bunch of leaked emails and the resignation of basically all of its top people, has now created a "cybersecurity advisory board" to improve its cybersecurity and to "prevent future attacks."
“To prevent future attacks and ensure that the DNC’s cybersecurity capabilities are best-in-class, I am creating a Cybersecurity Advisory Board composed of distinguished experts in the field,” interim DNC Chairwoman Donna Brazile wrote in a memo. “The Advisory Board will work closely with me and the entire DNC to ensure that the party is prepared for the grave threats it faces—today and in the future.”
Sure. That sounds like a good idea. But, then there's this:
Members include Rand Beers, former Department of Homeland Security acting secretary; Nicole Wong, former deputy chief technology officer of the U.S. and a former technology lawyer for Google and Twitter; Aneesh Copra, co-founder of Hunch Analytics and former chief technology officer of the U.S.; and Michael Sussmann, a partner in privacy and data security at the law firm Perkins Coie and a former Justice Department cybercrime prosecutor.
I've met and/or dealt with Chopra (misspelled Copra in the article) and Wong -- and both are very smart and good policy people. The other two seem to have good policy chops as well. But none of them are actual cybersecurity experts. I have no problem with these people being on this advisory board, but it's insane to put together a cybersecurity advisory board that doesn't include at least a single (and probably more) actual technologist with experience in cybersecurity. And that's doubly true when the goal of the board is to help the DNC with its own cybersecurity.

If the goal of the board was to advise on cybersecurity policy, then the makeup of it is at least slightly more understandable, but that's not the goal. It's to actually improve the cybersecurity of the DNC. Even if the goal were just policy, having someone with actual technology experience with cybersecurity would be sensible. Again, I don't think there's anything wrong with these four people on the board if they also included some actual technologists who understood this stuff at a core level. Instead, they're just asking for more problems.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    radix (profile), 15 Aug 2016 @ 1:14pm

    Politicos appoint politicians, politics ensue. News at 11.

    reply to this | link to this | view in chronology ]

    • icon
      Dave Howe (profile), 17 Aug 2016 @ 3:02am

      Re: politicians

      Probably the actual problem there - they don't *know* anyone else, and if you add in the usual management "you don't need to understand something to manage it" attitude you end up with an advisory board full of chiefs, who will probably direct that an external company (that they have a financial interest in, naturally) be directed to generate a report, which they will then pass on....

      reply to this | link to this | view in chronology ]

  • identicon
    DigDuggery, 15 Aug 2016 @ 1:15pm

    2016 Write-In Campaign

    Snowden/Manning for President/Vice President

    reply to this | link to this | view in chronology ]

  • icon
    Blaine (profile), 15 Aug 2016 @ 1:28pm

    I'm sure they can do it.

    The politicians just need to politician harder!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Aug 2016 @ 1:29pm

    They probably didn't have a choice.

    I mean seriously. Would YOU work these fucks?

    reply to this | link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 15 Aug 2016 @ 2:12pm

      Re: They probably didn't have a choice.

      I mean seriously. Would YOU work these fucks?


      I can assure you there are plenty of cybersecurity experts who would be happy to work for the DNC (RNC too, for that matter).

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 15 Aug 2016 @ 2:29pm

        Re: Re: They probably didn't have a choice.

        Yes, there are. I'm one of them. (30+ years experience at multiple Fortune 500 companies and several major universities. Spent the last eight years building and defending a medical database system that grew from 10's of gigabytes to half a petabyte. And so on.) I applied for the open security expert position at the DNC and heard nothing back. Not even a "no thank you". Nothing.

        And with all due respect to these folks: now is not the time to craft policy. That's a lengthy and careful debate. Now is the time to deploy systems that are as secure as possible given time constraints -- noting that there's an election in three months and that something that solves 90% of the problems for 90 days is better than something that solves 99% of the problems but won't be operational until 2018.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 16 Aug 2016 @ 7:12am

          Re: Re: Re: They probably didn't have a choice.

          If you've been in the business 30 years and your close enough to the metal to know WTF is going on your not doing it right. Not to mention that 30 years predates Internet security as a concept. (oops)

          Which is quite the point. Yeah, there are plenty of people willing to pad their resumes with a "I worked for the DNC YAY, I met etc. etc.". But no, these are not the people who are going to fix these problems.

          You cannot hitch your wagon to a star here. There is no star. Just a big black hole sucking in talent and converting into misery. These guys are looking for scape goats. People with NPD don't have advisors. They have minions. And if you've been in the industry for 30 years, one would think you'd have read that from a mile away.

          Lamachus: Ah! the Generals! they are numerous, but not good for much!

          reply to this | link to this | view in chronology ]

          • identicon
            I.T. Guy, 16 Aug 2016 @ 8:04am

            Re: Re: Re: Re: They probably didn't have a choice.

            "30+ years experience at multiple Fortune 500 companies and several major universities."

            "Spent the last eight years building and defending a medical database"

            "Not to mention that 30 years predates Internet security as a concept. (oops)"

            Um... didnt see where AC said he was in Internet security or claimed to have been for 30+ years. (oops)

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 26 Aug 2016 @ 8:27am

            Re: Re: Re: Re: They probably didn't have a choice.

            If you've been in the business 30 years and your close enough to the metal to know WTF is going on your not doing it right. Not to mention that 30 years predates Internet security as a concept. (oops)

            You are so very wrong that it's difficult to know where to begin. Let me just hit a couple of high points.

            First, I am doing it right, by doing exactly what I wish to do. I've repeatedly refused promotion because I want to be close to the metal. That refusal is exactly why I'm very, VERY good at what I do.

            Second, you are clearly ignorant of history. Not only does Internet (ARPAnet, BITnet, Usenet, CSnet) security as a concept go back more than 30 years, it's been nearly 30 years since one of the significant milestones: Morris worm, 1988. I'm sure that a mere ignorant newbie like you doesn't know any of this because you weren't there and you're too lazy to read, but everyone who was around at the time and everyone who's taken the time to do two minutes' worth of perfunctory research knows that you are dead wrong.

            There's more, but I'll stop there. The bottom line is that you are completely, hopelessly wrong and clearly require remedial education -- that is, IF you're capable of learning.

            reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Aug 2016 @ 1:31pm

    Well, perhaps its better this way. It leads to a more transparent government body...

    reply to this | link to this | view in chronology ]

  • icon
    CanadianByChoice (profile), 15 Aug 2016 @ 1:39pm

    This was the only way they could be reasonably certain that the Advisory Board would give the advice they want to hear.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Aug 2016 @ 1:44pm

    Unless the Cybersecurity expert's resume looks like a check with 5 or 6 zeros, don't expect one on any DNC board.

    reply to this | link to this | view in chronology ]

  • identicon
    JustShutUpAndObey, 15 Aug 2016 @ 2:00pm

    These are EXPERTS!!

    You clearly don't understand.
    Why are you disrespecting these fine policy experts?
    POLICY is what's important. Mere technical expertise is never as important (or as valuable) as that. I'm sure these geniuses will take a few minutes to research the technical issues. That should be more than sufficient, right?
    All problems are solvable with just the right policy, right?
    /s

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 15 Aug 2016 @ 2:11pm

    They may not really want actual security

    If they got actual cybersecurity, then they would only be ripping it out again once Comey and others get their way of removing all encryption and cybersecurity from the US part of the internet.

    Adding real cybersecurity to the DNC now might undermine both parties' objective of taking away everyone else's cybersecurity.

    Maybe the price, maybe mostly already paid in loss of top people, is not so high as to warrant getting actual cybersecurity. Just look like you're outraged and trying to do something about it. Appoint a board full of know nothing politicians.

    reply to this | link to this | view in chronology ]

    • icon
      Bergman (profile), 15 Aug 2016 @ 8:35pm

      Re: They may not really want actual security

      Or maybe it's because if elections were truly secure, it would be MUCH harder, perhaps even impossible, to rig them?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Aug 2016 @ 2:22pm

    Given the parties wanton disrespect for digital privacy rights,

    I don't see a lot of people coming out of the woodwork to offer them help. And even if they did, they'd probably be moles.

    HRC is to digital privacy as John Kerry was to "binders full of women", or racists are to: "I'm not racist, I have black friends!". Bigots blinded by narcissism.

    I think this election cycle your going to see some honeypot logs disclosed which are going to say quite a few disturbing things about the state of politically motivated hacking in this country. My guess is the DNC will be one of the bigger beneficiaries.

    Personally I think the Trump "2nd Amendment" gaff and the HRC "coward" comment were coordinated between the parties.

    It was basically the same move as the broken fresh condenser message at the battle of midway. The purpose of it was to increase chatter for a planned broad spectrum attack against nonconformist forums. Techdirt probably being among them.

    Congrats Techdirt! You've now joined the ranks of other terrorist organizations like the ACLU and Greenpeace.

    Johnson/Weld:
    Because Trump would push the button for fun, and HRC would push it to be prom queen.

    reply to this | link to this | view in chronology ]

    • identicon
      bshock, 15 Aug 2016 @ 7:35pm

      Re: Given the parties wanton disrespect for digital privacy rights,

      HRC is to digital privacy as John Kerry was to "binders full of women", or racists are to: "I'm not racist, I have black friends!". Bigots blinded by narcissism.

      -- Please forgive the nitpicking, but I think you mean "Willard 'Mitt' Romney" and his "binders full of women." Secretary Kerry has his problems (which has nothing to do with Swift Boats, despite what the political hitmen told us), but his flaws don't amount to a flea on that back of that spoiled, oblivious, self-entitled, religious fanatic.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Aug 2016 @ 2:31pm

    Just one question:-
    Who is going to implement the policy these people come up with.

    reply to this | link to this | view in chronology ]

    • icon
      radix (profile), 15 Aug 2016 @ 2:43pm

      Re:

      Implement? Does not compute.

      All they have to do is pat themselves on the back hard enough and all the good things happen. Yup. Now move along.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 15 Aug 2016 @ 3:08pm

      Re:

      "Who is going to implement the policy these people come up with."

      No, no, no, you're doing it wrong.

      Remember, all committees, oversight and advisory boards, managers and bureaucrats must first plan how to have a plan. Always.

      The aim here is to create a plan to have a plan. That plan will probably call for a committee to be set up to consider how to implement the plan to have a plan. They'll need a plan to do that.

      reply to this | link to this | view in chronology ]

  • identicon
    anonymous Dutch coward, 15 Aug 2016 @ 2:38pm

    national security

    i find it odd, that the nsa and other agencies aren't obliged by law to protect the 2 parties involved. non-partisan support of professionals instead of the work of well meaning amateurs, because there is to much at stake. its getting harder each day to take the usa seriously, with news like this every other day. nothing more than a shiny empty shell.

    reply to this | link to this | view in chronology ]

    • icon
      joelberman (profile), 16 Aug 2016 @ 6:49am

      Re: national security

      Political parties are no different than any other organization and not entitled to any special treatment. They are not legitimized by the Constitution and many of the founding fathers warned of the dangers of political parties.

      If they are as dishonest as the leaked emails show, they should be locked up, not protected.

      reply to this | link to this | view in chronology ]

  • icon
    seedeevee (profile), 15 Aug 2016 @ 2:39pm

    It's not about cybersecurity

    If it is a Clinton involved scheme it only means that appearances of seriousness is all that matters.

    reply to this | link to this | view in chronology ]

  • identicon
    Mark Wing, 15 Aug 2016 @ 3:04pm

    With so many non-experts, their talking points will be best-in-class.

    reply to this | link to this | view in chronology ]

  • icon
    David (profile), 15 Aug 2016 @ 4:18pm

    And this was unexpected?

    Sadly, not. DNC is a political entity, politics is mostly about policy. So they addressed the issue with the only hammer in their toolbox. A committee of policy politicos.

    Doomed to failure.

    reply to this | link to this | view in chronology ]

  • identicon
    stephen.hutcheson@gmail.com, 15 Aug 2016 @ 5:59pm

    It's not whither you lose your data, it's how you play the blame.

    reply to this | link to this | view in chronology ]

  • icon
    TomStone (profile), 15 Aug 2016 @ 6:12pm

    DNC Cybersecurity

    I don't understand why Bryan Pagliano and Rajiv Fernando weren't appointed.

    reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 15 Aug 2016 @ 6:31pm

    brought to you by the same folks that paid for seat fillers to pretend they were delegates.

    Has everything to do with looking good and nothing to do with doing what is right or appropriate

    reply to this | link to this | view in chronology ]

  • identicon
    Gilbert, 16 Aug 2016 @ 4:14am

    Time will tell

    First, those people will probably find and ask for help for experts. They will design policies, which is their job, by using their input and trying a best)fit with political objectives.

    Now, the risk is they do their stuff without asking the best experts in the field.

    We will see. If they do not bring around them experts, the next time they will get owned again, and it will hurt even more.

    Hackers will exploit the weakest link. As the venerable security expert Bruce Schneier explained : security is a link. It is not stronger than the weakest of its links.

    reply to this | link to this | view in chronology ]

  • icon
    Monday (profile), 16 Aug 2016 @ 6:37am

    They are all Legends in their own Minds

    " 'Cybersecurity Board' Without A Single Cybersecurity Expert '


    "Okay, where do we start? I want some ideas people"

    "We could update Abode's Flash Flyer. They got that McCafee thingy that downloads with the update and it's FREE! Oh, you also get a new search engine... FREE!"

    Right then. Let's do it. OK people. Great day! See all next week.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2016 @ 6:41am

    but isn't that the whole aim of the starting of these sorts of boards? what's the point of having one that consists of people who know exactly what they are talking about and can vote to stop things that are good for the people? that would never do!!

    reply to this | link to this | view in chronology ]

  • identicon
    I.T. Guy, 16 Aug 2016 @ 8:00am

    Failure from the onset

    Job description:
    “To prevent future attacks and ensure that the DNC’s cybersecurity capabilities are best-in-class, I am creating a Cybersecurity Advisory Board composed of distinguished experts in the field,” interim DNC Chairwoman Donna Brazile wrote in a memo. “The Advisory Board will work closely with me and the entire DNC to ensure that the party is prepared for the grave threats it faces—today and in the future.”

    Yet picked not a single person with a technical background. I guess they can always just shut down the servers for a little while. ;)

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2016 @ 8:38am

    Day 1:
    Encryption is bad m'kay...

    Day 23:
    Encryption, not so bad after all - can someone google my emails.

    reply to this | link to this | view in chronology ]

  • icon
    Monday (profile), 16 Aug 2016 @ 9:16am

    Get with the times, man (DNC).

    I bet you don't even know what 'Farm to Table' means.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2016 @ 9:32am

    In every conference room,

    in every ISP, and in every major software vendor, there has been a conversation repeating for years.

    Invariably it is a bunch of marketing people and execs asking technicians to do things that violate fundamental principles of civil liberty.

    In most cases there are at least one or two guys who have been saying "this is going to bite us in the ass", the whole time.

    The DNC has aligned itself with lobbyists from every organization where these abusive practices have been most active, and where political means have been brought to bear to make the situation progressively worse.

    So some chickens have come home to roost for the DNC. Must be a bitch. Good luck with that. Wonder if they want to borrow a book?

    Yeah. Thought not.

    And they want my vote? At what point have they shown any respect for the electoral process itself? They regard my vote with contempt. They regard the sovereignty of the individual mind with contempt.

    If they want my vote they're going to have to do what Bush did, and hire somebody who used to work for Diebold, and steal it. And my guess, based on their history, is that that is exactly what they will do.

    reply to this | link to this | view in chronology ]

  • identicon
    Pole Cat, 16 Aug 2016 @ 9:50am

    Politics in the 21st Century

    Democratic National Committee Creates A 'Cybersecurity Board' Without A Single Cybersecurity Expert

    This is exactly how politics works!

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 16 Aug 2016 @ 12:15pm

    It seems we've completely forgotten the Enlightenment.

    Nothing about us without us... ?

    I suppose it means whatever policies they implement will be unenforcable and entirely circumventable.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Aug 2016 @ 6:54pm

    see no firewall, hear no antivirus, speak no VPN

    Well of course they didn't want any security experts around. They are so annoyingly know-it-all.

    Real information might get in the way of their plans to quash that pesky encryption thingy in the bill their name is on.

    reply to this | link to this | view in chronology ]

  • identicon
    Randy, 24 Aug 2017 @ 6:10pm

    Aneesh Chopra's bro Rajeev

    See Rajeev Chopra, his brother

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.