Democratic National Committee Creates A 'Cybersecurity Board' Without A Single Cybersecurity Expert
from the this-is-not-good dept
The Democratic National Committee, still reeling from the hack on its computer system that resulted in a bunch of leaked emails and the resignation of basically all of its top people, has now created a "cybersecurity advisory board" to improve its cybersecurity and to "prevent future attacks."“To prevent future attacks and ensure that the DNC’s cybersecurity capabilities are best-in-class, I am creating a Cybersecurity Advisory Board composed of distinguished experts in the field,” interim DNC Chairwoman Donna Brazile wrote in a memo. “The Advisory Board will work closely with me and the entire DNC to ensure that the party is prepared for the grave threats it faces—today and in the future.”Sure. That sounds like a good idea. But, then there's this:
Members include Rand Beers, former Department of Homeland Security acting secretary; Nicole Wong, former deputy chief technology officer of the U.S. and a former technology lawyer for Google and Twitter; Aneesh Copra, co-founder of Hunch Analytics and former chief technology officer of the U.S.; and Michael Sussmann, a partner in privacy and data security at the law firm Perkins Coie and a former Justice Department cybercrime prosecutor.I've met and/or dealt with Chopra (misspelled Copra in the article) and Wong -- and both are very smart and good policy people. The other two seem to have good policy chops as well. But none of them are actual cybersecurity experts. I have no problem with these people being on this advisory board, but it's insane to put together a cybersecurity advisory board that doesn't include at least a single (and probably more) actual technologist with experience in cybersecurity. And that's doubly true when the goal of the board is to help the DNC with its own cybersecurity.
If the goal of the board was to advise on cybersecurity policy, then the makeup of it is at least slightly more understandable, but that's not the goal. It's to actually improve the cybersecurity of the DNC. Even if the goal were just policy, having someone with actual technology experience with cybersecurity would be sensible. Again, I don't think there's anything wrong with these four people on the board if they also included some actual technologists who understood this stuff at a core level. Instead, they're just asking for more problems.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: advisory board, aneesh chopra, cybersecurity, democratic national committee, dnc, michael sussmann, nicole wong, rand beers
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re: politicians
[ link to this | view in chronology ]
2016 Write-In Campaign
[ link to this | view in chronology ]
Re: 2016 Write-In Campaign
[ link to this | view in chronology ]
I'm sure they can do it.
[ link to this | view in chronology ]
They probably didn't have a choice.
[ link to this | view in chronology ]
Re: They probably didn't have a choice.
I can assure you there are plenty of cybersecurity experts who would be happy to work for the DNC (RNC too, for that matter).
[ link to this | view in chronology ]
Re: Re: They probably didn't have a choice.
And with all due respect to these folks: now is not the time to craft policy. That's a lengthy and careful debate. Now is the time to deploy systems that are as secure as possible given time constraints -- noting that there's an election in three months and that something that solves 90% of the problems for 90 days is better than something that solves 99% of the problems but won't be operational until 2018.
[ link to this | view in chronology ]
Re: Re: Re: They probably didn't have a choice.
Which is quite the point. Yeah, there are plenty of people willing to pad their resumes with a "I worked for the DNC YAY, I met etc. etc.". But no, these are not the people who are going to fix these problems.
You cannot hitch your wagon to a star here. There is no star. Just a big black hole sucking in talent and converting into misery. These guys are looking for scape goats. People with NPD don't have advisors. They have minions. And if you've been in the industry for 30 years, one would think you'd have read that from a mile away.
Lamachus: Ah! the Generals! they are numerous, but not good for much!
[ link to this | view in chronology ]
Re: Re: Re: Re: They probably didn't have a choice.
"Spent the last eight years building and defending a medical database"
"Not to mention that 30 years predates Internet security as a concept. (oops)"
Um... didnt see where AC said he was in Internet security or claimed to have been for 30+ years. (oops)
[ link to this | view in chronology ]
Re: Re: Re: Re: They probably didn't have a choice.
You are so very wrong that it's difficult to know where to begin. Let me just hit a couple of high points.
First, I am doing it right, by doing exactly what I wish to do. I've repeatedly refused promotion because I want to be close to the metal. That refusal is exactly why I'm very, VERY good at what I do.
Second, you are clearly ignorant of history. Not only does Internet (ARPAnet, BITnet, Usenet, CSnet) security as a concept go back more than 30 years, it's been nearly 30 years since one of the significant milestones: Morris worm, 1988. I'm sure that a mere ignorant newbie like you doesn't know any of this because you weren't there and you're too lazy to read, but everyone who was around at the time and everyone who's taken the time to do two minutes' worth of perfunctory research knows that you are dead wrong.
There's more, but I'll stop there. The bottom line is that you are completely, hopelessly wrong and clearly require remedial education -- that is, IF you're capable of learning.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
These are EXPERTS!!
Why are you disrespecting these fine policy experts?
POLICY is what's important. Mere technical expertise is never as important (or as valuable) as that. I'm sure these geniuses will take a few minutes to research the technical issues. That should be more than sufficient, right?
All problems are solvable with just the right policy, right?
/s
[ link to this | view in chronology ]
Re: These are EXPERTS!!
[ link to this | view in chronology ]
Re: These are EXPERTS!!
[ link to this | view in chronology ]
Re: Re: These are EXPERTS!!
[ link to this | view in chronology ]
They may not really want actual security
Adding real cybersecurity to the DNC now might undermine both parties' objective of taking away everyone else's cybersecurity.
Maybe the price, maybe mostly already paid in loss of top people, is not so high as to warrant getting actual cybersecurity. Just look like you're outraged and trying to do something about it. Appoint a board full of know nothing politicians.
[ link to this | view in chronology ]
Re: They may not really want actual security
[ link to this | view in chronology ]
Given the parties wanton disrespect for digital privacy rights,
HRC is to digital privacy as John Kerry was to "binders full of women", or racists are to: "I'm not racist, I have black friends!". Bigots blinded by narcissism.
I think this election cycle your going to see some honeypot logs disclosed which are going to say quite a few disturbing things about the state of politically motivated hacking in this country. My guess is the DNC will be one of the bigger beneficiaries.
Personally I think the Trump "2nd Amendment" gaff and the HRC "coward" comment were coordinated between the parties.
It was basically the same move as the broken fresh condenser message at the battle of midway. The purpose of it was to increase chatter for a planned broad spectrum attack against nonconformist forums. Techdirt probably being among them.
Congrats Techdirt! You've now joined the ranks of other terrorist organizations like the ACLU and Greenpeace.
Johnson/Weld:
Because Trump would push the button for fun, and HRC would push it to be prom queen.
[ link to this | view in chronology ]
Re: Given the parties wanton disrespect for digital privacy rights,
-- Please forgive the nitpicking, but I think you mean "Willard 'Mitt' Romney" and his "binders full of women." Secretary Kerry has his problems (which has nothing to do with Swift Boats, despite what the political hitmen told us), but his flaws don't amount to a flea on that back of that spoiled, oblivious, self-entitled, religious fanatic.
[ link to this | view in chronology ]
Who is going to implement the policy these people come up with.
[ link to this | view in chronology ]
Re:
All they have to do is pat themselves on the back hard enough and all the good things happen. Yup. Now move along.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
No, no, no, you're doing it wrong.
Remember, all committees, oversight and advisory boards, managers and bureaucrats must first plan how to have a plan. Always.
The aim here is to create a plan to have a plan. That plan will probably call for a committee to be set up to consider how to implement the plan to have a plan. They'll need a plan to do that.
[ link to this | view in chronology ]
national security
[ link to this | view in chronology ]
Re: national security
If they are as dishonest as the leaked emails show, they should be locked up, not protected.
[ link to this | view in chronology ]
It's not about cybersecurity
[ link to this | view in chronology ]
[ link to this | view in chronology ]
And this was unexpected?
Doomed to failure.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
DNC Cybersecurity
[ link to this | view in chronology ]
Has everything to do with looking good and nothing to do with doing what is right or appropriate
[ link to this | view in chronology ]
Time will tell
Now, the risk is they do their stuff without asking the best experts in the field.
We will see. If they do not bring around them experts, the next time they will get owned again, and it will hurt even more.
Hackers will exploit the weakest link. As the venerable security expert Bruce Schneier explained : security is a link. It is not stronger than the weakest of its links.
[ link to this | view in chronology ]
They are all Legends in their own Minds
"Okay, where do we start? I want some ideas people"
"We could update Abode's Flash Flyer. They got that McCafee thingy that downloads with the update and it's FREE! Oh, you also get a new search engine... FREE!"
Right then. Let's do it. OK people. Great day! See all next week.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Failure from the onset
“To prevent future attacks and ensure that the DNC’s cybersecurity capabilities are best-in-class, I am creating a Cybersecurity Advisory Board composed of distinguished experts in the field,” interim DNC Chairwoman Donna Brazile wrote in a memo. “The Advisory Board will work closely with me and the entire DNC to ensure that the party is prepared for the grave threats it faces—today and in the future.”
Yet picked not a single person with a technical background. I guess they can always just shut down the servers for a little while. ;)
[ link to this | view in chronology ]
Encryption is bad m'kay...
Day 23:
Encryption, not so bad after all - can someone google my emails.
[ link to this | view in chronology ]
Get with the times, man (DNC).
[ link to this | view in chronology ]
In every conference room,
Invariably it is a bunch of marketing people and execs asking technicians to do things that violate fundamental principles of civil liberty.
In most cases there are at least one or two guys who have been saying "this is going to bite us in the ass", the whole time.
The DNC has aligned itself with lobbyists from every organization where these abusive practices have been most active, and where political means have been brought to bear to make the situation progressively worse.
So some chickens have come home to roost for the DNC. Must be a bitch. Good luck with that. Wonder if they want to borrow a book?
Yeah. Thought not.
And they want my vote? At what point have they shown any respect for the electoral process itself? They regard my vote with contempt. They regard the sovereignty of the individual mind with contempt.
If they want my vote they're going to have to do what Bush did, and hire somebody who used to work for Diebold, and steal it. And my guess, based on their history, is that that is exactly what they will do.
[ link to this | view in chronology ]
Politics in the 21st Century
This is exactly how politics works!
[ link to this | view in chronology ]
It seems we've completely forgotten the Enlightenment.
I suppose it means whatever policies they implement will be unenforcable and entirely circumventable.
[ link to this | view in chronology ]
see no firewall, hear no antivirus, speak no VPN
Real information might get in the way of their plans to quash that pesky encryption thingy in the bill their name is on.
[ link to this | view in chronology ]
Aneesh Chopra's bro Rajeev
[ link to this | view in chronology ]