Cyber Security

Experts Slam DNC Cybersecurity Board For Lack Of Cyber Experts

Democrats are having lawyers and government officials head new security effort

Cyber Security
Illustration: Diana Quach
Aug 17, 2016 at 3:13 PM ET

There’s one problem with Democratic National Committee’s new plan to keep it safe from future hacks.

None of the four members of its newly created Cybersecurity Advisory Board is considered an expert in cybersecurity.

“The Surgeon General is always a doctor, for good reason. But for some reason, a lawyer is good enough when it comes to cyber,” Christopher Soghoian, the principal technologist at the ACLU, told Vocativ.

“They have overlooked the need to have somebody with hands-on experience who understands the reality of defending a network,” said Jeffrey Carr, the founder and president of cybersecurity firm Taia Global. “Everybody that they have is a very senior person, and generally the higher up you go, the less actual experience you have with attacks against networks and the reality of the threat landscape.”

The four members of the board, according to a memo from interim DNC Chairwoman Donna Brazile obtained by Politico, are Aneesh Copra, the inaugural U.S. Chief Technology Officer; Michael Sussman, a former Justice Department prosecutor who specialized in online crimes; former Department of Homeland Security official Rand Beers; and Nicole Wong, a lawyer who also served as both deputy U.S. CTO and legal counsel for Google and Twitter.

“This just really smacks of a lack of imagination and really suggests that what they did is they went through their rolodex, ” Soghoian said. “‘Who’s worked in the Obama administration at a high level that did something tech related?’ What it suggests, I think, is they don’t see the difference between tech and security, and they also don’t see the difference between a lawyer who has been appointed to a tech position and a tech person.”

The DNC is still dealing with the fallout of it being severely hacked by two foreign actors, cited by Crowdstrike, the cybersecurity firm Democrats hired to deal with the problem, as competing Russian government intelligence groups.

Major political parties around the world are enticing targets for government intelligence agencies, and neither the DNC, nor their Republican counterparts, would be any different. Federal investigators reportedly previously warned the DNC that foreign actors would likely hack them for intelligence purposes.

The hack proceeded to thoroughly embarrass the DNC. After it was announced, an online character calling himself Guccifer 2.0 posted DNC documents to a WordPress blog and announced plans to give its full cache to WikiLeaks, which published such a cache in July. Among the documents were emails in which some high-ranking DNC officials clearly preferred nominee Hillary Clinton to her rival Bernie Sanders, an independent Vermont Senator who announced his intention run as a Democrat in November 2015, a revelation that caused some Sanders supporters to accuse the DNC of being biased against their candidate. The DNC’s creation of a cybersecurity board is a step forward, but the exclusion of technologists leaves experts concerned that the board will be ineffectual. 

“Washington D.C. has a history of omitting technologists from conversations about cybersecurity. The threats to cybersecurity continue to grow. It is imperative to have technology experts who understand the reach and ramifications of tools and decisions in the room when policies are being decided upon,” Nathan White, the Senior Legislative Manager at D.C.-based internet freedom and policy group Access Now, said via email.

“Until we start taking cybersecurity seriously, Guccifer 2.0 and her progeny will continue to pose a serious threat to the functioning of government,” he said.