Following high-profile data breaches that led to embarrassing headlines and resignations, the Democratic National...
Committee has reportedly formed a cybersecurity advisory board. However, the four members of the board appear to have little infosec expertise.
The DNC's cybersecurity advisory board, which was first reported by Politico, includes Rand Beers, deputy Homeland Security advisor to President Obama and former acting secretary of the U.S. Department of Homeland Security; Aneesh Chopra, executive vice president and co-founder of data analytics firm Hunch Analytics and former first CTO for the U.S. government; Michael Sussmann, partner in the privacy and data security practice at law firm Perkins Coie LLP and former cybercrime prosecutor with the U.S. Department of Justice; and Nicole Wong, former CTO for the U.S. government and former vice president and deputy general counsel at Google.
According to Politico's report, a memo from new Democratic National Committee (DNC) chairwoman Donna Brazile stated that the cybersecurity advisory board was created to "ensure that the DNC's cybersecurity capabilities are best-in-class," adding he board is "composed of distinguished experts in the field."
But some infosec professionals have questioned that statement. While the board does include former CTOs and a former cybercrime prosecutor, experts argued there should have been members with infosec-specific experience or skills in the cybersecurity field rather than an apparent focus on legal and political experience.
For example, security researchers Peiter "Mudge" Zatko, former Google engineer, and Christopher Soghoian, principal technologist at the ACLU, criticized the DNC for the lack of technical knowledge and experience on the cybersecurity advisory board.
DNC creates Cybersecurity board made up of well meaning people with no cybersecurity expertise. Your move Russia...https://t.co/5CpJEHworX— Mudge (@dotMudge) August 14, 2016
Could the DNC not find a single technical cybersecurity expert to appoint to their cybersecurity advisory board? https://t.co/ZNl9wvdabd— Christopher Soghoian (@csoghoian) August 14, 2016
The recent DNC hack and resulting exposure of confidential emails and documents led to the resignation of chairwoman Debbie Wasserman Schultz and other DNC officials just before the Democratic National Convention in Philadelphia last month. A lone hacker known as Guccifer 2.0 claimed responsibility for the hack and leaked the confidential DNC data via Wikileaks.
The DNC hack has also sparked a debate over the attribution of cyberattacks. Threat intelligence firm CrowdStrike pinned the attack on two Russian advanced persistent threat groups, with other firms and security researchers supporting the case. Guccifer 2.0 disputed CrowdStrike's case and claimed to be working alone.
However, other security experts have expressed skepticism and questioned cyber attribution methods used by CrowdStrike to blame Russia. Meanwhile, evidence continues to mount that Russian threat actors have targeted the Democratic Party, and additional emails and documents have been leaked by Guccifer 2.0 this week from the Democratic Congressional Campaign Committee in Florida.
Find out what lessons can be learned from government cybersecurity issues
Learn how organizations can build and improve an infosec culture
Read more on why a federal CISO is crucial for the U.S. government