Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Democrats Security Communications Network Privacy Software The Internet Politics

DNC Creates 'Cybersecurity Board' Without Any Cybersecurity Experts (techdirt.com) 156

An anonymous reader writes from a report via Techdirt: The Democratic National Committee has created a "cybersecurity advisory board" to improve its cybersecurity and to "prevent future attacks." Politico reports: "'To prevent future attacks and ensure that the DNC's cybersecurity capabilities are best-in-class, I am creating a Cybersecurity Advisory Board composed of distinguished experts in the field,' interim DNC Chairwoman Donna Brazile wrote in a memo. 'The Advisory Board will work closely with me and the entire DNC to ensure that the party is prepared for the grave threats it faces -- today and in the future.' Members include Rand Beers, former Department of Homeland Security acting secretary; Nicole Wong, former deputy chief technology officer of the U.S. and a former technology lawyer for Google and Twitter; Aneesh Chopra, co-founder of Hunch Analytics and former chief technology officer of the U.S.; and Michael Sussmann, a partner in privacy and data security at the law firm Perkins Coie and a former Justice Department cybercrime prosecutor." What's surprising is that none of these members are cybersecurity experts. Techdirt reports: "If the goal of the board was to advise on cybersecurity policy, then the makeup of it is at least slightly more understandable, but that's not goal. It's to actually improve the cybersecurity of the DNC. Even if the goal were just policy, having someone with actual technology experience with cybersecurity would be sensible."
This discussion has been archived. No new comments can be posted.

DNC Creates 'Cybersecurity Board' Without Any Cybersecurity Experts

Comments Filter:
  • probably... (Score:1, Troll)

    by arbiter1 ( 1204146 )
    A board filled with Clinton Donner's
  • DNC cyber security. (Score:5, Informative)

    by HornWumpus ( 783565 ) on Monday August 15, 2016 @07:53PM (#52708377)

    Just never write down any dirt.

    See also: Bill Clinton's meeting on the tarmac. That's how serious dirt is done.

    • Exactly, its about policy as to what will no longer be documented in emails, and how they will proceed with business as usual in the future.
  • by im_thatoneguy ( 819432 ) on Monday August 15, 2016 @07:55PM (#52708385)

    The point of every board isn't to ever do work. It's just to head up the meetings and organize the allocation of funds to achieve the agenda.

    You might want one technician but management is management. Management is just about allocating your resources to do get shit done.

    Obviously nobody on the board is actually going to get their hands dirty. And boards don't do very much. They will probably meet once a quarter... by phone for an hour. Agree that the consulting firm that they hired is spending the money wisely and then go back to their real jobs.

    • by ls671 ( 1122017 )

      An acquaintance who is a manager once told me that he can manage anything because, well, managing is managing. Another one suggested to me when I was a teen to go study management because, well, managers will always be needed...

      Isn't that a little pretentious and old school like where the boss is the boss, doesn't matter if he is right or wrong or if he knows what he is talking about.

      Seems to me hard to understand how a manager can manage something he doesn't know anything about unless he has skilled techni

      • by Okian Warrior ( 537106 ) on Monday August 15, 2016 @08:44PM (#52708679) Homepage Journal

        An acquaintance who is a manager once told me that he can manage anything because, well, managing is managing. Another one suggested to me when I was a teen to go study management because, well, managers will always be needed...

        Isn't that a little pretentious and old school like where the boss is the boss, doesn't matter if he is right or wrong or if he knows what he is talking about.

        Seems to me hard to understand how a manager can manage something he doesn't know anything about unless he has skilled technical assistants. But how will he evaluate the skills of his assistants? I suppose if the assistants tell him what he wants to hear, it might help.

        This is one of the fallacies of modern MBA-style management: management is a specific skill that's the same across all industries.

        In it's worst form, it's what gets us CEOs who slash costs and show growth for the first year, then leave with a golden parachute while the company flounders.

        If you study management even a little, you realize that the best managers are expert in their respective fields. This is not to say that software managers must be expert coders, but they need to have in mind the capabilities and limitations of the company products, the tools that the coders use, the current marketing trends, and some ad-hoc guesswork as to where the market is going. And also, they should at least know how to code, if not be an expert at it.

        Consider: Do you think a generic manager could step in and manager a newspaper without intimate knowledge of the newspaper business? How well do you think that company would do if it actually happened?

        Looking at some of Warren Buffet's writings, I note that he has people he trusts that can quickly learn the business and make informed choices that ultimately turn a company around. For example, a troubled company that supplies hardware, his people identified parts that had little profit and were available from other suppliers, as opposed to other parts that had more profit and were unique to the business. That's how he buys distressed companies and turns them around.

        This is not what generic MBA-style managers do: learn the business, go into detail, and make strong decisions that benefit the company.

        Looking at how GE gets vice-presidents, they always hire from within. They take a director and move him over to another department for a couple of years, and see how well he does. Then they move him again, and in a couple of years move him again. Over time, the directors become very well informed about how the business actually works, and anyone who isn't flexible enough to learn and do well in the business gets weeded out.

        GE executives are some of the best managers in the world.

        I've worked with a lot of "plug-in" managers who never seem to know where to go or what to do. They take the opinions of their staff as gospel without adding their own expertise, and serve as a simple buffer between the workers and upper management.

        • by ls671 ( 1122017 )

          If you study management even a little, you realize that the best managers are expert in their respective fields.

          Did you visit the link I provided? The guy fits the bill and he was indeed a project manager. Of course I agree with what you wrote. I manage stuff that I know about. My head isn't inflated enough to pretend I can manage everything.

          I've worked with a lot of "plug-in" managers who never seem to know where to go or what to do. They take the opinions of their staff as gospel without adding their own expertise, and serve as a simple buffer between the workers and upper management.

          I like to say that those are just overhead.

          • Did you visit the link I provided? The guy fits the bill and he was indeed a project manager. Of course I agree with what you wrote. I manage stuff that I know about. My head isn't inflated enough to pretend I can manage everything.

            Actually, I didn't. I honestly thought it was part of your sig, and didn't think it was relevant to your text. Sorry about that.

            Maybe weave the link as part of text as a reference to a position, or refer to it in the text?

        • If you study management even a little, you realize that the best managers are expert in their respective fields. This is not to say that software managers must be expert coders, but they need to have in mind the capabilities and limitations of the company products, the tools that the coders use, the current marketing trends, and some ad-hoc guesswork as to where the market is going.

          The converse is also true, the best managers need to be really good at management.

          I don't mind this cybersecurity board, they don't have the talent to personally implement great cybersecurity, but they have the knowledge to find and evaluate the people who can. (As well as figure out all the important laws and regulations, something a certain Secretary of State could have used).

        • by AK Marc ( 707885 )

          Do you think a generic manager could step in and manager a newspaper without intimate knowledge of the newspaper business? How well do you think that company would do if it actually happened?

          Depends on the manager. A good manager can manage outside their expertise.

          When I was in college, I tutored people. In one case, someone came to me for tutoring in a subject I didn't know anything about. I was able to successfully tutor them, with no knowledge in the field. Of course, in the process of tutoring, I learned lots, but walking someone through the work, asking them to think about the problem, and explain the process to get the answer is the same across most academic subjects. Actually teach

          • by ls671 ( 1122017 )

            Of course, in the process of tutoring, I learned lots,

            That's the key point, being able to learn fast and adapt. But then again, doesn't this apply to any activity field and is this in any way specific to management?

            Someone could manage outside their expertise, but it'll be harder.

            Yep, because you would have to learn quickly to be efficient.

          • I've had good Managers, bad managers, expert Managers ,and non-expert managers. There is a VENN diagram of intersections out there somewhere. The problem is, that like most things in life, there aren't absolutes.

            Good Managers: ... They actually are good at direction, and making decisions. These are the people who point the way; give direction and then get out of the way. They make key decisions based on the available information and their best effort. They aren't always right, and they take ownership (and l

        • "Consider: Do you think a generic manager could step in and manager a newspaper without intimate knowledge of the newspaper business? How well do you think that company would do if it actually happened?"

          The CEO of my wife's previous company which is the major business newspaper of Norway has no actual understanding of how a newspaper works. He buys stuff, mortgages stuff, he basically just talks to the board and plays golf and buys stuff. He remains successful primarily by buying other media which has a sub
        • There are many types of managers. At a high level what's really important are people who understand the logistics of getting stuff done. The MBA part really doesn't apply to most managers. Then there are the low level grunt managers - project managers who get dumped on by everyone else, given the worst projects with no authority. Product managers who don't understand products because they're really salespeople. Middle managers who used to be smaller managers but now are in a holding pattern waiting fo

        • by Gr8Apes ( 679165 )

          This is one of the fallacies of modern MBA-style management: management is a specific skill that's the same across all industries.

          In it's worst form, it's what gets us CEOs who slash costs and show growth for the first year, then leave with a golden parachute while the company flounders.

          An MBA without requisite skills in the field you're managing means you're nothing more than a modern pirate looting the ship.

        • by HiThere ( 15173 )

          The problem is that there are two parts here:
          1) Management is a separate skill, and you need to be skilled at it to be a good manager.
          2) Management of a particular area requires knowing the area.

          So. In principle a good manager can manage anything...but if he doesn't already know the area it's going to take him a long time to get to know it. Upper management probably *IS* nearly the same everywhere. Everywhere they go they're managing managers who are managing managers. As you get "nearer to the metal"

          • Upper management probably *IS* nearly the same everywhere. Everywhere they go they're managing managers who are managing managers.

            That's one way of seeing it. OTOH at that level they're also responsible for long term strategy. The stuff that determines if you're even there as a large company 3-5-10-15 years from now (depending on the field). And that's not easy (in fact its so difficult that most don't do it) and turning around a ship that size isn't easy either, so you have to stay ahead of the game.

            So I'm not sure. I think that even at that level you have to know the business. Now, is that 90% of the work? No, it's more like 2%. The

            • by HiThere ( 15173 )

              Upper management may be responsible for strategy, but they shouldn't be the strategist. They should know and be able to evaluate the strategist. The strategist DOES need to know the subject area well...as well as the lowest level of manager, and over a much wider area of what the company does. It shouldn't be a part time job of someone who also manages the company.

              Now clearly, everything I've said only applies if there are multiple layers of management. And the important part is how far is top managemen

        • ... , and serve as a simple buffer between the workers and upper management.

          If all they did was be a buffer between the workers and "upper", that would be very important. It might be enough to justify their job. I have been caught there and I did not like it much.

          As long as there were other people that could do the tech leading...

      • I agree with it to a certain extent. I think a good manager can probably manage most kinds of organizations, without any specialization. By the same token, it isn't always the case that someone that works up through a specific industry will be able to manage a company within that industry. There's no hard fast rule. As much as anything what counts as far as a good leader goes isn't specific expertise in the areas of business activity he may be put in charge of, but rather he quickly recognizes the people wi

        • I think a good manager can probably manage most kinds of organizations, without any specialization. By the same token, it isn't always the case that someone that works up through a specific industry will be able to manage a company within that industry.

          Your statement would be true if and only if there are similar or the same features/aspects of work in those organization because similar rules can be applied (similar management style). If each organization has its own unique aspects to deal with, regardless how good a manager is, he or she will need to learn about the organization first. However, a good manager should be able to learn and adapt to the job faster than average.

      • You're right. He cannot manage something he doesn't understand. He only thinks he can, and as long as he has people under him that know what they're doing, unlike him, who can compensate for his ineptitude, it will look like he actually can.

        Problem is that in 9 out of 10 times the people under him would actually be better off without him.

        • He cannot manage something he doesn't understand.

          I disagree, but only to a point. If the person knows they don't know shit, and admits it (humility), can be successful. It is the people who know nothing, but think they are god because their MBA from Prestigious University tells them so, that are dangerous. IMHO a piece of paper is only as good as the first job out of school, though there are those that think it is worth more than this.

      • One should always go study work, but because workers will always be needed.

      • by swb ( 14022 )

        An acquaintance who is a manager once told me that he can manage anything because, well, managing is managing.

        I think successful managers have an esoteric skill set that can transcend their own lack of technical or industry specific knowledge, but the greater the deviation from their specific knowledge the more dependent they are on experts in the organization to interpret technical knowledge (wither it's IT technical knowledge or just specialist knowledge).

        However, I think there's a corollary there where managers who have the technical knowledge can manage poorly because they lack esoteric skills, and they're pron

      • seems to me hard to understand how a manager can manage something he doesn't know anything about

        It isn't hard to understand. In fact, there is a whole cartoon series dedicated to exactly this.

        http://www.dilbert.com/ [dilbert.com]

    • What real jobs? They actually do something useful?

  • Political officials setting themselves up to regulate things they have zero background knowledge in? Sounds like business as usual to me.
    • Political officials setting themselves up to regulate things they have zero background knowledge in? Sounds like business as usual to me.

      If this is "business as usual", then they shouldn't expect the end result to be any different than before.

      Security only works if you get past the political bullshit step of talking about it.

      • They probably don't really expect any different results, but they have done something about it and they didn't burden the process with people who would actually be so insane to actually want to DO anything.

        I.e. Mission Accomplished.

  • Many chiefs. No tribal members.

    Look, there are two ways to look at cybersecurity:

    1. Most unauthorized access is through social engineering. It can be fixed with training and fewer gullible people. Translation: this is a massive back door that will never be fixed, as those at the top are the worst offenders. And they never follow instructions.

    2. Most methods of providing cyber security involve fixing known prior methods of attack. Polymorphous self-adapting viral code with bootstrap load into the kernel was

    • Apparently, you don't know too much about designing/administering computer systems security.

      Computer security is more than keeping a system secure from outside attacks. The two results you do not wish to occur in a "breach" is exposure of confidential information, and permanent data loss (sabotage). These forms of security breaches can occur from the "inside".

      Another consideration in designing security in computer systems is workflow. There are a ton of ways to make a set of computers secure, but sometim

    • 1. Most unauthorized access is through social engineering.

      Are you suggesting that the russians phone-phished the DNC email server password? Wouldn't the accent give them away?

      • Wouldn't the accent give them away?

        No one would ever complain for fear of being accused of racial profiling.

  • by Chas ( 5144 ) on Monday August 15, 2016 @07:58PM (#52708411) Homepage Journal

    And the politicoes are all stumped as to why people are angry at them and screaming for real change, to the point where people will actually vote for an asshat like Trump...

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Actually doing things eventually leads to racisim. The only thing left is to remain motionless and receive your white privilege lectures.

    • And the politicoes are all stumped as to why people are angry at them and screaming for real change, to the point where people will actually vote for an asshat like Trump...

      Given Clinton's recent hiring practices [foxnews.com] and campaign staff [washingtontimes.com], maybe we should just be happy that she hired Americans and leave it at that.

  • The hiring choices outlined by this article are going to lead to another article at some point in the future, to which I will feel compelled to once again post the comment: "Should have hired me instead, assholes!"

  • Political elites (Score:4, Informative)

    by EEPROMS ( 889169 ) on Monday August 15, 2016 @08:06PM (#52708465)
    Just the political elites doing what they do irrespective of the skill set of people they are employing. People keep banging on about corruption in some third world nation when corruption is well and truly alive in your back yard.
    • by El Cubano ( 631386 ) on Monday August 15, 2016 @09:06PM (#52708789)

      Just the political elites doing what they do irrespective of the skill set of people they are employing. People keep banging on about corruption in some third world nation when corruption is well and truly alive in your back yard.

      Actually, this is not a political elite mindset thing, it is a government mindset thing.

      About 10 years ago or so I attended a government information assurance (they didn't call it cybersecurity back then) conference. The keynote speaker was a technical high up (maybe CIO, maybe CTO) of one of the three letter agencies. He said to an auditorium full of government information assurance managers something to the effect of, "the federal government is the only large organization that will regularly take people with no technical education, no technical training, and no technical knowledge/experience and put them into the inherently technical role of being responsible for securing information systems." You could hear a pin drop.

      The point is that this sort of thing has been going on forever in the government (a campaign functions in nearly the same way as the government in many respects) for a long time. It makes sense why the government gets hit with so many data breaches. In fact, it was always surprising to me that it didn't happen more often.

    • by gtall ( 79522 )

      Not really. It is politicos staffing their board with people that won't step on their crank like Trump. Every two-bit security expert will bring a load of stupid political sensitivities to a job like that. Rather, it makes more sense to hire people who know how politics works and then let them hire the security experts to fix what they see as broken. All the problems are not necessarily technical. This forum is a typical example of what leads to disasters, everyone fancies themselves as technoslaves and hen

  • by Snotnose ( 212196 ) on Monday August 15, 2016 @08:16PM (#52708509)
    A board designed to investigate a technical thing, being staffed by people who are better at raising money and making good sound bites than actually knowing anything about what they're supposed to be figuring out.

    On second thought, erase the word "technical" from that paragraph.
    • by Dracos ( 107777 )

      Pretty much. This is nothing more than political posturing and theatrics designed to pad the resumes of these board members with cybersecurity "experience" that they can cite to the equally ignorant Senators who will preside over their eventual confirmation hearings.

  • Comment removed based on user account deletion
  • This is the hottest cybersecurity board on record.

  • Even if the goal were just policy, having someone with actual technology experience with cybersecurity would be sensible."

    ... or failing that an 8 year old child.

  • by slashdot_commentator ( 444053 ) on Monday August 15, 2016 @09:12PM (#52708823) Journal

    Don'tcha just feel good knowing how well Hillary will be keeping the nation secure when you cast that ballot?

  • by otaku244 ( 1804244 ) on Tuesday August 16, 2016 @12:18AM (#52709623)

    "DNC emails leaked regarding insiders' placements on DNC Cybersecurity Advisory Board. The DNCCAB releases statement, 'It depends on your definition of hacking.' Nude photos of Clinton found among the leak which boost her in polls by 75%. Trump tried to counter by leaking his own sex tape, but the effort tanked because no one wanted to hear him dirty talk Chris Christy."

    ... if any of the above headline becomes true, the terrorists have won

    • by Nidi62 ( 1525137 )

      Trump tried to counter by leaking his own sex tape, but the effort tanked because no one wanted to hear him dirty talk Chris Christy."

      I would love to see the word gymnastic necessary from his spokesmen and supporters about how that shows how strong a leader he would be for this country.

  • Or a personal responsibility board? Of course they don't need any actual cybersecurity experts, this is only to distract from the fact that they broke the rules by pointing the finger at someone else. They don't need this board to do anything, it's just for the press release

  • This is what you get when you spend your life in management as opposed to doer-ship. They probably look at doers as some kind of alien species of human being they have no contact with or understanding of. "Hey, Donna (says Hillary), do you or anyone you know actually have contact with someone who can actually DO something in this area (or any area)? No? Me neither. Let's call a bunch of supporters and contributors with good sounding backgrounds. That'll have the "optics" we need.
  • by Anonymous Coward

    ... advise on cyber-security policy ...

    The addition of lawyers to a bunch of C-level managers is very telling. This group will advise others what policies can and can't be implemented, who in turn will advise others what mechanisms can and can't be installed, who in turn will tell somebody to make the bloody (security) thing work.

  • by Anonymous Coward

    Politicians, regardless of political party, will always perform their duties as politicians so it is no surprise that they create rules committees and advisory boards and fill the positions with politicians. It's what they do. Much of the time it's just for show to make it appear like they are doing something and that they "care" about the topic or crisis at hand. The advisory board will hold meetings, travel around the country to investigate things, make speeches and ultimately release a statement filled w

  • by sabbede ( 2678435 ) on Tuesday August 16, 2016 @06:18AM (#52710769)
    "That's illegal, don't put it in a memo. Someone might leak or steal it"

    See? They only need lawyers.

  • by Curunir_wolf ( 588405 ) on Tuesday August 16, 2016 @06:34AM (#52710837) Homepage Journal

    What's surprising is that none of these members are cybersecurity experts.

    Not surprising to me. The DNC and their members create economic policies with no understanding of economics. They put people in charge of justice with no understanding of justice. They put people in charge of foreign policy who are incompetent in dealing with foreign policy issues.

    So this is just what they do - meddle in things they know nothing about.

  • No doubt they are not cybersecurity experts. They are attempting to solve the impossible: "Preventing future attacks." The attacks will continue. They need to change the goal to be "Prevent successful attacks." Until the problem has been correctly defined, it will not be solved.
  • by Anonymous Coward

    Change definition of DNC to Does Not Compute.

  • by Anonymous Coward

    I guess the democrats couldn't let Trump have the upper hand having an economic board with no economists.

  • Only intentions are important in the DNC. And then there's the whole "experience" issue. If we're supposed to vote for Hillary because she has experience, this blows that out of the water. But then again, it doesn't matter, results don't matter, as long as they are in charge.

  • There are no cyber security experts on the panel because nobody owed any favors to any cyber security experts that could have been called in to get an appointment to the board. The skill set of the candidates in question never came into play.
  • Actually, it seems to me that the makeup of this board is geared towards damage control and being able to sue whoever hacks them. One of the big picture items from Edward Snowden's leak is that, not only does the NSA believe that the best defense is a good offense, they believe that many aspects of cyber defense are hopeless. Clinton, of all people, would know this so the DNC may well have concluded that they can't avoid being hacked so they have decided to be ready to clean up when it happens.
  • Just look at the impressive people they hired! Wouldn't you be scared if you were a hacker?

    All it is about anymore. Appearances. No substance.

  • At least, I never hear the word used in association with securing data, networks, servers, etc. But maybe the companies I work for are all weird or something?

  • Nothing new here! It is typical government bullshit: Put friends and family in charge, regardless of the potential to further break a system!

    HEAR THIS: It is IMPERATIVE that fully qualified people need to run regulatory, or ANY other, agencies.

    Non-qualified persons in a job ALWAYS make matters worse. Period.
    Just because you are an activist does NOT make you qualified! You are likely just looking for a bandwagon to jump on. GET THE FACTS, PLEASE!

My sister opened a computer store in Hawaii. She sells C shells down by the seashore.

Working...