Former Buttigieg CISO urges DNC to coordinate information sharing between campaigns
Over the last year, Democratic presidential campaigns have had difficulty sharing threat data between one another, according to the former security boss for Pete Buttigieg’s campaign, raising concerns about the party’s ability to fend off possible interference ahead of the November elections.
Mick Baccio, who spent roughly five months working for the now-defunct Buttigieg campaign, told CyberScoop that his team tried sharing information with other campaigns that could have helped officials protect themselves from hackers. The effort was hampered, he said, by a shortage of qualified security staffers on other campaigns, and the lack of a formal information sharing process. Baccio resigned from the campaign in January over philosophical differences.
“It’s not that there’s not a want to share. It’s ‘I don’t know who to talk to,’” he said during an interview Wednesday at the Splunk GovSummit in Washington, D.C.. “I don’t know of a formal mechanism; whether it’s through the DNC, DCCC, or an election [information sharing and analysis center] or something like that. There’s no widespread known mechanism to share that threat data at a sanitized level.”
He did not specify the kinds of threat intelligence the Buttigieg tried sharing, or with whom.
U.S. intelligence officials told lawmakers in February that American officials should be prepared for Russia to again interfere in the U.S. elections. While the Department of Homeland Security said it did not observe any suspicious activity aimed at disrupting the primary elections on Super Tuesday, someone impersonating a Bernie Sanders campaign staffer has tried getting in touch with other campaigns, in a possible effort to infect them with malicious software via phishing messages.
The Democratic National Committee does not facilitate information sharing between campaigns. While the cybersecurity agency at DHS briefs the DNC and its Republican counterpart, inter-campaign sharing has not been as established, said Baccio, who now works at Splunk as a security adviser.
“We tried to set up a roundtable but other campaigns were just trying to find their security people … it was really very difficult,” he said.
It’s a problem that has existed in the private sector for years. Large companies traditionally have been reluctant to share threat information with other firms operating in their sector for fear of losing any competitive advantage. The issue has been pervasive enough for DHS officials to publicly advise against that kind of thinking.
Baccio suggested similar cultural differences are holding campaigns back.
“I think a lot of campaigns were told, ‘Don’t talk about the cyber because it raises your profile and you’ll become a victim at that point,’” he said. “I just think we’re all seeing the same data.”
He urged the DNC to coordinate threat information sharing between campaigns, and suggested the DNC and the RNC work together to share data about broader election security threats, even if that means working through a third party.
Neither the DNC nor the RNC returned requests for comment.