A small, volunteer group of prominent cybersecurity professionals are working to ensure that if Democratic presidential nominee Hillary Clinton wins the election in November, she’ll have a stable of talented cybersecurity advisers to choose from, a member of the group told Cyberscoop.
Jake Braun, a former White House liaison to the Department of Homeland Security said that he hoped to bridge the gap between two groups that he believes share some common values in this election cycle: democrats and information security professionals.
Now a professor at the University of Chicago’s Harris School of Public Policy, Braun was in Las Vegas this week as part of a much publicized Clinton fundraising event at the 2016 Black Hat USA cybersecurity conference.
Broadly, the purpose of the cybersecurity fundraising event was to stump for Clinton. However, the fundraiser took place at an advantageous time as Republican presidential nominee Donald Trump recently encouraged Russia to spy on his political rival.
Trump’s comments on Russian surveillance were poorly received by the larger security community, Braun explained. Cyber professionals are adamantly aware of Russia’s capabilities in cyberspace, perhaps more so than the general public, he said, and as such, take Trump’s rhetoric seriously.
The Clinton cyber policy group is a growing, satellite team — spread across the U.S. — largely made up of former defense officials and political campaign specialists. The group is led by Harvard professor Michael Sulmeyer, a former Pentagon official.
Jeff Moss, the founder of Black Hat and a member of the Homeland Security Advisory Council, is also an active participant in the working group. Moss spoke at the Vegas-based fundraising event.
“What’s going on is really f—ing scary. It’s my civic duty to do what I can to sort things out,” Moss said at the Clinton fundraiser, addressing Trump’s comment which advocated for a foreign power to spy on an American citizen.
The volunteer-based group has several responsibilities, said Sulmeyer, including personnel recruitment, focused campaigning and security consulting efforts that follow in line with Clinton’s direct campaign team.
Regarding whether the policy team is involved in high-level appointee decisions — like who may become Clinton’s federal Chief Information Security Officer — Braun said the campaign “is not there yet,” though he expects some members of the working group to eventually be involved in some form.
“I think first and foremost, they’re focused on winning the election right now,” said Braun.
On cyber policy issues, Sulmeyer’s volunteers have provided perspective and analysis to the campaign. At the moment, a larger circle — beyond the working group — made up of paid consultants and in-house policy advisers is also assisting the Clinton campaign. But Braun said he did not know the names of those paid consultants, who are additionally advising the former Secretary of State on cybersecurity matters.
The Clinton campaign did not respond to our request for comment on the matter.
“We always wind up with different people on our calls and I never know whose a member and who is just on the call,” explained Braun.
Today, top of mind for the Clinton campaign — and thus for the working group — is the threat of Russian intelligence compromising the November election through the targeting of American voting machines and other voting systems, said Braun.
“While the rest of the public might not necessarily know how vulnerable our actual voting apparatus is to cyber attacks, and how engaged Russia is in cyber attacks that affect the democratic process globally, we all know this,” Braun told an audience of security professionals at the Clinton fundraising event.
“We want to make sure the world knows this, and Donald Trump and his affiliates know that it is not okay to tell the Russians that they can come and hack our democracy.”
In late July, Braun met with high ranking officials at DHS to discuss the threat of a rigged election due to cyber-based attacks. At that time, DHS was noncommittal on how it would proceed with a still-developing, potential plan to specifically help defend the integrity of the election’s digital systems, said Braun.
On Wednesday, DHS chief Jeh Johnson addressed the threat of cyber attacks against the upcoming U.S. election during a Christian Science Monitor Breakfast in Washington, DC.
One of the central questions behind defending these election assets is how they are internally classified, or prioritized, by the U.S. government. If, for example, election equipment is recognized as “critical infrastructure” then the resources provided and protocol followed by the government would also shift — as is supported under existing cyber defense policy.
“We are actively thinking about election cybersecurity … [and] whether our election system,” Johnson said, “is critical infrastructure.”