Inside the GOP Convention’s cybersecurity operation
Even before news broke this week that suspected Russian hackers had breached computers at the Democratic National Committee, organizers of the GOP Convention were preparing for an onslaught of cyber attacks, long-time convention Chief Information Officer Max Everett told FedScoop.
“We’re preparing and fully expect a wide array of attacks and different threat actors,” he said. “Hacktivists like Anonymous and other types of people who are looking for eyeballs, hoping to be disruptors, are definitely on our radar and have been for a long time.”
He said the U.S. Secret Service was already working with local energy and other infrastructure providers in the Cleveland area on their cybersecurity stance — to ensure hackers can’t kill the lights, cut off the phones or interfere with the water supply for the event. But the attacks he expected on the convention’s own network were at a lower level.
“We expect that the attacks we’ll face will be motivated by defacement and disruption, not the theft of data assets,” Everett told FedScoop.
Everett, a veteran security consultant who coordinates cybersecurity operations related to the convention’s digital systems and network infrastructure, leads a small 6-person IT team. This full-time, on-the-ground team based in Cleveland will grow by roughly 50 specialist contractors — with event tech vendors like Microsoft, AT&T and Cisco among others providing muscle — before “game day.”
Within this arrangement, AT&T is focusing on connectivity and network resistance; Microsoft’s cloud platform will be the central database, asset storage and chat system; and Cisco is responsible for providing internet routers, switches and specific firewall defenses.
Additionally, Everett said that negotiations are underway with a “recognizable” cybersecurity firm to help monitor network activity, though he declined to name the brand due to ongoing contract negotiations.
The 2016 will be Everett’s fourth consecutive convention working cybersecurity for the GOP. He explained in a phone interview with FedScoop that preparations for the convention began more than 6 months ago and have ramped up in recent weeks as the July 20 start date nears.
Interestingly, Everett described that he has not noticed a significant difference in dangerous online activity aimed at the convention at this point compared to the same timeframe in years past. And that fact is somewhat surprising, he explained, because it is widely understood that access to hacking tools and services has become easier today than ever before.
“I think we’ve worked really hard and sort of put the fear of God into our [cobstaff, so that they have good digital security hygiene … Whenever someone suspects that a phishing attempt was made against them, or maybe if they come across a suspicious email attachment, they come right to us,” said Everett.
Broadly speaking, malicious activity against the convention’s systems typically spikes in both force and volume leading up to the eventual event. Everett explained that his team had already intercepted multiple targeted email phishing attempts and in years past have experienced denial of service, or DDoS, style attacks. These attacks are not “out of the ordinary,” he averred.
“It’s the same type of stuff that happens everyday to companies in the private sphere,” said Everett.
Expanding on the nature of this year’s cybersecurity strategy, he boasted that Microsoft’s cloud platform will enable a more spread out and defensible set of possible vulnerabilities. And this is critical, according to Everett, because it will enable the convention’s data infrastructure to be securely divided and cut off from other systems — in line with a well known information assurance concept known as Defense in Depth.
Top personnel from Microsoft security team are also working to make sure that all the convention’s computers are up to date and patched, said Everett.
His convention’s cybersecurity team is independent both of the broader RNC staff, the presidential campaign itself and the U.S. Secret Service. Nonetheless, Everett is recommending to campaign and RNC staff attending, and even to Secret Service personnel, to use two factor authentication and establish strong — possibly new — passwords before July 20 in the wake of several high profile breaches.
The Secret Service, for its own part, is the lead federal agency involved in securing the convention, which is branded a “national security special event.” The agency is working with various local infrastructure providers as it relates to Internet of Things and industrial control system, or ICS, cybersecurity, Everett said. Cleveland area energy providers, for example, who use ICS to manage output are in close talks with USSS.
Also central to the GOP Convention’s cybersecurity operations will be mobile communications technology.
Due to the significant support offered by remote IT staff in this year’s convention, Everett said that reliable communications will be extremely important to coordinate activities. He detailed the use of smartphones layered with encryption software, conventional email, Microsoft Office 365 chat and “two other chat services” — though he declined to name those two chat platforms.
“We’re using both device based encryption as well as mobile device management to protect our smartphones,” he said.