Inside the RNC's secret cybersecurity battle
July 20, 2016
Despite years of batting away cyberattacks, Max Everett is still on high alert.
The Republican National Committee's chief information officer has been working 20-hour days, and they seem to be getting longer as the convention's main event -- Donald Trump's acceptance of the party's nomination on Thursday night -- approaches.
Hacktivist groups, like Anonymous, have already targeted Trump's campaign. It would be embarrassing if they were to break in just as the event reaches its apex.
"We know the eyes of the world will be watching," Everett said while en route to the Quicken Loans Arena in Cleveland, where the convention is being held.
More than 10,000 devices -- iPhones, Android handsets, tablets and laptops -- are expected to tap into the RNC's network. Each one has data that can be stolen, kidnapped or destroyed. Though there's been no significant threat, the RNC cybersecurity team says it's seen suspicious traffic that's been traced to Asia and Russia.
"I would not want to be the cybersecurity guy working the RNC," said Steve Weber, a professor at the University of California, Berkeley, specializing in cybersecurity. "The stress would be enormous."
In a nondescript network operations center, Vince Crisler, the CEO of security contractor Dark Cubed monitors screens displaying threat assessments.
The Washington-based company is no stranger to big assignments. It's managed security and strategy for the White House, the Pentagon and the Secret Service, according to its website.
Dark Cubed's assessments are calculated by the company's information-sharing technology, which lets networks swap threat information with each other. The community approach allows members to see how the threats on their networks compare to the threats on others.
One display sets the threat level at 6 percent. Still, Crisler isn't letting his guard down.
"We act as if the network is being targeted or threatened at any given moment in time," he said.
To secure the conventions is an enormous task, said Katherine Gronberg, an executive for Silicon Valley security firm ForeScout Technologies. Malware and phishing attacks are the most common threats facing the RNC.
Malware is bad for individual machines, she said, but the real menace is that malicious code can get inside a network and sniff around for weaknesses to exploit.
"You've got to have lanes of separation and separate high-priority networks, from lower-priority public facing networks," Gronberg said.
Meanwhile, Everett and his team of 70 professionals are going through final preparations Wednesday morning just hours before Trump's pick for vice president, Indiana Gov. Mike Pence, is scheduled to take the stage for a key speech.
The highly anticipated moment has Everett shuttling between the arena and command center, several blocks away. The RNC cybersecurity team has already neutralized several threats.
For example, when the team spots a tablet using a suspicious amount of bandwidth on the network, it moves the device's connection to a different part of the network. If the team determines the tablet poses a threat, it's blocked.
Everett keeps checking his smartphone. No evidence of a hack or attack at the moment, but he acknowledges his team has seen some "weird activity" and taken a few devices offline.
"The really sophisticated bad guys are going to try and come in and be quiet until the best possible moment," he said. "We'll be ready."
Dan Patterson of CNET sister site Tech Republic co-authored this report.