The 2016 campaign was a nightmare for Democrats.
So Democratic National Committee Chief Technology Officer Raffi Krikorian was brought in to the DNC in 2017 to make sure embarrassing breaches — and the subsequent leak of internal communications — weren’t repeated.
But with fewer than 70 days to go until the midterm elections, there’s still a lot of room for improvement, he acknowledged, both inside and outside the organization.
“We all still have work to do. And we’re not getting the support that I think we need from … governmental agencies,” Krikorian said. “This is the thing that keeps me up at night.”
The Democratic Party is a “federation,” he told NPR. The largely independent state parties mean that in some aspects of its online operations, the DNC can only be as secure as its least secure member.
Krikorian, who joined the DNC after stints at Uber and Twitter, says some of his work still involves teaching simple best practices, such as encouraging all branches of the party to use complex passwords and two-factor authentication.
Last week, the DNC landed in the headlines for what at first appeared to be an attempted cyberattack on the party’s voter database, but later turned out to be a false alarm. The Michigan Democratic Party had been engaging in a test of the system’s security without informing the national organization.
“I think we all still have PTSD from 2016,” Krikorian says, referring to the hack of DNC emails at a pivotal moment in the presidential election.
Back in 2016, the DNC had only nine people working on its technology team, some of them contractors rather than full-time staffers.
Now the DNC has more than tripled the size of this unit, to more than 30 staffers. The party has hired Krikorian as well as Chief Security Officer Bob Lord, who previously shepherded Yahoo through the investigation of its own massive data breach.
Still, the DNC team pales in size compared with those of major tech firms like Twitter or Facebook — even as the party is facing comparable digital threats, Krikorian says.
“We are a 30-person technology team that’s charged with all technology strategy for the entire Democratic Party and that’s clearly not enough in order to get that job done,” Krikorian said.
So the DNC has been increasing its reliance on big technology firms for security, for example shifting data from its own servers to cloud services, run by companies such as Microsoft and Google.
“We know that whenever there’s an issue, one of the first phone calls we get is from the big companies to tell us about the issue,” Krikorian says.
Krikorian declined to comment on the number of hacking attacks that the DNC has faced so far this year. The DNC said that to its knowledge, the party has not detected any successful recent cyber intrusions.
Krikorian says he speaks with “three-letter agencies,” like the FBI or the Department of Homeland Security, on a weekly basis — but sometimes wonders whether even they can foil all the threats to American computer systems.
“The lines of communication are pretty open. … But the overarching narrative here is I feel like they don’t have enough resources in a lot of ways.”