Political veterans from both parties are warning just months before the 2018 midterm election that campaigns need a culture change when it comes to cybersecurity.
Campaigns “face sophisticated and determined nation states, but don’t have the resources and personnel to fortify themselves,” Eric Rosenbach, co-director of Harvard’s Belfer Center, said in a statement June 16.
Rosenbach’s warning was released alongside a new video from the Defending Digital Democracy Project, which provides cybersecurity tips for political campaigns.
“If you have to send something sensitive like a poll, strategy memo, or anything else you don’t want to read about on Buzzfeed, use an encrypted messaging service,” said Debora Plunkett, former director of information assurance at the National Security Agency. She also advised that the longer passwords are more secure, and staff should use at least two-factor authentication.
The project released a cybersecurity playbook for political campaigns in November 2017.
In 2016, the Russian government allegedly hacked the Hillary Clinton presidential campaign through spear-phishing and other open-source tools to steal documents and post them online. Russian officials apparently sent the Clinton campaign’s chairman, John Podesta, an email that appeared to be a Google security notification. Instead, it was an elaborate spear-phishing attack.
“Check incoming email addresses,” to guard against spear-phishing, Plunkett warned in the video. “Our democracy is in your hands, so take good care of it."
The video comes as election security remains a top security issue. Senior U.S. officials have warned that American critical infrastructure is under attack. In a July 13 speech, Director of National Intelligence Dan Coats said the warning lights for a cyberattack are “blinking red." At the same time, states are more prepared to secure their election systems compared to the last election cycle, Christopher Krebs, undersecretary for national protection at the Department of Homeland Security, said earlier this month.