Campaigns and party organizations now have more options when it comes to cybersecurity services as the market continues to develop.
The industry’s lack of willingness to spend resources on cybersecurity was a primary reason why Robby Mook and Matt Rhoades came together to launch Defending Digital Campaigns, Inc., a 501(c)4, which now has the FEC’s approval to offer low and no-cost cybersecurity services to federal campaigns and party committees.
During their appearance in front of the FEC last month, the former presidential managers emphasized they were targeting the “little guy” campaigns as clients.
“It’s for the down-ballot candidates—people [who] don’t have as [many] hard dollars to spend,” said Rhoades on April 11.
After getting FEC approval on May 21, Defending Digital Campaigns can begin offering free or reduced-cost services, including providing cybersecurity software and hardware to campaigns that meet the following criteria:
- A House candidate’s committee that has at least $50,000 in receipts for the current election cycle.
- A Senate candidate’s committee that has at least $100,000 in receipts for the current election cycle.
- A House or Senate candidate’s committee for candidates who have qualified for the general election ballot in their respective elections.
- Any presidential candidate’s committee whose candidate is polling above five percent in national polls.
The group, which must disclose its donors as part of the FEC decision, said it will also maintain a cybersecurity hotline and interface with companies like Google and Microsoft “to customize those companies’ existing software for federal candidates and parties in order to enhance their cybersecurity, and also ‘negotiate partnerships’ with those companies to secure free or discounted licenses for both customized and non-customized cybersecurity-related software for Eligible Committees.”
The ruling was celebrated by FEC Chair Ellen Weintraub, who tweeted May 22: “Very pleased @FEC could reach consensus on the Defending Digital Campaigns request. The Commission’s decision will get urgently needed cybersecurity aid in the hands of federal campaigns to help protect against foreign & domestic hackers.”
The opinion includes the caveat that permission to deliver its services at low or no-cost could change if there’s “any material decline in the external threat environment.”
Marc Elias and Michael Toner, lawyers who worked on behalf of Mook and Rhoades, celebrated the FEC decision as a rare bi-partisan consensus. Toner tweeted May 22: “it's always gratifying when individuals and organizations with disparate views of the law can work together towards the common good.”
Microsoft, meanwhile, is making a direct play for cash-strapped campaigns’ business. Two weeks before the FEC finally reached its decision in the DDC case, the software giant unveiled M365, a $5 per month per user offering that includes services like email, file sharing, collaboration on files and cloud storage. “[T]his offering will make it simple to achieve strong security baseline defaults for a campaign’s most important communications,” the company said during its announcement.
That service will be available this summer federal campaigns and committees.
Now, individual practitioners are taking a different approach. Brian Franklin, a Democratic media consultant who recently launched Campaign Defense, Inc. is pitching training services to campaigns and groups.
“Cybersecurity is too often considered a purely IT-oriented issue when in reality it’s also a training and human resources one,” he wrote in a recent piece for C&E.
“In fact, some of the biggest vulnerabilities can be solved by having top-down policies and protocols.”
Here Franklin will have competition from the DDC, which says it will offer cybersecurity “bootcamps” free of charge.
The knowledge gap may also give an opening to vendors from outside the industry. Privoro, a cybersecurity provider which has worked for the Pentagon providing “smartphone security solutions,” is making a pitch for political business.