PHILADELPHIA— The Democratic National Committee email hack put the spotlight on cybersecurity at the party’s national convention in Philadelphia this week with consultants warning online attacks are a growing concern that campaigns just aren’t budgeting for.
Even when money is being spent, strategists have turned a blind eye to the risk in some cases. The DNC reportedly ignored recommendations from Good Harbor Security Risk Management that could have detected the hackers’ penetration of its computer system in fall 2015, according to Bloomberg. Instead, the $60,000 assessment was ignored and the hackers, reportedly linked to the Russian government, had access to the DNC’s network for roughly a year.
That breach cost Rep. Debbie Wasserman Schultz her DNC chairmanship and her role at the convention. GOP officials and the Trump campaign have tried to use the hack as an attack line against Clinton, arguing there’s a correlation to her personal email server. Now, Democratic consultants are quick to dismiss the hacking as campaign issue, saying that won’t register with the average voter, but warn it’s something campaigns need to take seriously.
“It’s a growing concern,” Jeff Weaver, Bernie Sanders’ campaign manager, told C&E. “We certainly paid attention to it. I don’t think we were hacked.”
The risk is increasing, in part, because campaigns are collecting a treasure trove of data on voters, including credit card and key personal data. “There’s an increased responsibility with [campaigns’ growing digitization] as well,” Betsy Hoover, a founding Partner with 270 Strategies, said Tuesday in Philadelphia at a panel hosted by Politico. “We do need to be conscious of how to be responsible with that data, and have the proper privacy constraints in place.”
Taking cybersecurity seriously and spending money on it are two different things. While the Clinton campaign is said to have the first in-house cyber security team, consultants say that’s a unique situation because of her profile and her campaign’s budget.
Revolution Messaging’s Keegan Goudiss, who worked for Sanders during the primary, warned that down-ballot there just isn’t enough money to have that kind of talent on staff or on retainer.
“A lot of campaigns don’t have the resources,” he said.
Beyond a campaign’s or committee’s servers, individual strategists are also on hackers’ hit lists, he added. “A lot of personal accounts are being targeted.”
In 2008, then-GOP vice presidential nominee Sarah Palin’s email was famously hacked by a Tennessee college student who reset her Yahoo! password using publicly available information. That could have been prevented by basic security practices, which consultants say are often enough to keep hackers at back.
“This all comes back to dotting your i’s and crossing your t’s — basic best practices,” said Beth Becker, a Democratic digital consultant. “Don’t click on links from people you don’t know. Don’t say anything on the Internet you don’t want on the front page of the New York Times. For most campaigns, the basics are going to be enough.”
But it’s not just hackers campaigns should worry about. Disgruntled former employees with leftover credentials could cause a campaign a headache, Becker warned. “There’s not a campaign out there that doesn’t have an oppo file on the opposition a disgruntled staffer could take.”
James Norton, a cyber security consultant at The Chertoff Group, encouraged consultants to learn from the DNC’s experience.
“This should be the wake up call of all wake up calls that hackers are interested in and trying to get campaigns' information,” he said in an email. “Campaigns across the country should immediately audit their cyber security and cyber hygiene.”