Republicans have made hay out of the Democrats’ recent hacking woes, but the GOP isn’t immune from cybersecurity breaches. Just this past weekend there were reports of Russian hackers dumping emails from Republican campaigns and operatives.
As these events spatter the headlines, the campaign community has no option but to confront an unfortunate reality. Bad actors are actively seeking their information, and failure to adjust strategy could result in not only lost elections, but in national security consequences for us all.
Certain systemic characteristics of campaigns and committees can make prioritizing cybersecurity seem like a herculean task. They’re flooded with temporary employees and volunteers that come in and out of their offices. Senior aides have to manage these staffers and volunteers while rapidly making decisions on a wide array of topics. In this work environment where budgets are limited, cybersecurity can easily get lost in the shuffle.
Finally, many who work in and around campaigns don’t have a background in technology or computer engineering, which can make cybersecurity seem intimidating.
In fact, the alternative should be more troubling. Campaigns and committees should start by ensuring leadership on security comes from the top. After suffering its own devastating hacks over the last few years, the corporate world has realized cybersecurity can no longer be of concern only to IT or security professionals. Instead, it must become a “boardroom issue.”
The campaign community should follow that lead and demand that cybersecurity receive real consideration by the candidates, mangers and chairmen and chairwomen, and top aids and advisors. The DNC recently took a step in the right direction of prioritizing the security of campaign data.
As reported by Politico, new DNC chairwoman Donna Brazile acted quickly to install a four person cybersecurity advisory board charged with creating best-in-class capabilities to ensure the committee isn’t again caught off guard by hackers.
Next, campaigns should focus on framing the issue and providing training. Cybersecurity must be worked into the existing framework for protecting sensitive campaign information. Just as a campaign staffer would make sure no outsider was listening to a sensitive phone call, they must learn to shield their email communications. That is where training comes in.
Political committees, parties, and grassroots organizations all provide campaign training schools and programs, and their curriculum needs to include cybersecurity and cyber hygiene best practices, with a particular emphasis on awareness of phishing and spear phishing tactics. These organizations should also consider developing webinars or other training materials that campaigns can access and provide to new staffers, interns, and volunteers.
To prevent training failures, ensure staff has bought into the reality of these online attacks. Moreover, to maintain a high level of vigilance, committees and campaigns should work to develop testing plans. A program started by the Department of Homeland Security last year to test networks for free can serve as a model. The National Cybersecurity Assessment and Technical Services provides free testing of companies’ critical infrastructure and can
simulate cyber attacks to ensure they’re deploying the best defenses.
With a major election in full swing, the cybersecurity wheels are being put on the bus while the bus is driving. But recent events have proved that living under a cybersecurity rock is no longer an option. Sophisticated, proactive hackers are out there, and campaigns must make immediate changes to be ready to defend themselves.
James Norton, president and founder of Play-Action Strategies, is a former defense-industry executive and deputy assistant secretary in the Department of Homeland Security. Follow him on twitter @jamesnorton99 and Play-Action Strategies @playactionstrat