Home / Tech / Cybersecurity for Campaign Staff: Keep Your Campaign from Getting Hacked
Election Cyberattack Chyron

Cybersecurity for Campaign Staff: Keep Your Campaign from Getting Hacked

People working on political campaigns have plenty to worry about. The list of keep-you-up at night scenarios has long included a video or audio-taped gaffe or poor choice of words (ask Mitt Romney’s or George Allen’s staffers) to bad polling (ask Hillary Clinton’s staff) to outright scandal, such as what U.S. Senate candidate Roy Moore’s campaign is dealing with right now.

More and more, the list of worries now includes hacking.

David Royse | LedeTree

The Harvard Kennedy School’s Belfer Center for Science and International Affairs this week released a “Cybersecurity Campaign Playbook,” aimed at helping campaign staff navigate this relatively new threat.

“As campaigns have become increasingly digital, adversaries have found new opportunities to meddle, disrupt, and steal,” the playbook says, laying out its reason for being. “In 2008, Chinese hackers infiltrated the Obama and McCain campaigns, and stole large quantities of information from both. In 2012, the Obama and Romney campaigns each faced hacking attempts against their networks and websites. In 2016, cyber operatives believed to be sponsored by Russia stole and leaked tens of thousands of emails and documents from Democratic campaign staff.”

The playbook also lays out the potential consequences.

“Take responsibility for reducing risk, train your staff, and set the example,” the playbook says in its top recommendation. “Human error is the number one cause of breaches.”

“News of a breach itself, compounded by a slow-drip release of stolen information, can derail a candidate’s message for months,” the publication says.

“Attackers overloading a website can lead to lost donations at key moments,” it says. “The theft of personal donor data can generate significant legal liabilities and make donors reluctant to contribute to a campaign. Destructive attacks aimed at staff computers or critical campaign servers can slow down campaign operations for days or even weeks. Cleaning up the resulting mess will divert precious resources in the heat of a close race, whether it’s for president or city council.”

But while the idea of hackers digging deeply into private networks may conjure images of sophisticated cyberwar operations, Harvard’s top suggestions for combatting it are surprisingly simple – starting with the obvious: take the whole idea seriously to begin with.

“Take responsibility for reducing risk, train your staff, and set the example,” the playbook says in its top recommendation. “Human error is the number one cause of breaches.”

But simple solutions are natural, the writers say, because often even sophisticated attackers choose simple approaches, for the exact treason that they are easier to pull off. Attackers usually avoid difficult hacks, attacking those first who don’t have basic security.

READ MORE TECH NEWS FROM LEDETREE

The report has some specifics, including types of systems to use.

“A big, commercial cloud service will be much more secure than anything you can set up,” it notes. “Use a cloud-based office suite like GSuite or Microsoft365 that will provide all your basic office functions and a safe place to store information.”

“Have a plan in case your security is compromised. Know whom to call for technical help, understand your legal obligations, and be ready to communicate internally and externally as rapidly as possible.”

Other suggestions include requiring two factor authentication for important accounts, including the campaign’s social media sites.

“Use a mobile app or physical key for your second factor, not text messaging,” the playbook says.

Also:

“For your passwords, create SOMETHINGREALLYLONGLIKETHISSTRING, not something really short like Th1$. Contrary to popular belief, a long string of random words without symbols is more difficult to break than something short, with L0t$ 0f $ymB01$. A password manager can help, too.”

And,

“Have a plan in case your security is compromised. Know whom to call for technical help, understand your legal obligations, and be ready to communicate internally and externally as rapidly as possible.”

The playbook was written by a bipartisan team of cybersecurity, political and legal experts, led by Debora Plunkett, the former director of information assurance at the National Security Agency.

Among those who consulted on the document were Heather Adkins, director of information, security and privacy for Google; Facebook’s chief security officer, Alex Stamos, and experts from several cybersecurity consulting firms, and several people who have worked on cybersecurity for campaigns.

“For the foreseeable future, cyber threats will remain a real part of our campaign process,” the playbook says. “As democracy’s front line, campaign staff must recognize the risk of an attack, develop a strategy to reduce that risk as much as possible, and implement response strategies for that moment when the worst happens. While no campaign can achieve perfect security, taking a few simple steps can make it much harder for malicious actors to do harm.”

READ THE CYBERSECURITY CAMPAIGN PLAYBOOK HERE

Photo: NBC News

About David Royse

David Royse
David Royse is the Editor-in-Chief of Ledetree.com. He has been a professional journalist for more than 20 years, including stints with The Associated Press and The News Service of Florida. He enjoys writing about health and medical science, and hopeful stories about scientific breakthroughs and new technology.

Check Also

Flytrex Drone

North Dakota Golf Course is First to Have Food, Drink Delivery By Drone

Get in the Hole! Drone Delivery Comes to the Golf Course Is that a birdie? …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.