US Campaigners Get Trained About Cyber Threats

While US Presidential candidates were focused on campaigning in 2016, Russians were carrying out a devastating cyber operation that changed the landscape of American politics, with after-shocks continuing well into Donald Trump's presidency. It all started with the click of a tempting email and a typed-in password.

Whether presidential campaigns have learned from the cyberattacks is a critical question ahead as the 2020 election approaches and preventing theses attacks won't be easy or cheap.

"If you are the Pentagon or the NSA, you have the most skilled adversaries in the world trying to get in but you also have some of the most skilled people working defense," said Robby Mook, who ran Hillary Clinton's campaign in 2016. "Campaigns are facing similar adversaries, and they don't have similar resources and virtually no expertise."

Traditionally, cybersecurity has been a lower priority for candidates, especially at the early stages of a campaign.

They need to raise money, hire staff, pay office rents, lobby for endorsements and travel repeatedly to early voting states. Particularly during primary season, campaign managers face difficult spending decisions: Air a TV ad targeting a key voting demographic or invest in a more robust security system for computer networks?

"You shouldn't have to choose between getting your message out to voters and keeping the Chinese from reading your emails," said Mook, now a senior fellow with the Defending Digital Democracy Project at the Harvard Kennedy School's Belfer Center. Mook has been helping develop a plan for a nonprofit to provide cybersecurity support and resources directly to campaigns.

The Department of Homeland Security's cyber agency is offering help, and there are signs that some Democratic campaigns are willing to take the uncomfortable step of working with an administration they are trying to unseat. 

DHS has had about a dozen initial discussions with campaigns so far, officials said. Its focus has been on establishing trust so DHS can share intelligence about possible threats and receive information from the campaigns in return, said Matt Masterson, a senior DHS cybersecurity adviser. The department also will test a campaign's or party's networks for vulnerabilities to cyberattack.

Candidates can also get some advice from the Republican and Democratic national committees, which are in regular contact with Homeland Security and focus on implementing basic security protocols. Republican National Committee press secretary Blair Ellis said the group also works with state Republican parties and emphasises training. The organization is also developing an internal platform to share real-time threat information with state parties.

"Data security remains a top priority for the RNC," she said.

The Democratic National Committee last year hired Bob Lord, formerly head of Yahoo's information security. He has created a checklist that focuses on basics: password security, web encryption and social media privacy. This is a bigger priority than talking about the latest network protection gadget.

The 2016 attacks were low-tech, with Russian agents sending hundreds of spearfishing emails to the personal and work emails of Clinton campaign staffers and volunteers, along with people working for the Democratic Congressional Campaign Committee and the Democratic National Committee.

After an employee clicked and gave up password information, the Russians gained access to the Democratic Congressional Campaign Committee's networks and eventually exploited that to gain entry to the Democratic National Committee.

Clinton's campaign chairman, John Podesta, fell for the same trick on his personal email account, which allowed Russians to steal thousands of messages about the inner workings of the campaign.

One of the most significant, and most disturbing, aspects of the Mueller report is the confirmation that Russia attempted to influence the 2016 election, based on the Special Counsel’s exhaustive collection and review of intelligence.

This campaign by a foreign adversary represents a serious threat to US national security and is reminiscent of Moscow’s actions during the Cold War.  US policymakers now need a forceful response to Russia’s intelligence campaign.

CSIS:               USNews:

You Might Also Read: 

Cyber-Attacks On UK Political Parties:        Hackers Came, But the French Were Prepared:

 

 

« The Pentagon Has A Clear View Of Cyberwar
The US Can't Stop China Copying Its Cyber Weapons »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Information Security Group (ISG) - Royal Holloway

Information Security Group (ISG) - Royal Holloway

The Information Security Group, Royal Holloway, University of London, is an Academic Centres of Excellence in Cyber Security Research.

Solarflare

Solarflare

Solarflare is a leading provider of intelligent networking I/O software and hardware platforms that accelerate, monitor and secure network data.

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

Black Duck Software

Black Duck Software

Black Duck Hub allows organizations to manage open source code security as well as license compliance risks.

Hivint

Hivint

Hivint is a new kind of Information Security professional services company enabling collaboration between our clients to reduce unnecessary security spend.

Achtwerk

Achtwerk

Achtwerk manufacture the security appliance IRMA for critical infrastructures and networked automation in production plants.

Elitecyber Group

Elitecyber Group

Elitecyber group is a team of Cyber Security recruitment experts who work for Cyber Security and Cyber Defence clients and candidates throughout Europe.

NeuShield

NeuShield

NeuShield is the only anti-ransomware technology that can recover your damaged data from malicious software attacks without a backup.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Rayzone Group

Rayzone Group

Rayzone Group offers a wide range of Cyber Security solutions and services, providing hollistic protection suitable for both enterprises and National cyber security centers.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

Ciphertex Data Security

Ciphertex Data Security

Ciphertex is a leading data security company that specializes in portable data encryption and privacy protection storage systems.

Hadrian

Hadrian

Hadrian is modernizing offensive security practices with automation, making them faster and more scalable. Equipped with the hacker’s perspective, companies can now know what their critical risks are.

Sekur Private Data

Sekur Private Data

Sekur Private Data Ltd. is a Cybersecurity and Internet privacy provider of Swiss hosted solutions for secure communications and secure data management.

Metmox

Metmox

Metmox mission is to be trusted advisor and partner to protect our customer’s evolving Cloud, Network, Application, IT infrastructure and cybersecurity needs.

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.