This Sunday will mark one year until the 2020 election in the United States. Over the course of the next 366 days, we will have many opportunities to learn about candidates for the various offices and about the issues that matter to us.
Throughout this time, we should remember that our democratic system is the most important piece of critical infrastructure in the United States, and it is one that we should all strive to protect. Regardless of which candidate or party each of us may
support, it is in the best interest of every American for our elections to be contested
and decided exclusively by American voters.
Political campaigns face some unique security challenges; for example, they are usually short-lived and they tend to scale up and down very quickly. While many of us work for companies or government organizations that have been around for decades (and have had many years to design and implement strong security controls), most political campaigns have not. Political campaigns also depend more heavily on their ability to communicate with the press, social media, and other
actors to get their message to voters.
Throughout the election season, large numbers of paid staff and volunteers may join the campaign and there is very little time to provision them with campaign-issued technology solutions or to train them on proper cyber hygiene, but those are exactly the sort of things that we need to do. Although campaigns are different from typical mid-sized businesses, bad actors use the same techniques to attack both: spearphishing, social engineering, business email compromise, and supply chain attacks
to name a few. Volunteers and staff need to know how to protect themselves and their candidates.
Last year, the FBI launched the Protected Voices initiative (https://www.fbi.gov/protected-voices), which provides public interest information to campaigns, candidates, and citizens to "protect against online foreign influence operations and cybersecurity threats." The initiative includes a series of videos that provide an introduction to foreign influence risks that can affect our elections. They are a great place to start learning more.
Consider sharing the Protected Voices videos broadly within your network and sharing your expertise to help protect the causes you support from foreign influence. As always, if you see suspicious behavior aimed at any aspect of the 2020 election, please report it to the local FBI field office right away. For most of us in the national capital region, that means the Washington Field Office (https://www.fbi.gov/contact-us/field-offices/washingtondc).
Here are a few options for further reading on safeguarding election infrastructure:
Stanford University research report on election security (https://cyber.fsi.stanford.edu/securing-our-cyber-future)
California Secretary of State program for election cybersecurity (https://www.sos.ca.gov/elections/election-cybersecurity/)
CNET reporting on Facebook’s plan to remove foreign election influence from its social media platform (https://www.cnet.com/news/mark-zuckerberg-lays-out-facebooks-plan-for-protecting-the-2020-election/)
Facebook statement on state-sponsored “inauthentic behavior” (https://newsroom.fb.com/news/2019/10/removing-more-coordinated-inauthentic-behavior-from-iran-and-russia/)
Microsoft identifies cyber attacks targeting a presidential campaign (https://blogs.microsoft.com/on-the-issues/2019/10/04/recent-cyberattacks-require-us-all-to-be-vigilant/)
University of Michigan free online course “Securing Digital Democracy” (https://online.umich.edu/courses/securing-digital-democracy/?)