US Campaigners Get Trained About Cyber Threats

Uploaded on 2019-06-04 in INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW

While US Presidential candidates were focused on campaigning in 2016, Russians were carrying out a devastating cyber operation that changed the landscape of American politics, with after-shocks continuing well into Donald Trump's presidency. It all started with the click of a tempting email and a typed-in password.

Whether presidential campaigns have learned from the cyberattacks is a critical question ahead as the 2020 election approaches and preventing theses attacks won't be easy or cheap.

"If you are the Pentagon or the NSA, you have the most skilled adversaries in the world trying to get in but you also have some of the most skilled people working defense," said Robby Mook, who ran Hillary Clinton's campaign in 2016. "Campaigns are facing similar adversaries, and they don't have similar resources and virtually no expertise."

Traditionally, cybersecurity has been a lower priority for candidates, especially at the early stages of a campaign.

They need to raise money, hire staff, pay office rents, lobby for endorsements and travel repeatedly to early voting states. Particularly during primary season, campaign managers face difficult spending decisions: Air a TV ad targeting a key voting demographic or invest in a more robust security system for computer networks?

"You shouldn't have to choose between getting your message out to voters and keeping the Chinese from reading your emails," said Mook, now a senior fellow with the Defending Digital Democracy Project at the Harvard Kennedy School's Belfer Center. Mook has been helping develop a plan for a nonprofit to provide cybersecurity support and resources directly to campaigns.

The Department of Homeland Security's cyber agency is offering help, and there are signs that some Democratic campaigns are willing to take the uncomfortable step of working with an administration they are trying to unseat. 

DHS has had about a dozen initial discussions with campaigns so far, officials said. Its focus has been on establishing trust so DHS can share intelligence about possible threats and receive information from the campaigns in return, said Matt Masterson, a senior DHS cybersecurity adviser. The department also will test a campaign's or party's networks for vulnerabilities to cyberattack.

Candidates can also get some advice from the Republican and Democratic national committees, which are in regular contact with Homeland Security and focus on implementing basic security protocols. Republican National Committee press secretary Blair Ellis said the group also works with state Republican parties and emphasises training. The organization is also developing an internal platform to share real-time threat information with state parties.

"Data security remains a top priority for the RNC," she said.

The Democratic National Committee last year hired Bob Lord, formerly head of Yahoo's information security. He has created a checklist that focuses on basics: password security, web encryption and social media privacy. This is a bigger priority than talking about the latest network protection gadget.

The 2016 attacks were low-tech, with Russian agents sending hundreds of spearfishing emails to the personal and work emails of Clinton campaign staffers and volunteers, along with people working for the Democratic Congressional Campaign Committee and the Democratic National Committee.

After an employee clicked and gave up password information, the Russians gained access to the Democratic Congressional Campaign Committee's networks and eventually exploited that to gain entry to the Democratic National Committee.

Clinton's campaign chairman, John Podesta, fell for the same trick on his personal email account, which allowed Russians to steal thousands of messages about the inner workings of the campaign.

One of the most significant, and most disturbing, aspects of the Mueller report is the confirmation that Russia attempted to influence the 2016 election, based on the Special Counsel’s exhaustive collection and review of intelligence.

This campaign by a foreign adversary represents a serious threat to US national security and is reminiscent of Moscow’s actions during the Cold War.  US policymakers now need a forceful response to Russia’s intelligence campaign.

CSIS:               USNews:

You Might Also Read: 

Cyber-Attacks On UK Political Parties:        Hackers Came, But the French Were Prepared:

 

 

« The Pentagon Has A Clear View Of Cyberwar
The US Can't Stop China Copying Its Cyber Weapons »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Identity Theft Resource Center (ITRC)

Identity Theft Resource Center (ITRC)

ITRC is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.

Lastline

Lastline

Lastline is the leader in advanced malware protection.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

Axiad IDS

Axiad IDS

Axiad IDS is a Trusted Identity solutions provider for enterprise, government and financial organizations.

Ellipsis Technologies

Ellipsis Technologies

Ellipsis Technologies is a diversified technology company that develops innovative security software for websites and online applications.

Southwest Research Institute (SwRI)

Southwest Research Institute (SwRI)

Southwest Research Institute SwRI are R&D problem solvers providing independent services to government and industry clients. Areas of expertise include Cybersecurity, Intelligent Networks and IoT.

Xilinx

Xilinx

Xilinx is the inventor of the FPGA, programmable SoCs, and now, the ACAP. We are building the Adaptable, Intelligent World.

Cyber Defence Solutions (CDS)

Cyber Defence Solutions (CDS)

Cyber Defence Solutions is a cyber and privacy Consultancy with extensive experience in the development and implementation of cyber and data security solutions to your assets.

Schneider Downs

Schneider Downs

Schneider Downs & Co. provides accounting, tax and business advisory services through innovative thought leaders who deliver their expertise to meet the individual needs of each client.

Condition Zebra

Condition Zebra

Condition Zebra has wide experience in providing IT Security Services, Training, and Certification in the field of cybersecurity.

Crispmind

Crispmind

Crispmind creates innovative solutions to some of today’s most challenging technology problems.

The Purple Guys

The Purple Guys

The Purple Guys offer Trouble-Free IT Support to businesses across the Central and Southern US. Safe and Secure, Rapid Response, Friendly Support that’s our Purple Promise.

Project Cypher

Project Cypher

Project Cypher leverages the latest cybersecurity developments, a world class team of hackers and constant R&D to provide you with unparalleled cybersecurity offerings.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

Airlock Digital

Airlock Digital

Airlock Digital was created after many years of experience in implementing whitelisting/ allowlisting solutions in Federal Government and various enterprises in Australia.

Fusion5

Fusion5

Fusion5 is a leading ANZ Business Services and IT Solutions provider. Our customers trust us to make their potential reality by providing advisory, IT project deployment, and managed services.