Campaigning for A More Secure 2020 Election
By Karen Burke
Yesterday, Nate Silver, the founder and editor in chief of FiveThirtyEight, published a piece about the growing number of Democratic 2020 Presidential candidates [the current count is 10] and that the final field may be the largest ever for a single party in American history. Add the Republican and Independent candidates, there could be between 20-30 presidential campaigns launched online this year.
While it is too early to know the cybersecurity measures undertaken by each campaign, I would like to offer some general guidelines:
Conduct a Regular DNS Audit: Every campaign, at minimum, has a campaign website to solicit donations, share information about upcoming events, and more. As part of your cybersecurity program, conduct an audit of your DNS infrastructure – track and manage the domain names, IP addresses, name servers and other assets associated with your campaign. These assets are cheap to acquire and can be easily spoofed for malicious purposes such as phishing and other types of attacks.
Create a Threat Information Exchange: Most likely, one phishing attack against a single campaign may be tried against multiple campaigns. Threat information sharing is highly successful among different verticals, from finance to aviation. Put a framework in place to share ongoing cybersecurity threats among the different campaigns to create a more secure 2020 Election process for all.
Build a Culture of Cybersecurity: Most campaigns are built on both paid and volunteer contributors across multiple states, some across the entire country. Each campaign must adopt critical cybersecurity guidelines that are shared and followed by all. Hire an experienced CISO or similar executive responsible for creating and executing these guidelines.
Create – and practice – an Incident Response Plan: While a cybersecurity breach is not guaranteed, campaigns need to be prepared to respond if a breach occurs. Fortunately, the commercial world has a lot of experience building and executing these plans. An experienced CISO can put together a plan. Once approved, it is important that regular drills take place with appropriate personnel to ensure the successful execution of the plan.
Keep Data Privacy in Mind: When building out your campaign infrastructure, keep data privacy in mind, whether you are recruiting volunteers and/or donations. In 2019, and beyond, protecting user data privacy, must start at the campaign level and will most likely remain an important campaign topic in the 2020 Federal election.
Karen Burke is the Director of Corporate Communications with Farsight Security, Inc..