Ex-CIA chief worries campaigns falling short on cybersecurity

Ex-CIA chief worries campaigns falling short on cybersecurity
© iStock

Democratic 2020 presidential campaigns say they are working to boost their cybersecurity, but experts worry those efforts may not be enough.

Former acting CIA Director Michael Morell told The Hill he worries there is a “void” and that campaigns need outside help to fully address the issue.

“There is not a lot of initial thought given to cybersecurity,” Morell said about the campaigns.

Several campaigns insist they have prioritized the issue. 

Chris Meagher, the spokesman for South Bend, Ind., Mayor Pete ButtigiegPeter (Pete) Paul Buttigieg2020 Democrats defend climate priorities in MSNBC forum MSNBC Climate Change Forum draws 1.3M viewers in 8 pm timeslot Iowa Steak Fry to draw record crowds for Democrats MORE’s campaign, told The Hill that “our campaign is committed to digital security,” noting the hiring of a full-time chief information security officer (CISO), Mick Baccio, last week.

ADVERTISEMENT
 

“Hiring a full-time CISO is one way we are protecting against cyberattacks,” Meagher added.

A spokesperson for the presidential campaign of former Rep. Beto O’Rourke (D-Texas) told The Hill they are “actively engaged in defending our operation from disinformation and other cyberattacks.”

The spokesperson emphasized that “whether it's training staff as a part of our onboarding process, requiring staff to use complex passwords to protect mobile devices, or using secure messaging services, this campaign understands that protecting our information requires a comprehensive approach to prepare for and manage attacks."

But many campaigns have said little on their cyber efforts. The Hill reached out to other 2020 presidential campaigns, but those campaigns did not provide details on their cyber efforts.

A spokesperson for Sen. Bernie SandersBernie SandersSanders to join teachers, auto workers striking in Midwest Krystal Ball tears into 'Never Trump' Republicans 2020 Democrats defend climate priorities in MSNBC forum MORE (I-Vt.) told The Hill that the campaign “does not comment on matters of security.”

Repeated cyber incidents in both 2016 and 2018 have put a spotlight on the issue and raised worries about a repeat in the upcoming presidential election.

Those incidents included the hacking of emails from Hillary ClintonHillary Diane Rodham ClintonMissing piece to the Ukraine puzzle: State Department's overture to Rudy Giuliani On The Money: Trump downplays urgency of China trade talks | Chinese negotiators cut US trip short in new setback | Trump sanctions Iran's national bank | Survey finds Pennsylvania, Wisconsin lost the most factory jobs in past year Meghan McCain, Ana Navarro get heated over whistleblower debate MORE’s 2016 presidential campaign, and an unsuccessful attempt by hackers to access the systems of former Sen. Claire McCaskillClaire Conner McCaskillEx-CIA chief worries campaigns falling short on cybersecurity Ocasio-Cortez blasts NYT editor for suggesting Tlaib, Omar aren't representative of Midwest Trump nominees meet fiercest opposition from Warren, Sanders, Gillibrand MORE (D-Mo.) ahead of the 2018 midterms.

Federal agencies are doing more to highlight the threat to campaigns.

According to CNN, the FBI, the Department of Homeland Security (DHS), and the Office of the Director of National Intelligence briefed 2020 presidential campaigns earlier this year on potential cyber threats. CNN reported that the campaigns of former Housing and Urban Development Secretary Julián Castro and of businessman Andrew YangAndrew Yang2020 Democrats defend climate priorities in MSNBC forum Yang: 'Cancel culture' has become source of 'fear' for Americans Hundreds of thousands turn out in New York, other major cities for climate marches MORE were the only campaigns to confirm their attendance.

Despite the strides made by campaigns, Morell says they need to do more to seek outside help.

“The government is not allowed to come in and provide that security, and private sector organizations that do cybersecurity want to get paid for it,” he said.

Morell is on the board of the newly launched U.S. CyberDome group, a nonprofit organization that aims to provide free cybersecurity protections to 2020 presidential campaigns, and potentially in future elections.

The board is chaired by former Obama Homeland Security Secretary Jeh Johnson and other board members include former DHS Secretary Michael Chertoff, who served under President George W. Bush, former Director of National Intelligence Lt. Gen. James Clapper, and Brig. Gen. Francis Taylor, the former DHS under secretary of intelligence and analysis. 

Morell said one of the key goals of U.S. CyberDome is to fill the unique gaps campaigns face in the cybersecurity realm. He pointed to the fast pace of a campaign.

“It’s not that people don’t understand what the risks are, it’s that they do understand what the risks are but they are busy doing their job,” Morell emphasized. “They are not thinking about how to protect themselves, so my sense is that when CyberDome has reached out to folks they say this makes a lot of sense.”

Morell confirmed that the group has reached out to every declared presidential campaign, on both sides of the aisle, and said CyberDome “are in conversations with a number of them.”

U.S. CyberDome is not the only organization that has taken steps to address the cybersecurity of presidential campaigns.

Microsoft’s 365 for Campaigns tool, part of its Defending Democracy Program, was made available to political campaigns in June. The tool, which campaigns can purchase for $5 per person per month, enables multifactor authentication on campaign computer systems, along with mobile app protections, and safeguards against email phishing attacks. 

Harvard University’s Belfer Center for Science and International Affairs published a “campaign playbook” in late 2017 meant to provide steps that campaigns can use to increase cybersecurity. It was endorsed by the managers of Clinton’s 2016 campaign, and now-Sen. Mitt RomneyWillard (Mitt) Mitt RomneyBipartisan group of senators urges FDA to pull most e-cigarettes immediately Trump judicial picks face rare GOP opposition Overnight Health Care — Presented by Partnership for America's Health Care Future — Pelosi unveils signature plan to lower drug prices | Trump says it's 'great to see' plan | Progressives pushing for changes MORE’s (R-Utah) 2012 presidential campaign. 

On Wednesday, social media and digital protection group ZeroFOX announced election security help that includes protections for candidates and their digital assets against various forms of cyberattacks. It also includes tools to identify and remove “deepfake” videos, or those that have been altered using artificial intelligence, and the removal of fake or offensive content on candidate’s social media pages. 

There's also action at the federal level.

In July, the Federal Election Commission approved a request by cybersecurity group Area 1 Security to offer help to federal political candidates and political committees at discounted rates.

On Capitol Hill, Sen. Ron WydenRonald (Ron) Lee WydenOvernight Energy: California, 23 other states sue Trump over vehicle emissions rule | Climate strike protests hit cities across globe | Interior watchdog expands scope of FOIA investigation | Dems accuse officials of burying climate reports Microsoft to provide free updates for voting systems running Windows 7 through 2020 Interior watchdog investigating political appointees' review of FOIA requests MORE (D-Ore.), a leading voice on election security issues, introduced legislation in May aimed at securing campaigns. 

His bill, the Federal Campaign Cybersecurity Assistance Act, would allow for national parties to provide cybersecurity assistance to state political parties, to candidates running for office, and for campaigns. 

“The 2016 election made it painfully clear that campaigns need more help defending against sophisticated cyber threats,” Wyden said in a statement when he introduced the bill. “Foreign hackers successfully weaponized hacked emails to drive media coverage in 2016, but the government has done virtually nothing to protect campaigns from future attacks.”

The bill, however, has not moved. It has been referred to the Senate Rules Committee, where Chairman Roy BluntRoy Dean BluntClarence Thomas, Joe Manchin, Rudy Giuliani among guests at second state visit under Trump McConnell support for election security funds leaves Dems declaring victory Paul objection snags confirmation of former McConnell staffer MORE (R-Mo.) has refused to bring up election security-related legislation because it is unlikely Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellOvernight Energy: California, 23 other states sue Trump over vehicle emissions rule | Climate strike protests hit cities across globe | Interior watchdog expands scope of FOIA investigation | Dems accuse officials of burying climate reports Hillicon Valley: Lawmakers say Zuckerberg to 'cooperate' on antitrust probes | Dems see victory after McConnell backs election security funds | Twitter takes down fake pro-Saudi accounts Liberal super PAC launches browser extension replacing 'Mitch McConnell' with 'Moscow Mitch' MORE (R-Ky.) will schedule a floor vote.

Despite this pushback, Morell underlined the importance of addressing the issue of campaign cybersecurity, noting that many countries may seek to interfere in 2020. 

“I think this is extraordinarily important because not only do the Russians continue to do this, but there are a lot of other countries in the world that are trying to get inside these campaigns to ... identify avenues of influence,” Morell said.

“To the extent that we can keep them out of the campaigns, the United States can be more secure.”