Modern field guide to security and privacy

Opinion: Why political campaigns need chief information security officers

The Democratic and Republican parties – and their presidential candidates – should immediately put someone in charge of safeguarding their data. It's for the good of voter privacy and American democracy. 

Lucy Nicholson/Reuters
Bernie Sanders supporters protest U.S. Democratic presidential nominee Hillary Clinton at the Democratic National Convention following leaked emails that, they say, proves DNC displayed favoritism toward Mrs. Clinton.

After the Democratic National Committee hack and data dump, let's hope that 2016 becomes the year political campaigns begin taking cybersecurity seriously. 

The DNC announced last week that it created a four-person cybersecurity advisory board to help victims mitigate the potential impact of the breach. But that's not good enough. Both the Democratic and Republican parties – as well as the Hillary Clinton and Donald Trump campaigns – should hire chief information security officers (CISO) as soon as possible.

That's not a cure-all by any means. But putting someone in charge of safeguarding their vast collections of sensitive data – whether on political strategies, the candidates themselves, or voters – would vastly improve their defenses against cybercriminals and the prying eyes of foreign intelligence operatives.

If the nation's politicians and political campaigns don't improve their cyberdefenses soon, not only will American's personal data be at greater risk but the entire democratic process could be compromised. 

In recent months, the DNC breach has shaken the members and machinery of a major US party, attackers have unleashed cyberattacks on Mr. Trump's website, and alleged Russian hackers have penetrated the email accounts of major political operatives. All of this has potentially given our adversaries a "near-encyclopedic understanding" of our policymakers.

It's not enough to just exclaim that campaigns need better cybersecurity. A CISO could help the campaigns hammer home these points:

Voter privacy matters

Whether voters know it or not, political campaigns view their personal information as an asset, no differently than retailers or developers behind the latest addictive mobile apps.

With a CISO's voice in the room, campaigns could better protect this information from unauthorized disclosure and possibly avoid "business" decisions where voter data is monetized in a way that risks blowback and the optics of a candidate being weak on data protection.

Consider the revelation that Rick Santorum’s campaign, for example, sold its donor list to a survivalist vendor looking to court "doomsday preppers."

It’s for confidence in elections

The saga of hanging paper chads was infamous in 2000 – but that will pale in comparison to suspicions that US history and policy were forever altered by a foreign or other power deliberately manipulating voters and parties with targeted data breaches.

Our elections are our country’s business – no one else’s – and getting CISOs on the roster of all campaigns should be a top nonpartisan priority. These professionals could even go a step further to regularly share intelligence on breach attempts and other malicious activity, to further deter tampering and demonstrate that all parties are united on this issue.

It’s about national security

In the 1950s, there was paranoia that Soviet agents were quietly injecting pro-communist influences in the bedrock of US politics and interest groups, like organized labor and Hollywood. Today, we know the Red Scare was exaggerated, alarmist and distracting from more authentic threats.

Now, we risk unchecked political hacking pushing us back into a similarly distracting scare era, because cybersecurity weaknesses give adversaries unprecedented ability to siphon invaluable data from across the political spectrum – information that can be used for profiling, blackmail, and probably worse as attackers correlate individuals' entire digital lives to recruit agents or better inform attacks.

Generations ago we worried about communists hiding behind every tree. Now, concern over foreign malware in every candidate’s laptop is shaking confidence in our national security and the integrity of our election process.

Voters, donors, and the media need to keep up the pressure on candidates to work harder to prevent cyberattacks. After all, whoever gets elected will face immense challenges in updating policies to protect our nation's computer networks and systems – including those that operate our nuclear power plants, electrical grids, dams, and other critical infrastructure.

By hiring CISOs, they’d demonstrate the right kind of foresight that could win over many voters in November – and keep us all more secure in the meantime.

Bob Hansmann is director of security technologies at Forcepoint (@Forcepointsec) in Austin, Texas. For more than 30 years, he has been responsible for monitoring security trends including new types of malware, social-engineering techniques and the risks of emerging technologies.

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.