Silicon Valley insiders will likely play a bigger role than ever in ensuring the security of presidential campaigns in 2020, joining established D.C. consulting firms in addition to some other bipartisan groups trying to lock down campaign communications in addition to neutralize misinformation.
Former Facebook chief security officer Alex Stamos has already given some advice to 2020 Democratic presidential campaigns, he told CNBC via email: Lock down your campaign staff’s identities in addition to use a professional service to manage data on cloud servers. Build security by the ground up, he suggested, in addition to don’t give too many team members access to deeper technology operations.
“I fully expect U.S. adversaries to get involved from the primary, in addition to one way to do so would likely be via stealing email, internal documents or spying on confidential communications,” Stamos said. “I’ve been trying to be helpful to multiple Democratic campaigns, in addition to right currently my focus is actually on helping them get their campaign technology stacks set up in a secure manner.”
Stamos’ advice indicates presidential contenders by 2020 are largely trying to address what they knew went wrong in 2016. Inside campaigns, that will includes fixing insecure email in addition to curbing staffers who have too much access to the most sensitive information. Outside the campaigns, that will means focusing on managing the proliferation of influential trolls on the internet in addition to social media, which in 2016 was largely driven by Russia, according to the Justice Department.
“Democratic campaigns are building teams to monitor in addition to respond to trolling online. that will isn’t a technical role, more like the next level of social media monitoring they already do,” Stamos said. “All of the campaigns are building up their the item systems in addition to staff in addition to I’m hoping they will do so with security in mind.”
Democratic campaigns in addition to organizations have also sought help by security firms to prepare for potential completely new threats.
Companies such as CrowdStrike, which was one of the first respondents to the hacking incidents within Clinton’s campaign in 2016, in addition to FireEye have already been tapped by political committees in advance of 2020. They’ve been holding high-level conversations with campaign leaders, according to people familiar with the campaigns. The companies declined to say whether they were working directly with Democrats.
A FireEye analyst, however, did paint a grave picture of how foreign adversaries, including Russia, have stayed on offense. They have shifted targets in addition to keyed in on European foreign ministries, according to the analyst, Benjamin Read.
“They have their regular pitch, in addition to they have their fastball. If they can get you out with their regular pitch they will. If you are a high-priority target, they will just throw their fastball,” he said.
The Democratic National Committee paid CrowdStrike $47,000 for “technology consulting,” according to a February Federal Election Commission filing. The National Republican Congressional Committee paid CrowdStrike $0,000 for “computer support” during the 2018 campaign season.
In one effort to help improve the security of its communications, which were a major target in 2016, the DNC created a regularly monitored feedback loop, Bob Lord, the committee’s recently appointed chief security officer, told CNBC. that will way, state parties in addition to campaigners from the field can more quickly in addition to securely reach out to his central security office in addition to inform the item of suspicious activity, he said.
Several 2020 presidential campaigns contacted by CNBC did not respond to requests for comment on their cybersecurity measures. although Sen. Cory Booker’s campaign has employed “several protocols to ensure our email in addition to technology are secure,” according to campaign press secretary Sabrina Singh. “To help maintain security, we don’t comment on specific processes,” she said.
Campaigns are interested in understanding by where the threats are coming: Russia, of course, although also China in addition to Iran, said Eric Rosenbach, director of the Defending Digital Democracy project at the Harvard Kennedy School, in addition to former chief of staff to Obama Defense Secretary Ash Carter. Rosenbach said he has had conversations with 5 campaigns about preparing for potential attacks.
by a practical standpoint, though, Lord said campaigns soon find out that will attributing them to a specific country has “diminishing returns” in terms of providing immediate security help. “the item was better to monitor the changing tactics in addition to warn everybody how to handle them going forward,” he said.
On the social media front, in order to proactively prepare for a completely new wave of online trolls, Rosenbach said he has advised campaigns that will they “need to have some kind of monitoring team that will is actually looking at social media feeds.”
“When you see [misinformation] then, you take two paths. They need to have an established channel with the social media companies, Twitter in addition to Facebook specifically. Second, they have to have a response team to push back on false or fake information,” Rosenbach said.
The bipartisan Defending Digital Democracy project also published a playbook that will gives tips to campaigns on how to improve their cybersecurity.
All of these preparations mean campaigns will have significantly more cybersecurity resources than they did in 2016, Lord said.
“We want to super-size to scale for the presidential [election],” he said. “We are going to dive in deeper with the campaigns by helping them set up their security programs in addition to giving them an understanding of what are their major components.”