Cambridge, MA – Emboldened by their successes in recent years, malicious actors are stepping up their attacks on a particularly soft target: US political campaigns. Though the risks – and consequences – of infiltration are increasing, campaigns can greatly reduce their vulnerability with a few simple steps. That’s the impetus for “The Cybersecurity Campaign Playbook,” a new guide published online today by the bipartisan Defending Digital Democracy Project (D3P) at Harvard Kennedy School’s Belfer Center for Science and International Affairs.
The Playbook, which the D3P team will update regularly, aims to help campaign officials at all levels better meet a growing array of cyber threats. It is a living, breathing document. It’s not intended to be a comprehensive document for technology professionals, but rather an easily digestible guide for campaign operatives less well-versed in cyber security. Complete with a Top-Five checklist and two hand-outs – one for campaign staff, and one for candidates and their families – the Playbook serves as a cyber readiness reality check.
“Campaign workers may not realize it, but they’re on the front lines of a 21st century battle,” said Belfer Center Co-Director and former Pentagon “cyber czar” Eric Rosenbach, who directs D3P alongside former Hillary Clinton campaign manager Robby Mook and former Mitt Romney campaign manager Matt Rhoades. “Foreign and other malicious actors are working overtime to penetrate campaigns’ sensitive data and, ultimately, undermine our democracy. We all have to raise our game to ensure that American voters – and no one else – decide our elections.”
“Cybersecurity is an issue that every campaign professional now needs to take seriously, but it can be daunting for people who aren’t IT professionals,” said Belfer Center Senior Fellow Robby Mook. “This playbook gives candidates and campaign staff without a technical background the tools to take responsibility for their cybersecurity strategy and significantly reduce risk.”
“Foreign hackers tried to negatively impact the 2012 Romney campaign, and my worry is that this could happen again to a future rising political star,” said Belfer Center Senior Fellow Matt Rhoades. “Today, everyone’s a target up and down the ballot – not just the presidential contenders. We all need to take this threat seriously so we can get back to debating public policies, and this Playbook is an important first step.”
To develop the Playbook, former Director of the NSA’s Information Assurance Directorate Debora Plunkett led a world-class team of researchers, campaign operatives, business leaders, attorneys, and cybersecurity professionals – including Facebook’s Alex Stamos, Google’s Heather Adkins, and CrowdStrike’s Dmitri Alperovitch – who contributed their insight and experience. Among the Playbook’s critical recommendations:
- Because human error is the number one cause of breaches, take responsibility for reducing risk, train staff, and set the example.
- Use a commercial cloud service. It will be more secure than anything you can set up.
- Require two-factor authentication for all important accounts, including office suite, email, storage services, and social platforms.
- Use SOMETHINGREALLYLONGLIKETHISSTRING, not TH1$, for your passwords. Long, random words are harder to break than something short with numbers and symbols.
- Prepare a plan in case your security is compromised. Know whom to call for technical help, understand your legal obligations, and be ready to communicate to stakeholders.
The D3P team welcomes suggestions and comments to improve the Playbook via Twitter @D3P. As part of its mission to identify and recommend strategies, tools, and technology to protect democratic processes and systems from cyber and information attacks, D3P intends to roll out additional resources in coming months. D3P is co-sponsored by Harvard Kennedy School’s Shorenstein Center on Media, Politics and Public Policy, and the Institute of Politics.
Contact: Sharon Wilke, Associate Director of Communications, Belfer Center for Science and International Affairs: Sharon_Wilke@hks.harvard.edu | 617-495-9858