Amid ongoing probes into Russian cyber and other activities aimed at the 2016 elections, Hillary Clinton’s presidential campaign manager Robby Mook is offering a novel idea for protecting the electoral process from hacks: a new federal program to provide cybersecurity protection to candidates for all kinds of offices.
Mook sat down with InsideCybersecurity.com at a recent conference in San Francisco to pitch his idea for providing Secret Service-style cybersecurity protection to candidates at various levels, not just the presidential contenders who are physically accompanied by Secret Service agents but left on their own to fend of cyber attacks.
It’s not a surprising suggestion from Mook, whose candidate’s campaign was rocked by hacks at the Democratic National Committee and elsewhere that are the subject of ongoing scrutiny in Congress and the intelligence community.
Mook noted that House and state and local races are even more susceptible to cyberattacks than big-ticket presidential and Senate campaigns, because they operate on much smaller budgets.
“People on individual campaigns are willing to take risks because their goal is to get elected and not cybersecurity,” said former Department of Homeland Security cyber official Mike Echols.
Senior campaign officials may consider the relative risk of cyberattack, the costs and the available resources — just like executives at any other entity would do – and make their spending decisions accordingly.
But in the heat of political battle, cybersecurity spending is way down the priority list for most campaigns.
That’s probably what prompted Mook to call for a more proactive role by federal authorities.
Mook didn’t go into details but his comments suggest providing some kind of federal security coverage to thousands of candidates every year.
The scope of such a program probably makes it a nonstarter, and practicalities suggest it will continue to be up to independently run campaigns to make their own decisions about using available cyber tools.
Echols, the former DHS official who is now the CEO of a cybersecurity services group called the International Association of Certified ISAOs — for Information Sharing and Analysis Organizations — suggested campaigns should take a more holistic look at cybersecurity.
“DHS provides a lot of tools,” Echols noted. “People don’t necessarily use them or understand why they should divert time from their core mission to cybersecurity. Tools are very important. However, information sharing is more important.”
That pushes the ball back toward elements of the private sector — including Echols’ group — that market cyber services as more flexible and cutting-edge than much of what the government could provide.
In Echols’ case, the touchstone is information sharing and an expansive, service-oriented view of the Information Sharing and Analysis Organization concept promoted under a 2015 Obama executive order.
He added, “Information sharing is not just cyber threat indicators, but education, mitigation, new techniques, awareness, review of tools, [telling people to] keep a lookout for …”
His group recently launched a National Election System ISAO that’s getting interest from state and local election officials.
That ISAO is focused on assisting government officials who are responsible for ensuring the security of the local ballot box. Their responsibilities, motivations and resources differ from those of campaign managers.
The hacks of 2016 are unlikely to spawn a new government cyber initiative to protect candidates, but it may spur candidates and their campaigns to protect themselves by reaching out for the cyber tools that are already out there.
Charlie Mitchell is editor of InsideCybersecurity.com, an exclusive service covering cybersecurity policy from Inside Washington Publishers, and author of “Hacked: The Inside Story of America’s Struggle to Secure Cyberspace,” published by Rowman and Littlefield.
