President Trump signed an executive order to protect the power grid from hackers last week, but experts warn that the 2020 campaign cycle has already suffered cyberattacks.
Elections large and small are looming in an increasingly work-from-home and social-distancing environment, one that has forced many campaigns (like most Americans) to conduct their day-to-day operations remotely. That has created a perfect opportunity for bad actors online, experts warn, and it could pose an unprecedented threat to the integrity of the U.S. elections.
“This is an ongoing battle that will be going on right up until Election Day,” cybersecurity expert Michael Kaiser told Fox News.
Kaiser is president and CEO of Defending Digital Campaigns (DDC), a bipartisan group comprised of both presidential campaign staff and cybersecurity professionals that advises federal-level campaigns and staff about all things cybersecurity.
Campaigns are able to learn about and obtain things like encryption services at cost or for free with DDC’s assistance. These kinds of protections have become increasingly valuable as town halls and fundraising dinners shift to online platforms like Zoom and as campaigns share sensitive information with each other online.
Just because a particular campaign might be protected doesn’t necessarily mean the bad guys are going away, Kaiser noted, especially during a pandemic.
“As we move towards the election itself, cyber incidents are likely to increase,” he explained, “because the closer you are to election the more disruptive an incident can be, the less opportunity there is to respond, to recover from that.”
"This is an ongoing battle that will be going on right up until Election Day."
— Michael Kaiser, Defending Digital Campaign's president and CEO
One of DDC’s board members knows firsthand how devastating a cyberattack can be for a campaign in the final stretch of an election cycle.
“We found out in the early fall of 2011, during the primary, that our campaign had been hacked and that we had been hacked by the Chinese,” said Matt Rhoades, former advisor to Mitt Romney’s presidential campaign.
“It wasn't like we were cash strapped, we had nice a system in place, but obviously we didn't have a good enough system to keep the government of China out,” Rhoades said, laughing briefly.
While the breach itself was bad, Rhoades told Fox News that the recovery came with other implications. “Any dollar spent to upgrade our system, which we had to do, was a dollar we didn't spend contacting a voter in New Hampshire or Iowa or South Carolina,” he explained. “And that's the challenge that all these campaigns face.”
Rhoades said the situation is particularly difficult for staffers of down-ballot candidates who may not have the resources of a tier-one presidential campaign in the middle of the primaries.
“If you don't provide these resources at cost or in some cases, some of these companies provided their services and their software for free, people just aren't going to do anything about it,” he added.
Joel Wallenstrom, a longtime white-hat hacker who is now CEO and president of Wickr, an encrypted communication app, told Fox News he used to offer cybersecurity advice to campaigns for free after finding actual vulnerabilities in their websites.
“Nobody ever, ever responded,” he added. “We were always kind of perplexed by that.”
That seems to have changed, thankfully, as Wallenstrom’s end-to-end encrypted platform was recently selected as the only secure communication platform for a new U.S. Air Force initiative. He estimates some 70 percent of senatorial campaigns in the last election cycle were using his platform, as well.
Wallenstrom said he has also come to understand why campaigns never took him up on his offers for free cybersecurity advice, but it hasn’t made him sleep any better at night.
“They were getting 60 offers of help a day and half of them were fraudulent, and that just never struck me… that that kind of jagged pill was theirs to swallow, in terms of trying to navigate how to do cybersecurity,” he explained.
In February, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released its #Protect2020 Strategic Plan for securing the U.S. elections.
The plan addressed the campaign cycle, not just the election, and it also came roughly a week after a report from the Government Accountability Office accused the agency of lacking a nationwide strategy.
Rhoades told Fox News that unfortunately, and without naming names, campaigns have already suffered cyberattacks in the 2020 cycle. And his concerns go well beyond the campaign trail.
“I have a lot of concerns, and you saw a little of this spill over even during the Democratic caucus in Iowa, if we were to ever have some kind of cyber breach on election night,” Rhoades said. “And the results of one of our battleground states, at the presidential level, were impacted in some form or fashion.
“I just believe in these highly partisan times that we live in, whichever side came up on the short end of the stick is just not going to be open to believing the results,” he added. “So that's kind of a doomsday scenario that I see potentially, unfortunately, happening.”