Dems, GOP invest in cybersecurity ahead of new elections

The Democratic and Republican national committees are both making significant investments in cybersecurity to prevent hacking in the run-up to future elections.

Campaign cybersecurity has gained greater visibility among staffers up and down the ranks of both national political committees following Russia’s interference in the 2016 presidential election, which included cyberattacks against the DNC and former Hillary Clinton campaign chairman John Podesta.

DNC Chairman Tom Perez has hired former Uber executive Raffi Krikorian to spearhead its IT operations.

{mosads}“When Tom Perez was recruiting me, his No. 1 ask of me was what am I going to do about his cybersecurity problem,” Krikorian told The Hill in a recent interview. “It’s that important, all the way at the top.”

In just two months on the job, Krikorian has directed all DNC staffers to use the secure messaging app Signal instead of text messages, implemented “simulated phishing drills” to put employees on guard for cyberattacks and mandated the use of two-factor authentication to log into DNC systems. Krikorian is also eyeing formal staff-wide cybersecurity training.

All of these moves are part of a broader effort, he said, to transform the cybersecurity culture at the DNC.

“Setting the right culture inside the building,” Krikorian said. “Just trying to get everyone on staff comfortable with the idea that it’s OK to ask questions.”

The DNC email leaks last year, which occurred just in time for the party’s convention in Philadelphia, generated broad outrage and strained relationships between different wings of the party. Revelations in the emails eventually prompted the resignation of then-Chairwoman Debbie Wasserman Schultz.

It was not until January that the intelligence community publicly blamed Russian intelligence for obtaining “large volumes” of DNC data through hacks, then releasing it through third parties like WikiLeaks.

Russia also compromised Podesta’s personal email account using a spear-phishing attack. Moscow’s aim, the intelligence community says, was to sow distrust in U.S. democracy, damage Clinton’s electability and aid President Trump.  

The developments have generated change at the DNC as it looks to revamp its data operations and security. Krikorian has built a team of tech-savvy staffers with backgrounds working at social media giants like Pinterest and Twitter.

The DNC wasn’t the only party organization targeted by Russia. The intelligence community report released in January said Russia conducted cyber operations against “targets associated with both major U.S. political parties.”

Former FBI Director James Comey also testified to Congress that Moscow hacked into “old” email domains of the RNC the committee was no longer using, but said there were no successful hacks of the Trump campaign or current RNC networks.

RNC staff say that a big reason hackers were unsuccessful is the party’s longstanding data security operations, which date back to the creation of the party’s massive voter data file in 2000. RNC tech personnel have been testing staffers with phishing attacks, providing them with initial cybersecurity training and checkups and broadly implementing security protocols like two-factor authentication.

Still, staffers say that cybersecurity has become more of a focus top-to-bottom following the events of 2016.

“I would say it’s always been of importance but there’s been more of a focus on engaging our entire RNC team,” an RNC staffer who works on data security told The Hill. The staffer added that the committee’s IT operation is “always keeping abreast of any threats out there” and “making sure that our entire team is remaining vigilant.”

The RNC is less concerned about making big changes and more focused on doing what it has done successfully in the past. This includes making “considerable investments to bolster our security and protect our data information,” said Blair Ellis, an RNC spokeswoman.

Still, the RNC has not gone unscathed by cybersecurity controversies. Earlier this year, one of the committee’s contractors left databases containing information on roughly 200 million voters completely exposed on the internet. The data contractor later took full responsibility for the incident.

As the 2018 midterm elections approach, there are broad concerns about future foreign interference in elections. Russia’s influence campaign in 2016 was multifaceted, leveraging cyberattacks on Democratic officials, targeting state election systems and spreading disinformation, according to U.S. intelligence officials.   

The issue has captured consistent, massive public attention, as congressional committees and special counsel Robert Mueller lead separate probes into whether there was collusion between the Trump campaign and Moscow.

For his part, Krikorian says he’s making sure to actively monitor the DNC’s network in order to detect any increased activity or targeting as the next Election Day approaches. But his chief focus is spurring the culture change at the DNC around cybersecurity.

“I think we’re trending better, but I think that no security person would ever admit that they are confident or not confident,” he said. “It’s an arms race.”