Cyber threats to the 2024 US elections have resurfaced in recent days, causing concern among parties, campaigns, and officials. The past week has seen a surge in incidents, including compromised credentials related to the Democratic party and its National Convention, false accusations of AI manipulation by a presidential candidate, and phishing emails sent by an Iran-backed group to high-ranking officials in presidential campaigns.
Experts warn that the risk of cyber threats will only increase as the election approaches, with potentially more impactful consequences closer to Election Day. Michael Kaiser, the president and CEO of Defending Digital Campaigns (DDC), emphasizes the growing potency of these threats as the election draws nearer.
The challenges of protecting political campaigns from cyber threats are manifold. Hackers often target individuals within organizations through indirect means, such as compromising a colleague’s email to launch phishing attacks. Campaigns, especially at the highest levels, are prime targets for sophisticated threat actors, including nation-state entities, cybercriminals, and hacktivists.
Limited resources, tight budgets, and the transient nature of political campaigns contribute to their vulnerability to cyber attacks. Campaign leaders may prioritize operational and advertising expenses over cybersecurity, leaving them exposed to potential breaches. Additionally, the rapid setup of volunteer centers and the use of personal devices by volunteers further expand the attack surface for cyber threats.
In response to the escalating risks, changes in campaign finance regulations have allowed organizations like DDC to provide cybersecurity services to political campaigns without being considered a donation. This development has enabled campaigns to access cybersecurity resources and support to bolster their defenses against cyber attacks.
Securing a political campaign involves leveraging existing security tools, implementing free resources like CloudFlare and Project Shield, and practicing good cyber hygiene. Limiting the number of accounts and credentials and using hardware tokens can help mitigate risks and prevent unauthorized access to sensitive information.
Overall, political campaigns are increasingly becoming more cyber-savvy and prepared to defend against evolving threats. With better awareness of threat actors and their tactics, as well as the availability of resources and support from organizations like DDC, campaigns are taking steps to strengthen their security posture and safeguard the integrity of the election process.