The 'Backdoor' Risks to Political CampaignsFrancis X. Taylor of US CyberDome Sizes Up the Threats
Political campaigns are at risk from nation-state actors and other hackers seeking to exploit network vulnerabilities and create backdoors to access sensitive data that can be used to undermine the November election, says retired Brigadier General Francis X. Taylor. He’s now the executive director of U.S. CyberDome, a nonpartisan initiative to help protect campaigns against foreign influence.
Political campaigns are vulnerable to backdoor intrusions because the federal government cannot provide direct security assistance to them and they’re more focused on getting voters to the polls than they are on IT issues, Taylor said at Information Security Media Group's Virtual Cybersecurity Summit: Government on Tuesday.
"We believe the biggest risks to the campaign comes through the backdoor of their computer systems," Taylor said. So it’s important to help protect campaigns from intrusions that enable hackers to “steal information and use that information to weaponize it going forward."
In June, Google's Threat Analysis Group found that an advanced persistent threat group linked to the Chinese government attempted to phish Democratic presidential nominee Joe Biden's campaign staff, while an Iranian-backed hacking group targeted President Donald Trump's re-election office (see: Google: Phishing Attacks Targeted Trump, Biden Campaigns).
Taylor said that in the weeks ahead, nation-state threat actors will attempt to replicate the tactics used by Russian hackers during the 2016 campaign to spread falsehoods and target certain organizations (see: Final Report: More 2016 Russian Election Hacking Details).
"Once you've seen a good disinformation campaign and see how it's operated, it's very easy to replicate," Taylor said. "And our adversaries are excellent at replicating what the Russians did. So we face disinformation; we face our adversaries trying to work through the fissures in our society."
Christopher Krebs, the director of the U.S. Cybersecurity Infrastructure and Security Agency, which is responsible for protecting the country's critical infrastructure, including elections, has also warned of disinformation threats stemming from Russia, China and Iran in the weeks leading up to the November election (see: Election Security: A Progress Report From CISA's Krebs)
Need for Collaboration
In March, CyberDome created its Political Campaign Information Sharing and Analysis Organization to share data on election-related threats and risks. CyberDome is also working with CISA and the FBI to better understand emerging risks, Taylor said.
Technology and security companies also can play a crucial role in working with campaigns to bolster software and hardware security, Taylor said, stressing the need for competing firms to work together to help the government build better security solutions.
"The enemy doesn't care what you work on," Taylor says. "The enemy only cares about the data that you have, and you can protect yourself more effectively by sharing that information with your fellow companies, and with that get better at understanding what's happening on your own systems and protect yourself."
The COVID-19 pandemic is creating a shift to more mail-in voting, which could ease auditing, Taylor said.
"The mailing of ballots … gives you a paper trail that can be audited, which is much easier than some kind of computer system,” he said.
Also speaking at the ISMG event on Tuesday, CISA's Krebs stressed that paper ballots will give officials a concrete way to audit the vote in case of a dispute.
Taylor noted that cyber threats to political campaigns will not end with the November election cycle, so CyberDome will continue to educate political organizations on the cybersecurity issues that they face.
”It is fundamental to make sure that the campaigns we support are free of threat actors - and if there are threats, we can mitigate those threats,” he said. “This isn't going to stop on Nov. 3."