CISA Cyber Chief Warns Political Candidates 'Everybody's a Potential Target'

The Homeland Security Department is warning political candidates that they need to take cybersecurity seriously no matter what level of government they’re running for.

The department has steadily ramped up its election security operations following Russia’s interference in the 2016 race, with the newly minted Cybersecurity and Infrastructure Security Agency responsible for much of the work. While CISA’s efforts have largely focused on securing election infrastructure and sharing threat information, the group is also working with political campaigns to bolster their digital defenses.

While presidential hopefuls and other high-profile candidates usually have the resources to invest in security, that’s not the case for thousands of people running for federal, state and local office, according to Jeanette Manfra, CISA’s assistant director for cybersecurity. As such, low-budget campaigns are left relying on personal devices and accounts, which are potentially rife with bugs and easy to infiltrate, she said.

Often, low-level candidates also don’t think there’d be any reason to target them, but Manfra warned it’s impossible to know what races online adversaries will be interested in swaying.

“I don’t care if you think you’re not interesting or your information is not interesting,” she said Saturday at SXSW. “When it comes to elections, anybody can be a target.”

Political campaigns aren’t considered critical infrastructure under current law, so CISA is limited in the amount of resources it can provide them. But Manfra told reporters the agency is providing security training to officials at both the Republican and Democratic national committees, as well as campaign staffers.

The agency also issued a set of security guidelines that even the most cash-strapped campaigns could follow, like using two-factor authentication, strong passwords and encryption, she said. The plan also recommends campaigns regularly patch their software, create an action plan for responding to cyber incidents and follow other cybersecurity best practices.

“There’s most likely on any given Tuesday an election happening somewhere in this country, so this is not something we can ever stop focusing on,” she said.

In 2016, Russian hackers broke into the Democratic National Committee and leaked more than 50,000 emails in an effort to undermine nominee Hillary Clinton. Since then, digital adversaries have also launched attacks against multiple 2018 congressional candidates and the House Republican campaign office.