The Annenberg Public Policy Center hosted the University of Southern California’s Election Cybersecurity Initiative, part of a 50-state touring program for campaign and election officials and press organized by the USC’s Annenberg School for Communication and Journalism. Gathering at the policy center for the daylong program on March 5, 2010, experts discussed best practices for campaign cybersecurity in the face of growing domestic and foreign technological threats.
CNN security analyst and Penn alum Sam Vinograd moderated a discussion with Dan Woods, chief technology officer of the Joe Biden campaign for president. Woods spoke about efforts to ensure the campaign staff’s “digital hygiene” this election cycle, given the 2016 hacking of emails from the Democratic National Committee officials via phishing.
Though the Biden campaign is worried about widespread disinformation and misinformation on social media sites, “phishing remains, without question, the biggest threat [the Biden campaign] face[s],” said Woods.
Woods says that these phishing attempts are not generally targeted to any specific staff member. Rather, they are generic, legitimate-looking emails designed to trick unaware staffers into sharing their passwords or security information.
To fend off the threat of phishing, Woods says that staffers are trained on cybersecurity best practices from “day one” and are periodically tested with phishing emails sent by the campaign that are intended to mimic a real attack. “Think before you click,” he said. Additionally, the Biden campaign teaches its staffers the basics of digital hygiene, including using two-factor verification on all work and personal accounts, and encouraging the use of password managers to ensure that passwords are sufficiently strong.
Overall, the best way to counter digital threats, said Woods, is to change the campaign’s culture regarding technology products, from the most senior official to the lowest level staffer. Almost as important as these preventive measures is establishing the required emergency protocol to address any possible breaches.
The program also featured Adam Clayton Powell III, executive director of the cyberspace initiative; Justin Griffin, the initiative’s managing director; Maurice Turner, deputy director of the Internet Architecture Project at the Center for Democracy & Technology; and Marc Ambinder, executive fellow in digital security at USC Annenberg.
USC’s Cybersecurity Initiative is a nonpartisan, independent project designed to educate election and campaign staff on how to best protect political candidates and elections from cyber threats. Before Election Day 2020, the Initiative will travel to all 50 states with funding from Google to hold educational workshops on best practices, featuring talks from academics, government officials, and experts from the private sector. Aimed at educating campaign staff, state and local election officials, academics, and staff at NGOs, these cybersecurity experts presented simple tools on addressing three key areas of concern: cyber safety and security, combating disinformation and misinformation, and crisis communication.
The Election Cybersecurity Initiative is next scheduled to travel to Atlanta, GA, on March 12, 2020.
