On July 10th, Joe Biden’s US presidential campaign announced it was hiring a Chief Information Security Officer (CISO) and a Chief Technology Officer (CTO).
Biden’s campaign team told The Hill that these security professionals would help “mitigate cyber threats, bolster… voter protection efforts, and enhance the overall efficiency and security of the entire campaign.”
This development confirms what cybersecurity experts have long understood — that, just like businesses, political campaigns require a CISO. We’ll tell you why.
Rates of cybercrime — and the sophistication of cybercriminals — continue to increase across all sectors. Whether it’s phishing attacks, malware, ransomware, or brute force attacks, incidents are on the rise.
These aren’t anecdotal reasons. Political campaigns have been targeted by cybercriminals before.
For example, in 2016, Hillary Clinton’s campaign manager, John Podesta, received a spear phishing email disguised as a Google security alert. Podesta followed a link, entered his login credentials, and exposed over 50,000 emails to malicious actors. This is a great example of how human error can lead to data breaches and goes to show that anyone can make a mistake.
That’s why cybersecurity is so important.
Hiring a CISO — and thus improving the cybersecurity of political campaigns — has three main benefits:
Let’s explore each of these in a bit more detail. You can also check out our CISO Spotlight Series to get a better idea of what role a CISO plays across different sectors.
Whatever your political persuasion, it’s hard to ignore headlines that detail the role cybercriminals played in the 2016 US election, including:
A CISO ensures better coordination of a political campaign’s IT security program. This can involve:
Of course, these functions aren’t specific to political campaigns. A CISO’s job, whether at a big bank or a law firm, is to safeguard systems, data, and devices by implementing policies, procedures, and technology and to help build a positive security culture.
The difference, though, is that while a CISO at your “average” organization helps prevent data breaches and other security incidents, the CISO of a political campaign does all of this while also helping maintain faith in the process among voters.
Keep reading to find out how.
Political campaigns must communicate directly with individual voters which means those working on the campaign have access to highly sensitive information. And, we’re not just talking about names and addresses. Even a person’s intention to vote is highly sensitive personal information.
While – yes – many people publicly proclaim their ideology and voting intention via social media, those people don’t expect their information to be mined by data-harvesting software, combined with other personal information, and shared with unauthorized third parties. They simply want to share their views with friends, family, and followers.
Data mining is a process used to extract trends and patterns from large data sets. Depending on what data is being mined, these trends can be used to inform advertising and marketing initiatives, supply chain processes, and other business (or political) functions.
Like hacking, data mining operations can affect the outcome of elections. They also represent a gross invasion of individual privacy.
How valuable an asset is voter data? A few recent high-profile examples will give you an idea. (Click the links to learn more about each individual incident.)
These examples prove that voter data can be used to raise funds or create a political advantage. But what are the consequences?
To start, voter trust is lost which – as we’ve discussed – can impact the democratic process. Beyond that, there are also legal ramifications. Under state and federal privacy laws, selling personal information is a legally-regulated activity. Any allegation that a campaign has violated privacy law would be extremely damaging not just reputationally, but financially.
A CISO can help ensure that a political campaign is less likely to engage in risky behavior with voters’ personal information and assist the campaign to comply with privacy law.
But it’s not just personal information that political campaigns handle.
Political campaigns also handle security-sensitive information which must be carefully safeguarded.
Robert Deitz, former senior counselor to the CIA, told Washington Post that a Russian cyberattack on the Trump campaign could reveal information about Trump’s foreign investments and negotiating style. Having access to this data could help Russia understand “where it can get away with foreign adventurism.”
A CISO has overall responsibility for information safeguarding within an organization. They understand:
All of this information helps CISOs implement data loss prevention (DLP) strategies in order to keep sensitive information out of the hands of bad actors.
Data privacy – and therefore cybersecurity – is essential for the modern world.
In fact, in business, a strong security posture fosters trust with customers and prospects and is therefore considered a competitive edge. Why? Because data is valuable currency. Customers and prospects expect the organizations they interact with to safeguard the information shared with them.
Shouldn’t politicians foster trust with voters in the same way?