Advertisement

DNC updates cybersecurity advice to protect candidates from hackers in 2020

The checklist is straightforward security advice driven by an awareness of current threats.
Bob Lord
Bob Lord pictured at TechCrunch's Disrupt 17 conference. (Flickr / CC-BY-2.0 <a href="https://flic.kr/p/UCJJ3n">TechCrunch</a>)

As Washington turns its attention to the 2020 presidential election, the Democratic National Committee on Friday released updated security guidance it says will “dramatically reduce the risk” of hackers breaching candidates’ devices.

The checklist is straightforward security advice driven by an awareness of current threats. The DNC, scarred by the Russian intervention in the 2016 presidential election, has invested in improving Democrats’ cyberdefenses in the last two years. U.S. intelligence officials warn that foreign adversaries will continue to target political organizations ahead of votes being cast in 2020.

“Our adversaries are already at work, whether a candidate has announced or not,” DNC Chief Security Officer Bob Lord said in a statement.

The DNC checklist advises candidates and their staffers to encrypt their laptops in case they are lost or stolen and to use a password manager to make it harder for attackers to crack credentials.

Advertisement

The committee is encouraging everyone from presidential candidates to field staffers to heed the guidance.

Politico was first to report on the checklist.

Lord and other DNC cybersecurity officials also encourage Democrats to use the HTTPS Everywhere browser extension, which ensures an encrypted connection to websites. The checklist also includes a warning for candidates, staff and family members to use Google’s Advanced Protection program, a token-based second factor for logging into Gmail that combats phishing.

“The risk of phishing is high,” the memo says. “Enroll yourself, key staff, and your family members in the Advanced Protection program. Consider it mandatory.”

Had John Podesta, Hillary Clinton’s 2016 campaign manager, been able to use Advanced Protection, “the world might be a very different place,” one technical expert told Reuters when Google released the tool in 2017. Russian operatives hacked Podesta’s Gmail account as part of Moscow’s intervention in the election, U.S. intelligence agencies and independent security searchers have determined.

Advertisement

The DNC encourages party members to comply with two-factor authentication with a second factor that is not a text message, as hackers have proven capable of intercepting SMS messages. The checklist runs candidates down their social media and email accounts, asking if they’ve enabled two-factor authentication for each. “Protect them all,” it says.

The committee also wants politicians and their staff to use encrypted messaging applications like Signal and Wickr, and it suggests they use devices with built-in security features like the Chromebook or iPad.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts