With four months toward the Election Day, and several state-sponsored cyberattacks already targeting the 2020 election, cybersecurity has taken the center stage. The presumptive Democratic nominee for President, Joe Biden hired former White House cybersecurity official Chris DeRusha as the CISO for his election campaign and Jacky Chang as Chief Technology Officer.
DeRusha is a credible cybersecurity executive with experience in managing federal and state government programs, coordinating cybersecurity operations, and developing and implementing strategy and governance. Prior to this, he was an advisor to the White House and also held cybersecurity positions with the State of Michigan, the Department of Homeland Security, and Ford Motor Co. Chang was a senior engineer on Hillary Clinton’s 2016 presidential campaign and worked for the Democratic National Committee’s voter protection team during the 2018 midterms.
“Biden for President takes cybersecurity seriously and is proud to have hired high-quality personnel with a diverse breadth of experience, knowledge, and expertise to ensure our campaign remains secure,” the campaign said in a statement. “Jacky and Chris will be central to strengthening the infrastructure we’ve built to mitigate cyberthreats, bolster our voter protection efforts, and enhance the overall efficiency and security of the entire campaign.”
Even though elections have been at the forefront of cyberattacks, lately, the concept of a CISO for a campaign is still a novelty. This was even after Russian hackers exposed emails of Hillary Clinton in the 2016 elections.
The upcoming election has already witnessed a slew of cyberattacks targeted against it. A recent survey stressed that 70% of cybersecurity professionals most likely believe their local governments cannot defend election infrastructure against cyberattacks from domestic and foreign threat actors.
The majority of cyberattacks targeting election campaigns come from automated machines that inevitably spread information and direct attacks on the vote-counting systems. Industry experts opine that the ongoing pandemic brings additional security hurdles to the election season. It is suspected that cybercriminals might take advantage of the crisis to spread false information and initiate cyberattacks, making security experts concerned about election data protection.
“When we think about threats to the upcoming elections, I would break them up into two groups. For undermining the election, disinformation operations supported by cyber operations pose the greatest threat,” said Marcus Fowler, Former CIA executive, and currently Director of Strategic Threat at AI security firm Darktrace, in an exclusive interview with CISO MAG. “Adversaries looking to hack a campaign to get the upper hand will likely be going after the information that could reputationally damage a candidate. This is less about broad disruption or undermining trust, and more about swaying individual voters and out-maneuvering a campaign. One would hope that we don’t see this type of targeting between campaigns, as we have enough to worry about from foreign actors”
He added, “As for best practices, the most immediate step that needs to be taken is that state and federal agencies and municipalities need to review their processes and communication plans around a ransomware event, especially one conducted around the election that could have an impact on voting. I think State, Local, and Federal agencies need to be more strategic–resourcing their cybersecurity teams more efficiently and more in-line with the current threats, and leveraging technology that will help buy back time for their security teams through autonomous response and investigation.”