Wanted: A firewall to protect U.S. elections

Wanted: A firewall to protect U.S. elections

As the FBI and Congress work to unravel Russia’s hacking of the 2016 presidential election and learn whether anyone in Donald Trump’s campaign supported the effort, one thing has become clear: U.S. elections are far more vulnerable to manipulation than was thought.

A U.S. Department of Homeland Security warning and offer last year to help state election officials protect voter registration rolls, voting machines, and software from tampering was coolly received, perhaps out of skepticism or innate distrust of federal interference in a domain historically controlled by the states.

Now, as federal and state officials are partnering to examine voting and election security, a new initiative at Harvard Kennedy School (HKS) is working to shore up another at-risk component of the U.S. election system: political campaigns.

Led by former presidential campaign managers for Democrat Hillary Clinton and Republican Mitt Romney, the Defending Digital Democracy project is gathering cybersecurity experts from the U.S. Department of Defense, the National Security Agency, and the Department of Homeland Security, as well as private-sector internet heavyweights like Facebook, Google, and the cybersecurity firm CrowdStrike, to identify problems and share pragmatic wisdom with local, state, and federal campaigns so they are better informed about cyber threats and can make their organizations harder for attackers to infiltrate.

“It’s really important that this is a bipartisan effort,” said Eric Rosenbach, the project’s director and a former cybersecurity leader at the Pentagon. “I don’t think that the Democrats value cybersecurity of their campaigns more than Republicans. I think Republicans are equally tuned in to the fact that it’s important because everyone recognizes that, down the road, it could impact anyone, regardless of their partisan affiliation. And so, we’re really trying to stay out of the fray.” One project goal is to replicate the kind of information-sharing culture that exists in major industries where cybercrime is a constant concern, one that encourages collaboration in the face of threats and using best practices despite an inherently competitive culture.

“That’s what we’ve got to do in politics, and that’s why Matt and I believed it was so important to take a bipartisan approach,” said Robby Mook, who managed Clinton’s 2016 campaign. Mook will lead the project along with Matt Rhoades, who ran Romney’s 2012 presidential bid.

The idea for the project stemmed from Rosenbach’s experience as the Defense Department’s lead on cybersecurity issues during his time as chief of staff to Defense Secretary Ash Carter from 2015 to January 2017. While U.S. cyber defense efforts do protect the country from many serious threats, the dangers facing political campaigns are continuously evolving and require both vigilance and nimbleness, qualities that organizations outside the federal government may more readily bring to bear, he said. Without the potential stigma of a party affiliation, an independent body might more easily bring together stakeholders on both sides of the aisle, said Rosenbach, who is the Belfer Center’s co-director with Carter.

A collaboration of the Belfer Center, the Institute of Politics and the Shorenstein Center on Media, Politics and Public Policy, the project over the next two years will develop playbooks containing practical, low-cost advice and will work toward proposing technology-based tools, legislative fixes, and foreign policy remedies to encourage deterrence. In November, the project produced a cybersecurity playbook for campaigns. The project will release a playbook this spring that will offer guidance and best practices for mitigating threats.