The FBI’s Protected Voices initiative provides tools and resources to political campaigns, companies, and individuals to protect against online foreign influence operations and cybersecurity threats.
Protected Voices resources include information and guidance from the FBI, the Department of Homeland Security (DHS), and the Director of National Intelligence (DNI).
Foreign adversaries, including Russia and China, and foreign-aligned groups try to illegally influence American political processes. Three common foreign influence methods are:
Cyberattacks against political campaigns and government infrastructure
These attacks might include foreign adversaries hacking and leaking sensitive information from computers, databases, networks, phones, and emails.
Secret funding or influence operations to help or harm a person or cause
Tactics include political advertising from foreign groups pretending to be U.S. citizens, lobbying by unregistered foreign agents, and illegal campaign contributions from foreign adversaries.
Disinformation campaigns on social media platforms that confuse, trick, or upset the public
For example, a foreign group may purposefully spread false or inconsistent information about an existing social issue to provoke all sides and encourage conflict.
Protect your voice. The FBI, in partnership with DHS and the DNI, have released a number of short videos on critical cybersecurity and foreign influence topics. The below videos include information on foreign influence tactics as well as tips and best practices on how to protect your digital devices, social media accounts, and private information from cyberattacks. New and updated videos for the fall of 2019 include:
- Message from FBI Director Christopher Wray
- Business Email Compromise
- Cloud-Based Services
- Foreign Influence
- Passphrases and Multi-Factor Authentication
- Router Security
- Social Media Literacy
- Supply Chain
We also encourage U.S. citizens working in critical infrastructure sectors to join InfraGard, an FBI-sponsored public-private partnership that offers the latest intelligence bulletins on cybersecurity and other threats.
Report Suspicious Activity
State and local election officials or campaign staff should report suspicious activity to their local FBI field office.
Message from Director Wray
Director Wray describes the FBI's Protected Voices initiative, which aims to help political campaigns, private companies, and individuals protect themselves from foreign actors who want to hijack their message.
Business Email Compromise
Defend your own email accounts to keep an adversary from impersonating you, and get into a habit of evaluating incoming emails for compromise.
Russia, China, Iran, and other countries are trying to influence the U.S. political process. Practice good cyber hygiene, use social media discerningly, and vet your campaign’s funds, people, and information.
Train all staff in cyber hygiene, limit users’ access to only the parts of the network they actually need, and back up your data to a standalone source. Keep your anti-virus and other software up to date and patched.
Social Media Literacy
Keep a healthy skepticism whenever you’re looking at information on the Internet—consider why something might have been posted online, and who stands to gain from that information.
Look into the apps, services, and technology you use to identify who’s really providing the service. Ask about their physical and cybersecurity practices. Track what data you’re sharing, and ask who can access it.
Cloud-based services may offer your campaign increased cybersecurity measures, so research reputable cloud services vendors with the best balance of privacy, security, and cost for you.
Passphrases and Multi-Factor Authentication
Require your staffers’ passwords to be long passphrases and consider using password keeper programs. Use multi-factor authentication. Screen passphrases against lists of weak and compromised passwords.
To protect your router—which is the gateway between your network and the Internet—change the default password, apply patches regularly or automatically, choose your network name carefully, and use at least WPA2 for encryption.
When using open/public Wi-Fi, access the Wi-Fi via a VPN. Only visit Internet sites that use HTTPS, don’t let your device automatically connect to available networks, and turn off your device’s Wi-Fi connections when you don’t need to use them. Don’t do your banking and shopping transactions on open/public Wi-Fi.
Cyberattacks often begin with a social engineering technique, such as phishing, so train your campaign staffers to recognize and thwart these types of attacks.
Patching, Firewalls, and Anti-Virus Software
Keep your systems patched, ideally with automatic updates; set effective rules for your firewalls; and install anti-virus software with regular or automatic updates.
Browser and App Safety
Web browsers are how your devices access the Internet, so adjust your browser settings—and the settings on your mobile devices—to maximize your privacy and security.
Information Security (InfoSec)
Educate everyone involved in your campaign on good InfoSec practices, create a written InfoSec policy, and develop and implement ongoing training/testing for InfoSec policy compliance.
Safer Campaign Communications
To secure communications channels—such as email, messaging apps, and social media—use encryption, disable archiving, use access controls, disable remote wiping, use account lockout, and patch your systems.
Virtual Private Networks
A VPN is a great way for your campaign to keep its communications and Internet activities more private, especially when using public Wi-Fi or other points of access not under your direct control.
Have You Been Hacked?
By the time you realize your system is compromised, all of your data may already have been taken. There are a number of red flags to look for that might indicate a cyber attack, including passwords not working, a large number of pop-up ads, unexplained online activity, slow-running devices, and altered system settings.
Develop a cyber incident response team and plan so your campaign is prepared for a potential cyber incident. Your plan should include the three components of an incident response team: technical, legal, and managerial. Identify a backup way for your team to communicate without relying on your computer network.
Frequently Asked Questions
Is this information just for campaigns?
This information is geared toward campaigns but it is good information for all members of the public. It is always important to practice good cyber hygiene, or taking basic steps to protect yourself from hackers.
What type of router do you recommend? What is the safest Internet browser to use?
The FBI does not make recommendations on brands of routers to buy or Internet browsers to use. We recommend that individuals and campaigns do research on the types of hardware and software that would best fit their needs.
Whom at the FBI do I contact if I believe my campaign has been a victim of a cyberattack?
State and local election officials should report suspicious activity to their local FBI field office.
How much money should campaigns budget for cybersecurity?
The investment required for cybersecurity will vary based on the needs and size of each campaign.
Will the FBI contact me if they think I have been a victim of a cyberattack?
When a victim is identified, we refer to our victim notification process and conduct an assessment in accordance with the Attorney General's Guidelines for Domestic FBI Operations. Notification is made directly to the “individual, organization, or corporation that is the owner/operator of the computer at the point of the compromise or intrusion.”
What should I do if I am mailed digital media? Is it safe to put the media in our computers?
The source of the digital media should be considered when determining authenticity or risk. All digital media, even from trusted sources, should be reviewed for possible malware or viruses. The FBI recommends conducting a review and vulnerability check of the media on a computer not attached to your network. This standalone computer will allow you to review the content without exposing your computer network to unnecessary risk. Be mindful of not exposing your network by transferring and using digital media between the standalone machine and networked computers. Much like how you should not open links or attachments in emails from senders you do not recognize, you should never insert digital media into a networked computer before checking it for malicious software.
Where can I learn more?
You can join InfraGard, a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of critical infrastructure. To join, visit infragard.org.
Why is the initiative called Protected Voices?
The Protected Voices initiative is so named to emphasize the FBI’s role in protecting the voice of the American people as they participate in the electoral process.
- Protected Voices Flyer and Video Guide | Voces Protegidas Folleto y Información en Español
- Election Security - Department of Homeland Security
- Elections as Critical Infrastructure - U.S. Election Assistance Commission
- National Initiative for Cybersecurity Education - National Institute of Standards and Technology
- Securing Elections - National Association of Secretaries of State
- Handbook for Elections Infrastructure Security - Center for Internet Security
- Tips for Non-Technical Computer Users - US-CERT
- OnGuard Online - Federal Trade Commission
- Stay Safe Online - National Cybersecurity Alliance
- Know the Risk, Raise Your Shield - National Counterintelligence and Security Center
- Cybersecurity - Department of Justice
- Foreign Threats to U.S. Elections (pdf) - National Counterintelligence and Security Center
- Election Security - CISA