The FBI’s Protected Voices initiative provides tools and resources to political campaigns, companies, and individuals to protect against online foreign influence operations and cybersecurity threats.
Protected Voices resources include information and guidance from the FBI, the Department of Homeland Security (DHS), and the Director of National Intelligence (DNI).
Foreign adversaries, including Russia and China, and foreign-aligned groups try to illegally influence American political processes. Three common foreign influence methods are:
Cyberattacks against political campaigns and government infrastructure
These attacks might include foreign adversaries hacking and leaking sensitive information from computers, databases, networks, phones, and emails.
Secret funding or influence operations to help or harm a person or cause
Tactics include political advertising from foreign groups pretending to be U.S. citizens, lobbying by unregistered foreign agents, and illegal campaign contributions from foreign adversaries.
Disinformation campaigns on social media platforms that confuse, trick, or upset the public
For example, a foreign group may purposefully spread false or inconsistent information about an existing social issue to provoke all sides and encourage conflict.
Protect your voice. The FBI, in partnership with DHS and the DNI, have released a number of short videos on critical cybersecurity and foreign influence topics. The below videos include information on foreign influence tactics as well as tips and best practices on how to protect your digital devices, social media accounts, and private information from cyberattacks. New and updated videos for the fall of 2019 include:
- Message from FBI Director Christopher Wray
- Business Email Compromise
- Cloud-Based Services
- Foreign Influence
- Passphrases and Multi-Factor Authentication
- Router Security
- Social Media Literacy
- Supply Chain
Report Suspicious Activity
State and local election officials or campaign staff should report suspicious activity to their local FBI field office.
Message from Director Wray
Director Wray describes the FBI's Protected Voices initiative, which aims to help political campaigns, private companies, and individuals protect themselves from foreign actors who want to hijack their message.
Business Email Compromise
Defend your own email accounts to keep an adversary from impersonating you, and get into a habit of evaluating incoming emails for compromise.
Russia, China, Iran, and other countries are trying to influence the U.S. political process. Practice good cyber hygiene, use social media discerningly, and vet your campaign’s funds, people, and information.
Train all staff in cyber hygiene, limit users’ access to only the parts of the network they actually need, and back up your data to a standalone source. Keep your anti-virus and other software up to date and patched.
Social Media Literacy
Keep a healthy skepticism whenever you’re looking at information on the Internet—consider why something might have been posted online, and who stands to gain from that information.
Look into the apps, services, and technology you use to identify who’s really providing the service. Ask about their physical and cybersecurity practices. Track what data you’re sharing, and ask who can access it.
Cloud-based services may offer your campaign increased cybersecurity measures, so research reputable cloud services vendors with the best balance of privacy, security, and cost for you.
Passphrases and Multi-Factor Authentication
Require your staffers’ passwords to be long passphrases and consider using password keeper programs. Use multi-factor authentication. Screen passphrases against lists of weak and compromised passwords.
To protect your router—which is the gateway between your network and the Internet—change the default password, apply patches regularly or automatically, choose your network name carefully, and use at least WPA2 for encryption.
When using open/public Wi-Fi, access the Wi-Fi via a VPN. Only visit Internet sites that use HTTPS, don’t let your device automatically connect to available networks, and turn off your device’s Wi-Fi connections when you don’t need to use them. Don’t do your banking and shopping transactions on open/public Wi-Fi.
Cyberattacks often begin with a social engineering technique, such as phishing, so train your campaign staffers to recognize and thwart these types of attacks.
Patching, Firewalls, and Anti-Virus Software
Keep your systems patched, ideally with automatic updates; set effective rules for your firewalls; and install anti-virus software with regular or automatic updates.
Browser and App Safety
Web browsers are how your devices access the Internet, so adjust your browser settings—and the settings on your mobile devices—to maximize your privacy and security.
Information Security (InfoSec)
Educate everyone involved in your campaign on good InfoSec practices, create a written InfoSec policy, and develop and implement ongoing training/testing for InfoSec policy compliance.
Safer Campaign Communications
To secure communications channels—such as email, messaging apps, and social media—use encryption, disable archiving, use access controls, disable remote wiping, use account lockout, and patch your systems.
Virtual Private Networks
A VPN is a great way for your campaign to keep its communications and Internet activities more private, especially when using public Wi-Fi or other points of access not under your direct control.
Have You Been Hacked?
By the time you realize your system is compromised, all of your data may already have been taken. There are a number of red flags to look for that might indicate a cyber attack, including passwords not working, a large number of pop-up ads, unexplained online activity, slow-running devices, and altered system settings.
Develop a cyber incident response team and plan so your campaign is prepared for a potential cyber incident. Your plan should include the three components of an incident response team: technical, legal, and managerial. Identify a backup way for your team to communicate without relying on your computer network.
- Protected Voices Flyer and Video Guide
- Election Security - Department of Homeland Security
- Elections as Critical Infrastructure - U.S. Election Assistance Commission
- National Initiative for Cybersecurity Education - National Institute of Standards and Technology
- Securing Elections - National Association of Secretaries of State
- Handbook for Elections Infrastructure Security - Center for Internet Security
- Tips for Non-Technical Computer Users - US-CERT
- OnGuard Online - Federal Trade Commission
- Stay Safe Online - National Cybersecurity Alliance
- Know the Risk, Raise Your Shield - National Counterintelligence and Security Center
- Cybersecurity - Department of Justice
- Foreign Threats to U.S. Elections (pdf) - National Counterintelligence and Security Center
- Election Security - CISA