Protected Voices is an FBI initiative to mitigate the risk of cyber influence operations targeting U.S. elections. Part of that initiative is outward-facing and includes efforts by the Bureau to raise awareness among political campaigns about the best ways to fend off possible attempts—by criminals, foreign agents, or others—to infiltrate their information technology infrastructure.
One key to addressing this threat is for a campaign to enhance its own cyber hygiene, the technological equivalent of locking your doors and windows. To this end, the FBI—in partnership with the Department of Homeland Security and the Office of the Director of National Intelligence—has released a number of short videos, embedded below, on the most urgent cybersecurity issues that may leave a campaign’s computer networks vulnerable to attacks. The videos include tips and best practices on how best to protect your organization, based on industry research and our own vast experience investigating cyber crimes.
But even beyond political campaigns, the cybersecurity information contained in these videos—which ranges from protecting passwords to social engineering threats to what to do if you think you’ve been hacked—will be helpful to anyone who uses a computer.
Another step you can take to help ensure the integrity of your network is to join InfraGard, an important public-private resource that offers the latest intelligence bulletins regarding cyber and other threats. InfraGard is open to U.S. citizens with ties to at least one of the nation’s designated critical infrastructure sectors.
Cyber attacks often begin with a social engineering technique, such as phishing, so train your campaign staffers to recognize and thwart these types of attacks.
Keep your systems patched, ideally with automatic updates; set effective rules for your firewalls; and install anti-virus software with regular or automatic updates.
Require your staffers’ passwords/passphrases to be long, and consider using a password keeper/vault, setting up logging on your network to track password activity, and adding multi-factor authentication.
Educate everyone involved in your campaign on good InfoSec practices, create a written InfoSec policy, and develop and implement ongoing training/testing for InfoSec policy compliance.
Web browsers are how your devices access the Internet, so adjust your browser settings—and the settings on your mobile devices—to maximize your privacy and security.
To secure communications channels—such as email, messaging apps, and social media—use encryption, disable archiving, use access controls, disable remote wiping, use account lockout, and patch your systems.
When using open/public Wi-Fi, access the Wi-Fi via a VPN. Only visit Internet sites that use HTTPS, don’t let your device automatically connect to available networks, and turn off your device’s Wi-Fi connections when you don’t need to use them. Don’t do your banking and shopping transactions on open/public Wi-Fi.
To protect your router—which is the gateway between your network and the Internet—change your router’s default password, apply patches regularly or automatically, choose your network name carefully, and use WPA2 for encryption.
Cloud-based services may offer your campaign increased cybersecurity measures, so research reputable cloud services vendors with the best balance of privacy, security, and cost for you.
A VPN is a great way for your campaign to keep its communications and Internet activities more private, especially when using public Wi-Fi or other points of access not under your direct control.
By the time you realize your system is compromised, all of your data may already have been taken. There are a number of red flags to look for that might indicate a cyber attack, including passwords not working, a large number of pop-up ads, unexplained online activity, slow-running devices, and altered system settings.
Develop a cyber incident response team and plan so your campaign is prepared for a potential cyber incident. Your plan should include the three components of an incident response team: technical, legal, and managerial. Identify a backup way for your team to communicate without relying on your computer network.
- Protected Voices Video Series Highlights Flyer
- Election Security - Department of Homeland Security
- Elections as Critical Infrastructure - U.S. Election Assistance Commission
- National Initiative for Cybersecurity Education - National Institute of Standards and Technology
- Securing Elections - National Association of Secretaries of State
- Handbook for Elections Infrastructure Security - Center for Internet Security
- Tips for Non-Technical Computer Users - US-CERT
- OnGuard Online - Federal Trade Commission
- Stay Safe Online - National Cybersecurity Alliance
- Know the Risk, Raise Your Shield - National Counterintelligence and Security Center
- Cybersecurity - Department of Justice
- Foreign Threats to U.S. Elections (pdf) - National Counterintelligence and Security Center
- Election Security - CISA