Risk

11/20/2017
10:57 AM
50%
50%

New Guide for Political Campaign Cybersecurity Debuts

The Cybersecurity Campaign Playbook created by bipartisan Defending Digital Democracy Project (D3P) group provides political campaigns with tips for securing data, accounts.

Hillary Clinton's former campaign manager and strategist for her 2016 presidential bid Robby Mook has helped create a new cybersecurity guide for political campaigns in his current role at the bipartisan Defending Digital Democracy Project (D3P) group at Harvard Kennedy School's Belfer Center for Science and International Affairs.

The Cybersecurity Campaign Playbook, published today, is a "living and breathing" guide to assist US political campaigns, candidates, and their families, in better securing their data and online accounts, according to the D3P. The group - which consists of co-directors Mook and Eric Rosenbach and Matt Rhoades, former campaign manager for Mitt Romney - worked with former director of the NSA Information Assurance Directorate Debora Plunkett, who gathered input from cybersecurity leaders, business executives, and attorneys, for the guide. 

Facebook CISO Alex Stamos, Google's manager of information security Heather Adkins, and CrowdStrike CTO Dmitri Alperovitch, were among the cybersecurity leaders who contributed to the playbook. The guide recommends among other best practices that campaigns institute user training, commercial cloud services, strong passwords, and an incident response plan.

"Cybersecurity is an issue that every campaign professional now needs to take seriously, but it can be daunting for people who aren't IT professionals," said Mook, a senior fellow with the Belfer Center. "This playbook gives candidates and campaign staff without a technical background the tools to take responsibility for their cybersecurity strategy and significantly reduce risk."

See more information on the D3P Playbook here.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cybersecurity Must Be an International Effort
Kelly Sheridan, Associate Editor, Dark Reading,  12/6/2017
NIST Releases New Cybersecurity Framework Draft
Jai Vijayan, Freelance writer,  12/6/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.