A bipartisan Harvard University project aimed at protecting elections from hacking and propaganda will release its first set of recommendations today on how U.S. elections can be defended from hacking attacks. The 27-page guidebook shown to Reuters ahead of publication calls for campaign leaders to emphasize security from the start and insist on practices such as two-factor authentication for access to email and documents and fully encrypted messaging via services including Signal and Wickr. The guidelines are intended to reduce risks in low-budget local races as well as the high-stakes Congressional midterm contests next year. Though most of the suggestions cost little or nothing to implement and will strike security professionals as common sense, notorious attacks including the leak of the emails of Hillary Clinton’s campaign chair, John Podesta, have succeeded because basic security practices were not followed.
The ongoing effort is being led by the Belfer Center for Science and International Affairs, based at the Harvard Kennedy School of Government, and is drawing on top security executives from companies including Google, Facebook and the cyber security firm CrowdStrike. The guidebook will be available online (https://www.belfercenter.org/cyberplaybook).
… The handbook is the first effort from the Belfer Center’s four-month-old Defending Digital Democracy program, whose leadership includes top campaign officials from both the Republican and Democratic parties. Belfer co-director Eric Rosenbach said another guidebook, scheduled for spring, will aim at state election officials, who oversee the actual vote-counting and might also have to deal with propaganda intended to mislead or dissuade voters or sow suspicions about election integrity.