While hundreds of millions of dollars in federal money have been allocated for securing state election infrastructure this year, political campaigns are often cash-strapped operations short on cybersecurity expertise. “Especially in the early phases of the campaign, it is not staffed by professional IT and certainly not cybersecurity people,” said John Gilligan, the executive chairman of the nonprofit Center for Internet Security (CIS). When a candidate decides to run, the campaign might acquire a few computers and start building databases without prioritizing cybersecurity, Gilligan said Tuesday at the Center for Strategic and International Studies. CIS, which runs a center for sharing threat data with state and local officials, is looking to extend its information-sharing initiative to campaigns. The goal is to chip away at the security-resource deficit facing candidates, as numerous tech companies are trying to do by offering free security services to campaigns.
The Elections Infrastructure Information Sharing and Analysis Center that Gilligan is looking to build on offers state and local officials cyberthreat notifications along with technical assistance in addressing those threats.
Gilligan said CIS has begun reaching out to the Democratic and Republican national committees about the prospective information-sharing program. With the midterms just a week away, the project wouldn’t bear fruit until 2020.
“My hope would be by 2020 we’d have begun to have a dialogue with campaigns, we’d [have] begun to show them some value, and most of the campaign organizations are taking advantage of the information that we’ll provide for free,” Gilligan told reporters after a panel discussion at CSIS.