Nearly 30 percent of House of Representatives candidates have significant security issues in their websites compared to less than 5 percent of Senate candidates, according to new research. The disparity underscores the challenge that smaller, resource-strapped campaigns have in making themselves less vulnerable to hacking. About 3 in 10 House candidate websites scanned by election-security expert Joshua Franklin and his research team were not using important security protocols for routing data or had a major certificate issue. The scans, most of which took place in June, covered the websites of more than 500 House candidates and nearly 100 Senate candidates. “The House has significantly more candidates running and that provides more opportunities for security errors,” Franklin told CyberScoop. He presented his findings at the DEF CON conference in Las Vegas. The major political parties’ Senate candidates also tend to be more experienced on the campaign trail and have bigger staffs for those statewide races.
A majority of candidates received good grades overall, with 55 percent of House candidates and 81 percent of Senate candidates receiving an A grade for website security, meaning they had trusted digital certificates and no known vulnerabilities in their security protocols.
Voter registration web applications also earned strong marks, with 70 percent receiving an A or higher.
The findings come amid warnings from U.S. officials that Russia will continue to interfere in U.S. elections. In advance of the 2016 presidential election, Russian hackers probed the IT systems of 21 states, including Illinois, where they breached a voter registration database.
The IT security resources of campaigns vary greatly – big Senate campaigns are generally better equipped to fight off hackers than House candidates in sparsely-populated districts. To try to fill the void, tech companies like Alphabet Inc. are offering candidates free cybersecurity services.