On June 6, 1968, the day after Robert Kennedy’s assassination, Congress took action to protect the integrity of American political process. By passing House Joint Resolution 1292, lawmakers extended Secret Service protection to major presidential and vice presidential candidates. To this day, the Secret Service continues to cover presidential candidates, ensuring that a crazed individual or hostile nation cannot deny the American public the opportunity to elect its favored leaders.
But what once would have required a bullet may now be achievable with bytes. This election cycle has already seen stolen digital files leaked at strategic moments in what appears to be a Russian attempt to influence the outcome in November. While these leaks have been embarrassing and distracting, they have not fundamentally altered the political landscape.
{mosads}However, there are digital technologies that, if compromised, could lead to serious doubt about the legitimacy of the election. While there are ongoing discussions about increasing the security around electronic voting machines, few are focused on the greatest technological advancement of the last decade: The digital voter files and field outreach tools of both major parties.
The 2008 Obama campaign was the first presidential campaign to make major use of a digital voter file and field operation. Since, both Democrats and Republicans have spent millions of dollars to build sophisticated voter files and increasingly effective voter outreach tools. As we move towards Election Day, volunteers will use smartphone apps to quickly access and update these files. Based on the information they contain, regional and national field staffs will redirect resources to maximize turnout operations.
Unless someone crashes the system. On May 20, 2014, NationBuilder, a nonpartisan vendor of these tools, was the target of a DDOS attack, its servers overwhelmed by requests from zombie computers. That day—a primary election day—two Senate incumbent campaigns were unable to access or update their digital voter file for more than four continuous hours, denied access by the decision of a tech-savvy individual.
Presidential campaigns operate on a different scale, and will likely be able to protect themselves from a lone wolf attack like the one in 2014. But a state-sponsored attack on digital campaign infrastructure would be a different beast. Campaigns and the private companies that support them are unlikely to be able to withstand or quickly recover from a much larger attack without significant support from the federal government.
There are broadly two methods of attack that would be damaging. A blockade on voter data through a DDOS attack would prevent campaign staff from access data by overwhelming computers. Such an attack would be most effective in the days leading up to the election.
Alternatively, hackers could attempt information sabotage. Rather than denying staff access, hackers would instead focus on changing or deleting information in the database. If done subtly, campaigns would not know information has been corrupted and would make strategic decisions based on flawed information.
Either strategy could be crippling to a modern campaign and impact a close election, casting significant doubt over whom is the rightful victor.
So what is the solution? As the federal government builds its capability to respond to cyberattacks, it has declared certain assets “critical infrastructure,” increasing their security obligations while offering them increased support to prevent and respond to attacks. In a 2013 Presidential Policy Directive, President Obama identified 16 sectors as critical infrastructure. These assets are generally vital to everyday American life, including financial institutions, electric grids, and water supplies. Electoral infrastructure, vital to the integrity of American democracy, was not deemed critical.
Congress should, on a bipartisan basis, request the President update the 2013 policy directive to fix that. To keep the policy narrowly focused, Congress could apply the same criteria the federal government uses to determine which presidential campaigns have access to presidential transition funds. Granting critical infrastructure status would mandate that DHS and the FBI work with campaigns and the DNC and RNC to protect their infrastructure and be on alert to quickly respond to and repel attacks.
In 1968, Congress acted to protect democratic elections only after a historic attack. In 2016, it has the opportunity to act preemptively to prevent another one.
Scott Payne is a Fellow with the Truman National Security Project and former defense and foreign policy staffer for Sen. Barbara Mikulski. He is the founder of Peak Capitol, a federal advocacy strategy firm. Views expressed are his own.
The views expressed by authors are their own and not the views of The Hill.