What the FEC’s New Advisory Opinion Means for Your Campaign’s Cyber Security
Just as businesses and consumers become more aware of and responsive to the threats posed by cyber criminals, so too is the federal government.
Michael Rogers, former director of the National Security Agency, and Dan Coats, Director of National Intelligence, along with many other experts have testified that senior government officials are prime targets for professional hackers and cyberattacks. This threat also has implications on the campaign side where professional criminals or state actors could gain access to a candidate’s personal information or harm national security.
Now, the Federal Election Commission (FEC) is providing guidance on whether campaign funds can be used to secure personal electronic devices and online accounts of candidates. On December 12, the Federal Election Commission (FEC) released a draft advisory opinion (AO) responding to an inquiry from Senator Ron Wyden (D-OR) on the issue.
In the draft advisory opinion, the FEC indicates that campaign funds may be used for the purpose of securing personal phones, computers, and accounts to protect from hacking. While this is the first time the FEC has provided guidelines on using campaign funds for personal electronic protection, the FEC had previously allowed using campaign funds for personal physical protection expenses such as security or alarm systems in the candidate’s home. The FEC clarified in the AO that using campaign funds for electronic protection only extends to the candidates themselves and not to family, staff, or other individuals.
How can a campaign protect the candidate’s cell phones and online accounts? There are several options the FEC may permit once the AO has been finalized:
Dedicated secure cell phones, computers, networking devices, and security key fobs.
Software such as firewalls, antivirus, cloud services, and encrypted communication such as email, chat, and project management tools.
Consulting services from cybersecurity professionals.
Emergency assistance in the event of a hack or hacking attempt.
Another simple solution: enable 2-factor authentication for all online accounts. This means entering in a password and then entering in a secondary verification code received through a text message or a phone call. While it may be a small hassle, it will greatly reduce the risk of hacking. CFS makes use of 2-factor authentication whenever possible.
In fact, CFS has been at the forefront of helping our clients secure themselves and their data from hackers for years. From taking our clients to the cloud to requiring dual-reviews and approvals on every check cut, CFS strongly believes in the need for campaigns to professionalize their operations and – in the process - take cyber threats seriously.
Whether it’s updating antivirus software or making use of cybersecurity consulting, the FEC is moving forward with allowing candidates to use campaign funds to protect themselves from hackers and electronic attacks. Let CFS help your organization take advantage of the new tools that could be made available once this AO has been finalized and help protect the organization from the unique cyber threats facing candidates and campaigns.