13 May, 2019
In 2016, U.S. candidates for public office were thinking mainly about how to get elected. But at the same time, Russian agents were attacking computers and computer networks in the United States. Those cyberattacks changed American politics. The effects and costs of the Russian operation have become a major issue during Donald Trump's presidency.
And it all started when someone opened an inviting email and entered a password.
Have U.S. presidential candidates and their campaigns learned from the 2016 cyberattacks? That is a big question with less than nine months before the first event in the 2020 campaign season. Preventing future attacks will not be easy. And it will cost a lot.
Robby Mook managed former Secretary of State Hillary Clinton's presidential election campaign in 2016. He compares political campaigns to U.S. government agencies, like the Department of Defense.
"If you are the Pentagon or the NSA, you have the most skilled adversaries in the world trying to get in, but you also have some of the most skilled people working defense. Campaigns are facing similar adversaries, and they don't have similar resources...," he said.
Mook added that U.S. campaigns generally do not employ experts to prevent cyberattacks.
Traditionally, cybersecurity has not been important for candidates, especially in the early weeks of a campaign. They need to raise money and get people to work for them during the campaign. Presidential candidates also need to pay rent for office space, talk to supporters and travel repeatedly to early voting states.
Funding campaign security
Then there is the question of how to spend money. Security systems for computer networks may cost more than a good television advertisement.
Robby Mook told The Associated Press: "You shouldn't have to choose between getting your message out to voters and keeping the Chinese from reading your emails."
Mook is now with the Belfer Center for Science and International Affairs at the Harvard Kennedy School in Massachusetts. He has been helping develop a plan for a nonprofit group to provide cybersecurity support and additional help directly to campaigns.
Question of trust
Other help is available from the cyber agency of the U.S. Department of Homeland Security, or DHS. However, the campaigns of some Democratic Party candidates may feel uneasy working with an administration they are trying to defeat.
Matt Masterson is a cybersecurity adviser with Homeland Security. He says the first step will be to establish trust between the agency and different campaigns. Then, DHS can share intelligence about possible threats and the campaigns can give DHS information. The department also will test a campaign's or party's computer networks for weaknesses.
Masterson said the biggest issue is that a political campaign is a temporary operation, which has many people coming and going. It is hard to control the use of campaign computers.
John Delaney, a former congressman, was the first Democrat to announce he is a candidate for president. He sees cybersecurity as a fixed cost.
"It's not supercomputers cracking through your firewalls," he said. "It's really tempting emails that people respond to and give away information."
The 2016 cyberattacks were low-tech, meaning they involved only simple technology. Russian agents sent hundreds of emails to the personal and work emails of Clinton campaign workers and volunteers. The emails were made to look like they were from the campaign officials and asked the reader to activate a link and enter a password. Such emails also went to people working for the Democratic Congressional Campaign Committee and the Democratic National Committee.
After an employee gave up password information, the Russians were able to connect to the Democratic Congressional Campaign Committee's networks. They used that to gain entry to the Democratic National Committee.
Clinton's campaign chairman, John Podesta, fell for the same trick on his personal email account. He made the mistake of clicking on a link and entering his password. Then, Russians stole thousands of Podesta's private messages about what was happening inside the Clinton campaign.
Training and preparation
But the Clinton campaign had not ignored cybersecurity. Mook told the AP that a lot of money was spent to train campaign workers on cyber threats. They had even sent emails to test staffers' ability to detect phishing attempts.
It was easy for the Russians to attack U.S. computer networks in 2016, so the 2020 presidential election campaigns now need to take extra care. Hillary Clinton has been talking about this with Democratic presidential candidates.
"Unless we know how to protect our election from what happened before and what could happen again...you could lose," Clinton said. "I don't mean it to scare everybody. But I do want every candidate to understand this remains a threat."
California Senator Kamala Harris' campaign said it was teaching campaign workers the basic methods that prevent cyberattacks.
"All staff is being trained on threats and ways to avoid being a target," a campaign spokesperson said.
Others seeking the Democratic Party's nomination did not want to talk about the subject. Trump's re-election campaign would not talk to the AP either.
Caution at the White House
The president has often downplayed Russia's interference in 2016. He says the attacks were less serious than first thought. Former Homeland Security Secretary Kirstjen Nielsen said Trump's team told her not to bring up election security during her meetings with him.
Administration officials claim election security is an important issue for them. Chris Krebs is head of DHS' cyber efforts. He told lawmakers at a House committee hearing that his office is working hard to protect the election of 2020.
"I'd ask each of you: Do you know if your campaign is working with us?"
I'm Jill Robbins.
Colleen Long and Christina A. Cassidy reported on this story for the Associated Press. Jill Robbins adapted it for VOA Learning English. George Grow was the editor.
Words in This Story
password - n. a secret series of numbers or letters that gives users rights to use a computer or computer system
manage – v. to supervise or organize
NSA - n. National Security Agency
adversary - n. an enemy or opponent
rent – n. a payment for temporary use of something
firewall – n. a barrier or security system that controls incoming and outgoing messages
phishing - n. the custom of sending emails that look like they are from well-known companies in order to influence individuals to provide personal information
What is your country doing to prevent cyberattacks? Write to us in the Comments Section.