Top tech officials working for Joe Biden’s campaign aren’t taking any second chances following the 2016 hacking of the Democratic National Committee.
The campaign is constantly trying to fend off email phishing attacks that could give hackers inside access to the campaign’s data, according to Dan Woods, the Biden campaign’s chief technology officer.
“The most famous thing to come out of 2016 was phishing,” Woods said at an election security conference in Philadelphia on Thursday. “Besides misinformation and disinformation, phishing remains, without question, the biggest threat we face.”
That acknowledgment reflects Democrats’ difficult lesson from the last presidential cycle, when Russian hackers targeted dozens of DNC addresses with legitimate-looking emails designed to entice unwitting staffers into compromising their own security. They also targeted Hillary Clinton’s campaign chairman, John Podesta, obtaining tens of thousands of emails that were later published by WikiLeaks.
Visit CNN’s Election Center for full coverage of the 2020 race
This campaign season, said Woods, the Biden campaign has established multiple safeguards to reduce the likelihood of a breach.
Staffers receive cybersecurity training from “day one,” he said, and are periodically tested with phishing emails sent by the campaign that are intended to mimic a real attack.
If they’re fooled, Woods said, “we get an alert that says they need a little more training, and then the next time it comes around, they don’t do it again.”
Campaign staff are also required to exercise the fundamentals of digital hygiene, such as enabling two-factor authentication on all their work and personal email and social media accounts. Woods also makes sure workers are using password managers, so that each of their passwords is unique and sufficiently complex.
The phishing attacks the campaign’s seeing aren’t particularly sophisticated, said Woods. Rather than targeting specific individuals with customized attacks, the messages are generic and appear to be seeking victims of opportunity – people who simply have their guard down.
The way to counter it, said Woods, is to change the culture surrounding technology products. And on the off chance that the campaign does suffer from a breach, the Biden camp has pre-set plans for how to deal with it.
“Who from legal, who from law enforcement do we need to get in touch with?” he said. “Who’s going to be the person calling the shots in the middle of a cybersecurity incident? The last thing you want to do in the middle of an incident is be figuring out who to call. So obviously, having that written down beforehand is very, very helpful.”