Second paragraph of third chapter:
Some campaigns have more time and money for cybersecurity than others. That’s why our recommendations offer two tiers of protection: “good” and “enhanced.” The “good” tier represents everything a campaign must do to have a minimum level of security. You should always aspire to do more as time, money, and people allow, which is why we recommend using the “enhanced” level whenever possible. If you have the resources to get reputable, trained IT support, it’s money well spent. Threats are constantly evolving and professional IT services will help get you beyond what this playbook provides and keep you abreast of the latest threats and solutions for your situation.
A nice little booklet, downloadable here, produced by the Defending Democracy Project at Harvard and adapted for European use by my former employers NDI and their Republican rivals IRI.
I have actually experienced this problem myself. You may recall that I was one of the external advisers to the Georgian Dream’s successful 2012 election campaign. As David Ignatius wrote at the time, many of the computers in our headquarters were infected with sophisticated malware which could turn on their cameras and microphones, capture screen shots every 10 seconds, and record keystrokes and passwords, all transmitted to whoever installed the malware. My own laptop crashed irretrievably, beyond repair (hopefully because it successfully resisted the malware, though the damage was so great that one can’t be sure). There is some poetic justice in that the chief of staff of our campaign became interior minister after we won. The Democratic National Committee, of course, was not so fortunate.
Not all campaigns will face an opponent with that level of resources and vindictiveness. But not all campaign managers are familiar with the problems of today’s technical environment. There are also particular structural problems for political campaigns, which are often ephemeral and depending on unscreened volunteers to perform vital functions. This booklet outlines some elementary and low-cost steps to take for protection of digital resources, including the very important point that responsibility has to be seen to start at the top and that the human element is often the most vulnerable part of a campaign. A lot of the suggested measures make sense for one’s non-political online life as well. The booklet is free and well worth a look.