The new Harvard programme is intended to put local and national election campaigns on guard against nation state hacking attacks
Harvard University is to release a set of guidelines on Monday aimed at warding off election hacking under a programme founded earlier this year.
The 27-page guidebook was formulated by the Defending Digital Democracy (DDD) programme at the Belfer Centre for Science and International Affairs, part of Harvard’s John F. Kennedy School of Government, at a time when nation states’ hacking attacks on one another are gaining an ever higher profile.
DDD was founded over the summer and is headed by Eric Rosenbach, co-director of the Belfer Centre and former assistant secretary of defence, with the participation of two prominent Democrat and Republican campaign managers – Robby Mook, who organised Hillary Clinton’s 2016 presidential election bid, and Matt Rhoades, who led Mitt Romney’s 2012 campaign.
The programme’s work also draws on input from security executives at firms including Google, Facebook and computer security company CrowdStrike.
Large and small contests targeted
The initial recommendations are aimed at local elections with small budgets as well as the high-profile Congressional midterm races taking place next year.
They cover best practices such as requiring two-factor authentication to access email and documents and the use of communications services such as Signal and Wickr that offer end-to-end encryption, according to Reuters.
While the guidelines are basic common sense, they are intended to put participants on guard against common hacking techniques such as the phishing attack that targeted Hillary Clinton campaign chair John Podesta last year, resulting in the leak of sensitive Democratic National Committee (DNC) emails.
The Harvard programme said its aim was to produce a workable outline of measures that could realistically be adopted by campaigns of all sizes.
The guide is set to be published on Monday on the Belfer Centre’s website.
Another set of recommendations is scheduled for the spring and will be aimed at the state election officials who handle the counting of votes, according to DDD head Rosenbach. It will offer tips on countering propaganda intended to mislead voters about election integrity, he said.
Does IoT security concern you?
- Yes (89%)
- No (11%)
“Americans across the political spectrum agree that political contests should be decided by the power of ideas, not the skill of foreign hackers,” Rosenbach said in a statement.
He said the Belfer Centre is sending students out to observe state elections in order to better understand voting technologies and procedures so that best practices can be recommended that are appropriate to each context.
Recommended security measures could include software updates, paper back-ups and audits, Rosenbach said.
The US has accused Russia of carrying out extensive online efforts to tamper with last year’s presidential election, including backing the hackers who carried out the DNC attack. Russia has denied the claims.
The row between the two countries has more recently involved Moscow-based computer security company Kaspersky Lab, which last week was forced to publish the results of an internal investigation disproving claims its software was used steal classified files from an NSA employee’s home computer during a cyberattack in 2014.
Would a rose by any other name smell just as sweet? Decide for yourself with our tech company name quiz!