How do you provide no-cost services to U.S. political campaigns and still adhere federal election law?
For federal campaign and party committees, US CyberDome adheres to the Federal Election Commission (FEC) Advisory Opinion 2018-12 (https://www.fec.gov/data/legal/advisory-opinions/2018-12/) which permits deliver of cybersecurity services to campaigns, as long as specific criteria are met. To provide absolute assurances to those receiving our services, and with the intent of expanding available cybersecurity services for campaigns, we are seeking an FEC Advisory Opinion of our own.
Is it true you offer free services?
Through the generosity of our donors, the U.S. Cyber Dome is able to deliver best-in-class cybersecurity services to qualifying campaigns and party committees at no charge.
For whom do you provide those services?
U.S. political campaigns, beginning with 2020 U.S. Presidential Campaigns and soon expanding to U.S. Senate campaigns. We will evaluate future expansion to U.S. House campaigns, State campaigns, and election infrastructure over time.
When will services be available?
They are available right now.
What services do you provide?
We offer high impact services in the broad categories of computer network defense and foreign interference alerting. Given the short-duration that even the most successful campaigns exist, we designed our solution to ensure minimum burden on campaign personnel. We used the Cybersecurity Framework to reconcile unique campaign requirements, such as short-durations, with the highest impact cybersecurity activities for campaigns. Cybersecurity incident response and monitoring services have been identified as high impact items. Our intention is to expand the solution over time.
What makes you different from the other services out there like Microsoft, Area 1 Security, Defending Digital Campaigns, and others?
We utilize our unique and combined expertise in cyber crime, cybersecurity risk management, and campaign politics. We are experts in cybersecurity, national security, intelligence, and law enforcement. We apply that domain expertise in a non-partisan way, ensuring political discourse, but not participating the political discourse. Our leadership and technical understanding are steeped in the Defense Cyber Crime Center, the largest accredited computer forensics laboratory in the world, and the National Institute of Standards and Technology, one of the most trusted scientific institutes in the world.
We feel a kinship with those seeking to help political campaigns. This includes Microsoft, Area 1 Security, and Defending Digital Campaigns. We regularly refer campaigns and party committees to those organizations and leverage those organization's efforts to achieve a greater effect.
When were you founded?
The US CyberDome was founded in 2014 as a 501(c)(3) non-profit with a charter to help defend the U.S. election infrastructure and political campaigns against foreign interference. To bring US CyberDome into alignment with the Federal Election Commission Advisory Opinion 2018-12 (issued to Defending Digital Campaigns), the US CyberDome was re-established as a 501(c)(4) non-profit in May of 2019.
Why were you founded?
U.S. CyberDome is comprised of cybersecurity experts who have worked for the U.S. Department of Defense and the National Institute of Standards and Technology. The team got started as cyber experts who became alarmed by increasing cyber threats and the lack of protection for campaigns and voters.
Why do campaigns actually need this? Haven’t they learned their lessons from 2016?
As in the past, campaigns have a singular focus on political discourse and winning the election. They also exist for relatively short periods of time. These inherent properties of campaigns leave them open to technology risks. Adversaries are keenly aware of this weakness and may feel more emboldened in 2020 than in the past.
What makes the 2020 U.S. Presidential election different from previous cycles?
2016 showed that cyber attacks can be used to manipulate the US election. Also, as the U.S. increases trade pressures around the world, cyber attacks from affected nations tend to increase. Both factors will lead to increased attacks on 2020 U.S. Presidential campaigns, parties, and election infrastructure.
Doesn’t the RNC & DNC already provide this?
The cybersecurity services provided by national party committees to campaigns is varied and budget-dependent. The extent to which campaigns participate in party-provided services can also vary greatly. US CyberDome supports campaigns that wish to operate more independently, as well as party committees in bolstering the services they provide.
Why wouldn’t campaigns just work with the Department of Homeland Security’s cyber agency?
We really appreciate the hard and excellent work of DHS. DHS is primarily focused on election infrastructure such as voter databases and electronic voting machines. The U.S. federal government is only able to provide select services to political campaigns. In addition, federal agencies have ongoing investigations and may not be able to disclose information immediately to a campaign. A non-profit organization is better positioned to provide cybersecurity services to campaigns.
Why wouldn’t campaigns just join the Election Infrastructure ISAC?
The Center for Internet Security (CIS) provides cyber threat sharing and other services to the election infrastructure Critical Infrastructure subsector through the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC). As with the other CI sectors, the EI-ISAC receives funding from DHS to operate. Federal election law prevents those funds from being applied to campaigns. The Political Campaign ISAO (information sharing and analysis organization) provides campaigns and related organizations cybersecurity best practice and threat information sharing without the use of federal funds.
Can you really stop them?
Not even the U.S. government can guarantee a 100% success rate against every attack or exploit from malicious nations or nation-states. However, U.S. CyberDome can ensure diligence in detecting adversary activity, and expediency in responding to and reporting that activity. In other words, campaigns will be confidentially informed of any breach and actions will be taken to contain and prevent additional damage.
What do you need donations for? Couldn’t you just get grants?
In the interest of serving the relatively near-term 2020 U.S. Presidential Election, we’ve begun with a focus on donations. The grant application process is very lengthy. Additionally, the number of grants required to fund this effort would be extensive. Donations will allow us to absorb the cost of services to campaigns, who often cannot afford levels of protection necessary to defend against persistent and well-funded adversaries.
Isn’t it true that people can donate without disclosing who they are? What if it’s a foreign government?
Per the FEC, we will disclose the names of all donors and only accept donations from U.S. citizens.