May 21, 2019

Wyden Introduces Bill to Protect Campaigns, State Parties From Foreign Hackers

Washington, D.C. – U.S. Senator Ron Wyden, D-Ore., today introduced a bill to defend campaigns and state parties against foreign hackers. The Federal Campaign Cybersecurity Assistance Act is the third bill Wyden has introduced this year to guard American democracy against cyberattacks, following legislation to protect election infrastructure and Senate cybersecurity.

This bill would allow national party committees to provide cybersecurity assistance to state parties, individuals running for office and their campaigns. Under current federal law, cybersecurity assistance is considered an “in-kind donation,” effectively limiting the amount of cybersecurity support campaigns can receive from national parties.

The 2016 election made it painfully clear that campaigns need more help defending against sophisticated cyber threats,” Wyden said. “Foreign hackers successfully weaponized hacked emails to drive media coverage in 2016, but the government has done virtually nothing to protect campaigns from future attacks. The fastest way to make an impact and put more resources into protecting candidates from foreign hacking is to give parties the ability to help in the fight against dangerous foreign influence in our elections.”

In recent years, Russian and other foreign hackers have targeted the networks of the Democratic National Committee (DNC), Democratic Congressional Committee (DCCC), Republican National Committee (RNC), the presidential campaigns of Republican and Democratic candidates among other political committees and campaigns. Emails from some of these accounts were leaked in 2016 in an effort to influence the results of the presidential election and others across the nation. The F.B.I. has already warned about foreign interference ahead of the 2020 U.S. elections. 

The two other election security bills Wyden introduced this year are the Protecting American Votes and Elections Act, which mandates federal election cybersecurity standards, and the Senate Cybersecurity Protection Act, which permits the Senate to protect the personal electronic devices and accounts of senators and their staff from advanced cyber threats.

In December 2018, after a request from Wyden, the Federal Election Commission greenlit the use of leftover campaign funds to secure the personal devices of members of Congress.

The text of this bill is available here.

A one-pager of this bill is available here.

Support for the Federal Campaign Cybersecurity Assistance Act

Daniel Schuman, Policy Director, Demand Progress: "Senator Wyden is leading the way to harden campaigns against the threat of cyberattacks. While much more still must be done, the Federal Campaign Cybersecurity Assistance Act would make it possible to provide the cybersecurity help right at a major point of vulnerability, and help prevent breaches before they occur."

Adav Noti, Senior Director of the Campaign Legal Center: “Protecting American campaigns from foreign interference has never been more important. This bill strikes the right balance by enhancing the technological security of campaigns while also ensuring that funds spent on cybersecurity are fully regulated and disclosed. The bill would help political parties and candidates protect their systems within the bounds of campaign finance law by correcting the Federal Election Commission’s misguided attempts to outsource cybersecurity to corporate special interests.”

Aaron James Trujillo, former chief of staff, Democratic Congressional Campaign Committee (December 2016 – January 2019), who led efforts to create and implement cybersecurity protocols for political operations during the 2018 cycle: “Political campaigns often struggle to acquire the resources and expertise to protect themselves from extremely sophisticated, constantly evolving, and well-funded foreign government hackers. I saw first-hand at the DCCC that when forced to choose between spending money on cybersecurity assistance vs. spending money on campaign operations like outreach to voters or polling, campaigns will often make the tough call and turn down cybersecurity protections.  While campaigns need to embrace a cultural and behavioral shift to take cybersecurity very seriously and integrate protections into their operations, we must also work to make barriers to entry less of an obstacle for accessing cybersecurity hardware, software and services. This common-sense bill will encourage campaigns to embrace cybersecurity assistance, instead of forcing them to choose between cybersecurity and other, often more immediate needs. This bill will also provide much-needed cybersecurity assistance to state parties, who play a significant role in national elections, but similarly lack the resources to protect themselves from advanced cyber threats.”

Paul Rosenzweig, Senior Fellow, R Street Institute: “This bill is just good common sense.  Right now, no one is providing substantive cybersecurity help to campaigns and campaign finance restrictions reduce the incentive for campaigns to seek help.  Every campaign needs robust cybersecurity and this bill is a good start to that end.  The Russians really are coming.”

Jake Laperruque, Senior Counsel, The Constitution Project, the Project on Government Oversight: "We are proud to endorse the Federal Campaign Cybersecurity Assistance Act. This bill will help shield our elections against the threats they face from malicious actors, and stop cyberattacks from undermining our democracy. Congress needs to be working continuously to improve our election systems, and we applaud Senator Wyden for his work to do so."

Nate Persily, James B. McClatchy Professor of Law, Stanford Law School: "Allowing national political parties to provide cybersecurity assistance to state parties and candidates is the kind of bipartisan election reform proposal that should be a political no-brainer.  As the country prepares for the cyber threats to the 2020 election, we desperately need well-funded institutions with a continuous presence that can provide the expertise and resources necessary to protect our democracy.  The national parties are uniquely well-situated to be reservoirs of expertise and historical memory that can benefit their candidates and state parties.  We should be doing all we can to immunize ourselves, our institutions and our candidates against the evolving cyber threats posed by both foreign and domestic adversaries."

Ron Bushar, Vice President & CTO - Government Solutions, FireEye, Inc.: “This bill addresses one of the major vulnerabilities in U.S. elections: the targeting of individual candidates and their campaigns by cyber threat actors. After the 2016 election, the Federal government smartly designated election infrastructure as ‘critical’ and is working more closely with states to secure elections. However, individual candidates are still mostly on their own facing cyber threats from foreign militaries and intelligence agencies. The proposed legislation recognizes that this type of targeting is a national security threat that undermines our democracy. This bill is an important step to improve protection for candidates who have been forced to defend themselves from state-backed adversaries without recourse or sufficient professional assistance.”