Editor’s Note: Samantha Vinograd is a CNN national security analyst. She served on President Obama’s National Security Council from 2009-2013 and at the Treasury Department under President George W. Bush. Follow her @sam_vinograd. The views expressed in this commentary are her own. View more opinion articles on CNN.
Every week, I offer a glimpse of the kind of intelligence assessments that are likely to come across the desk of the president of the United States, modeled on the President’s Daily Briefing, or PDB, which the director of national intelligence prepares for the president almost daily.
Here’s this week’s briefing:
While many Americans are celebrating the widening field of 2020 presidential candidates, some of our adversaries may be doing so as well – but for the wrong reasons.
We know that Russia hacked the Democratic National Committee and the Democratic Congressional Campaign Committee during the 2016 campaign, and there were reports of other cyberattacks on congressional campaigns in 2018. In addition to Russia, the intelligence community has accused Iran and China of trying to influence our elections. All three countries – along with North Korea – have highly advanced cyber capabilities to carry out disruptive attacks.
Based on the special counsel’s investigation and basic counterintelligence protocols, it’s also clear that campaign and election officials are prime targets for recruitment and manipulation by foreign powers. Each new presidential candidate, their staff and their personal and professional information becomes a potential target for these attacks. Absent a new approach to election security, a widening field means a widening array of vulnerabilities.
Trump needs to tell the truth
The Departments of Justice and Homeland Security recently said they have not found evidence of foreign actors making “a material impact” on our voting systems and election infrastructure during the midterms. But the intelligence community still issued a report in December stating Russia, China and Iran tried to interfere in the midterm elections through “influence activities and messaging campaigns.”
President Donald Trump likes to criticize his predecessor Barack Obama for not doing more to stop Russia’s attack on the 2016 election, but the analytic assessment from the US intelligence community is that Trump (who has gone to great lengths to avoid squarely blaming President Vladimir Putin for Russia’s election interference) has not deterred our adversaries from trying again. They’re still at it.
Candidates need cyber hygiene
As Democratic candidates like Kamala Harris, Elizabeth Warren and Cory Booker announce their intent to run for president, Howard Schultz flirts with a run as an independent and Trump gears up for his own re-election – which may include a handful of GOP challengers – every part of their cyber infrastructure becomes an attractive target. Hacking a candidate’s information is a low-cost way to obtain information of high value, especially if campaigns don’t take preventative measures. And as Russia’s hacks of the DNC and DCCC showed, emails or confidential documents that surface could stoke tensions and spread divisions.
Each candidate comes with a wide network of campaign staff and volunteers, which adds up to an astronomical number of email addresses, social media accounts, financial records and more, including donors.
A simple cyberattack threatens to quickly affect a campaign’s entire network. As the field multiplies, so too does the amount of information that hackers have to hone in on.
To prevent cyberattacks, we need to carefully rethink when and how we brief candidates and their teams, so they understand the cyber risks, red flags for cyber intrusion like phishing emails, and defensive steps they can take. Encouraging campaign staff to look out for suspicious email outreach and encouraging them to better secure their online information is important, as is providing them with the right points of contact in law enforcement if they suspect something suspicious is going on.
Consider how social to be
Every candidate no doubt will be getting into the social media game. Once the purview of millennials and Gen Zers, Trump has made Twitter in vogue again – and it remains the source of most official presidential announcements these days, including his comments on 2020 candidates.
Other 2020 candidates and potential candidates like Warren and Beto O’Rourke are posting social media videos from all kinds of places and tweeting constantly or regularly. Every single post – and the comments that follow – becomes content that our adversaries can manipulate and spread. And the more controversial and inflammatory, the better, including the President’s own tweet insinuating that a Democratic win in 2020 would not be legitimate. His own tweet helps undermine the credibility of our democratic system which is something we expect Russia to do, not our own commander-in-chief.
As more candidates hire social media directors to share their content and more Americans log on to social media to get information on the 2020 race, the greater the number of opportunities there are for information warriors to manipulate voters using bots, trolls, targeted ads and more.
Technology companies will need to continue to work with law enforcement and the intelligence community to try to identify foreign actors and manipulation. Candidates also have a responsibility – for a variety of reasons – to spread accurate information. After all, spreading misinformation only helps our enemies.
Counterintelligence requires intelligence
With special counsel Robert Mueller’s counterintelligence investigation into Russian election interference still underway, we have a constant reminder that campaign officials and government employees are prime targets for recruitment by foreign intelligence services; they have access to important information and potential influence over policy decisions.
Despite paper-thin denials from the Russian government regarding attacks on the Trump campaign, George Papadopoulos’s plea deal and allegations that Carter Page acted as a Russian foreign agent (allegations he denies), the 2016 campaign reminds us that staffers can be manipulated by foreign powers due to inexperience, hubris, malign intent or any combination of those factors.
We know that then-candidate Trump was warned by intelligence and law enforcement officials that foreign adversaries (including Russia) would likely attempt to infiltrate his team or get information on his campaign, but it is unclear whether he actually listened to their warnings about counterintelligence risks.
That’s why when each new candidate announces his or her campaign, US law enforcement needs to take an active role in briefing campaign staff about the risks of becoming an unwitting foreign asset. The sooner law enforcement lays out this information, the better chance the US has of warding off foreign agents looking to infiltrate campaigns.
Each candidate is going to host campaign rallies and will set up campaign offices, fundraisers and more. Each physical space associated with a candidate – and the physical location of every campaign event – is a high value target for our enemies. We know that in the past two years there has been politically motivated violence directed at a number of Democrats, Republicans, former government officials and media, as well as heinous hate crimes reportedly motivated, in part, by conspiracy theories about immigration. The propensity for politically motivated violence is high, and as more candidates join the field local law enforcement – in coordination with federal law enforcement and intelligence professionals – will have more threats to monitor as they try to maintain basic physical security of candidates and all of their associated physical locations.
Because of these myriad risks, Trump should be worried about each new candidate, Republican, Democrat or independent, who enters the race – not for self-centered reasons, but because our security and our democracy depend on his taking immediate steps to keep them safe.