In new guide, spy agency warns campaign teams 'more likely' targets of cyber attacks
Prime Minister Justin Trudeau makes phone calls to gather support for local candidates in a byelection campaign office in Calgary, Alta., Wednesday, March 1, 2017.THE CANADIAN PRESS/Jeff McIntosh
OTTAWA – If you are working on a political campaign, are a candidate, or political volunteer, you are poised to be a prime target for attempted foreign interference and cyber attacks in the coming federal election.
That's the message from the Communications Security Establishment (CSE) in a newly released cyber guide for political campaigns.
It’s the first time a guide like this has been created by the federal electronic spy agency, and comes after the Canadian Centre for Cyber Security issued reports in 2017 and 2019 warning that foreign interference in the fall federal campaign is "very likely" and that political campaigns are one of the higher-risk entities vulnerable to these attempts to meddle in the outcome of the election.
The 2019 report found that politicians, their parties, and their staff are targets for more advanced cyber attacks such as obtaining private information for the purpose of blackmail, or accessing campaign databases.
"As a member of a campaign team, you hold valuable, strategic data that others want to access and that you need to protect," reads the 20-page guide.
The guide includes general basic reminders such as not using free Wi-Fi, using two-factor authentication, and being wary of clicking suspicious links.
It also offers tailored tips for campaign staff such as making rules about who will have access to certain information, like account passwords or donor lists, how to secure information when many campaign workers will likely be bringing in their own devices, and what to do if social media accounts are compromised.
Generally, CSE's advice is summarized by these five steps:
- Assess what cybersecurity means for your campaign
- Understand where your data lives
- Secure your data and technology
- Provide cybersecurity training
- Know what to dispose of or archive
The guide is being sent directly to all registered federal political parties. CSE has been sharing information, and working directly with the political parties—who, as privacy advocates have noted, are not subjected to tougher privacy rules and oversight for the data they harvest from the electorate—to secure their campaigns from a cyber perspective.
"Our goal is to raise awareness and help political parties protect their campaigns from cyber security compromises and the accompanying consequences," said CSE Evan Koronewski in a statement to CTV News.