26 February 2018

Defending Digital Democracy Releases New Playbooks for States to Counter Election Cyberattacks and Information Operations


Cambridge, MA – Defending Digital Democracy (D3P), the bipartisan project at Harvard Kennedy School’s Belfer Center for Science and International Affairs, released three new playbooks today in its mission to help campaign and election officials defend themselves against cyberattacks and information operations aimed at undermining trust in the American election system.

The recommendations in the three playbooks are based on D3P’s extensive field research, observation of three recent elections, an in-depth survey, and multiple tabletop exercises conducted with bipartisan groups of election officials. Rather than simply highlight the weaknesses and vulnerabilities of the nation’s election systems, the D3P team strove to work directly with election officials to develop measures to strengthen their cyber defenses and incident response capabilities.


The first, “The State and Local Election Cybersecurity Playbook,” identifies major cyber vulnerabilities throughout our voting process, from voter registration to election-night reporting. It gives ten specific recommendations to better safeguard election equipment, networks, and databases in states and counties across America. It also provides guidance to help state and local officials counter information operations.

The second, the “Election Cyber Incident Communications Coordination Guide,” is focused on cyber incident response. It provides a new mechanism for coordinating communications across state and jurisdictional lines to ensure accurate public information in the event of a multi-state or national cyberattack.

The third, the “Election Cyber Incident Communications Plan Template,” provides state and local officials with a template from which they can develop their own communications response plan for an election-related cyber crisis.

“State and local election officials are now on the front lines of a battle to maintain trust and confidence in America’s digital democracy. We developed these playbooks to serve as a resource for state and local election officials, their teams, and their institutions to help build stronger cyber defenses for election systems,” said Eric Rosenbach, Co-Director of the Belfer Center and former Assistant Secretary of Defense. “The playbooks are the result of many months of hard work and cooperation between the D3P team and our national, state, and local partners.”

“Our team visited with over 34 different election offices, surveyed 37 states and territories, and directly observed three elections across three states, so the guidelines we provide are based on the insights and concerns we heard from election officials across the country,” said Caitlin Conley, a U.S. Army Major attending Harvard Kennedy School who led D3P’s efforts on the playbooks. “Our recommendations are practical, and they can make a real difference in the 2018 elections and beyond.”

“Cyberattacks and information operations are an unfortunate reality elections officials now face, and it’s critical that officials have a plan to respond quickly and confidently, so the public understands how the issue is being addressed,” said D3P adviser Siobhan Gorman, a director at the Brunswick Group, a communications advisory firm. “Local administration of elections is a critical part of the democratic process, but it can pose communication challenges in times of crisis. Our guides will help bridge that gap.”

These new resources come on the heels of last November’s “Cybersecurity Campaign Playbook,” which provided candidates and campaign operatives the basics of cyber security.

All three playbooks are living documents that are updated as technology and threats change. While they convey essential best practices, D3P recommends that election officials take additional steps to achieve the highest level of security possible.

D3P is co-led by Rosenbach, Robby Mook, Hillary Clinton’s 2016 campaign manager, and Matt Rhoades, Mitt Romney’s 2012 campaign manager. It has a bipartisan senior advisory group made up of leaders in technology, cyber security, and national security, including:
Heather Adkins, Director, Information Security and Privacy – Google;
Dmitri Alperovich, Co-Founder and CTO – CrowdStrike;
Chris Collins, Co-Founder – First Atlantic Capital;
Siobhan Gorman, Director – Brunswick;
Yasmin Green, Director of Research and Development – Google Jigsaw;
Stuart Holliday, President and CEO – Meridian International Center; former United States Ambassador for Special Political Affairs at the United Nations;
Kent Lucken, Managing Director – Citi Private Bank;
Nicco Mele, Director, Shorenstein Center on Media, Politics, and Public Policy – Harvard Kennedy School;
Debora Plunkett, former Director – National Security Agency’s Information Assurance Directorate;
Suzanne E. Spaulding, former Under Secretary – National Protection and Programs Directorate (NPPD) at the Department of Homeland Security
Alex Stamos, Chief Security Officer – Facebook.

Contact: Sharon Wilke, Associate Director of Communications, Belfer Center for Science and International Affairs sharon_wilke@hks.harvard.edu; 617-495-9858.

No comments: