Maybe the Secret Service Should Start Protecting Candidates’ Email As Well
Some private cyber investigators say it’s time the agency expand its reach beyond mere physical security.
Maybe it's time the Secret Service starts cracking down on the computer security of presidential candidates, in addition to their physical security, some private cyber investigators say, after a leak of Democratic party files right before the nomination of Hillary Clinton for president.
"When you are running for president up and through [Republican National Committee] and DNC conventions, there are a lot of physical protections put in place for the potential president, however, on the cyber side we have not caught up in that world yet," Tony Cole, global government chief technology officer for cyber forensics firm FireEye, told Nextgov.
Last month, FireEye corroborated a report by DNC contractor CrowdStrike that Russian intelligence groups cracked the DNC network. Cole said could not comment on whether FireEye is assisting in the investigation or its clients.
The major threat actors this election, however, definitely are nation states with political agendas, Cole said.
"With world events taking place today, I would say probably Russia is the biggest concern in that area, in my opinion," he said. "We are not aware that North Korea is a player in this area, trying to impact policy." Cole also said some Middle Eastern countries and China also would have the capabilities to spy on politically sensitive data.
Potentially, attackers can manipulate data in a way that can physically hurt a candidate, Cole said.
Maybe a hacker "actually goes after a candidate, whoever their doctor is and changes their blood type" in the patient records system, he said.
Read more: Russia Wanted to be Caught, Says Company Waging War on the DNC Hackers
See also: How Putin Weaponized Wikileaks to Influence the Election of an American President
Right now, until there is some type of specific intrusion, like the alleged DNC hack, there is not much the government specifically does to help prevent hack attacks against presidential nominees, Cole said.
The Secret Service, in most situations, "does not secure the computer systems" of political organizations, nor does it "secure the computer systems of individuals, to include protectees," like major presidential candidates, according to a legal summary the Secret Service provided Nextgov.
That said, Secret Service spokeswoman Nicole Mainor relayed in an email that the agency "plays a significant law enforcement role in ensuring that candidates are aware of a range of vulnerabilities – ranging from physical protection to cybersecurity."
She added, "The Secret Service continues to work vigorously with our local, state and federal partners to prevent and detect cyberthreats against the homeland, to include those against presidential candidates and their campaigns.”
The laws and policies for safeguarding presidential nominees have not kept pace with the internet age Americans live in, Cole said.
One of the gravest security breaches for prospective presidents, in the cyber realm, would be a compromise of correspondence about intelligence briefings the nominees are or soon will be receiving, he said.
"Being able to steal their email is a critical concern, and obviously, the DNC hack that took place, if valid, that is a major concern," Cole added.
The Secret Service backed by the National Security Agency should be charged with the digital protection of presidential nominees, he said.
The FBI has issued a statement on the Democratic party cyber incident, stating, "The FBI is investigating a cyber intrusion involving the DNC and is working to determine the nature and scope of the matter."
This is not the first time hackers have messed with electronic communications of major political candidates.
A college student in 2008 hijacked then-vice presidential candidate Sarah Palin's personal Yahoo mailbox reportedly to find content that could undermine her campaign. According to federal prosecutors, David C. Kernell reset Palin's account password by accurately guessing the answers to her security questions, read her messages and then posted online screenshots of the emails.
Republican National Committee Chairman Reince Priebus told MSNBC on Monday perhaps the RNC is better at securing its email and data than the opposition.
“We haven't been hacked," he said. "And we don't expect to be. And we're monitoring it every day."
Meantime, GOP presidential nominee Donald Trump seems all for Russia continuing to disclose the confidential messages of his rival Clinton, the former secretary of state.
“Russia, if you're listening, I hope you're able to find the 30,000 emails that are missing, I think you will probably be rewarded mightily by our press,” Trump said during a press conference Wednesday, referencing missing emails Clinton had been storing on a private server while in office.