The Democratic presidential candidates are all doing well on securing their campaigns against cyberattacks, new research released Thursday indicated, highlighting the turnaround on the issue following attacks on the Democratic National Committee (DNC) and the presidential campaign of Democratic presidential nominee Hillary Clinton in 2016.
IT security group SecurityScorecard detailed the cybersecurity improvements made by candidates in a new report, which found that the third-party groups used by campaigns to assist with cybersecurity also scored high in implementing cyber safeguards.
All the candidates were overall judged to be doing well in cybersecurity, with everyone except Sen. Elizabeth Warren (D-Mass.), Sen. Bernie Sanders (I-Vt.) and former New York City Mayor Michael Bloomberg scoring an A grade; those three all got a B.
The campaign of former Vice President Joe Biden scored the highest, receiving a 97 out of 100.
The company noted that a campaign given a B grade or higher was five times less likely to be breached by a cyberattack than campaigns with a C grade or lower.
SecurityScorecard also assessed presidential campaigns for those who have since dropped out of the race, with the only major concerns found in the campaign of tech entrepreneur Andrew Yang, where the company discovered an attack on a third party event management vendor used by his campaign that could have led to cyber vulnerabilities.
SecurityScorecard cautioned that despite the improvements, no campaign should let down its guard and that some cyber hygiene problems were still an issue.
“Although all signs point to candidates heeding the call of security experts, the landscape of cybersecurity changes daily, if not by the minute,” the company wrote. “No security professional ever feels their defenses, processes, or threat intelligence systems are flawless. Instead, it is a balance of continual improvements and risk analysis.”
SecurityScorecard wrote that it planned to do another report on the cybersecurity posture of the eventual 2020 Republican and Democratic nominees, as well as any third-party presidential nominees, once they are officially chosen.
“Modern political campaigns have troves of personally identifiable information (PII) on voters, including historical voting records, registered party members, competitive intelligence, sensitive communications with heads of state and more,” SecurityScorecard wrote. “It is vitally important to the election process and the protection of voters’ data that political campaigns take cybersecurity seriously.”
The company hailed the results as encouraging given cyber intrusions by Russian agents during the 2016 presidential race.
According to the report compiled by former special counsel Robert Mueller, Russian agents hacked into the email accounts of Clinton campaign staffers, including campaign chairman John Podesta, and stole thousands of emails. Russian actors also hacked into servers at the Democratic National Committee and the Democratic Congressional Campaign Committee.
Experts have raised concerns ahead of the 2020 presidential election about the cybersecurity of campaigns.
Former top officials, including two former Homeland Security secretaries, created the “U.S. CyberDome” last year designed to help presidential campaigns address cybersecurity, while private companies such as Cloudflare are offering free cyber assistance to presidential and congressional campaigns.
These concerns were underlined in October, when Microsoft announced that Iranian cyber criminals had targeted a presidential campaign. Reuters later reported that it was President Trump‘s campaign but said the hacking attempt did not succeed.