Almost 75% of U.S. Senate campaign websites lack domain-based message authentication, reporting and conformance (DMARC) protections, leaving them vulnerable to cyberattacks, reveals new report from Red Sift It has become.
The study, authored by Dr. Sean S. Costigan, Managing Director of Resilience Strategies at Red Shift, highlights the importance of cyber communication, especially given the critical role email communications play in coordinating with voters, donors, and staff. It highlights the urgent need for campaigns to strengthen security.
Threat Landscape: Phishing and Spoofing Attacks
DMARC is an important tool to prevent phishing and spoofing attacks by ensuring that email sent from your domain is authenticated. Without these safeguards, political activities are at risk of cyber breaches that can compromise sensitive voter information, donor data, and strategic plans. The report warns that attacks targeting campaign websites could undermine public confidence in elections.
Cyberattacks against U.S. political activities are not new. Russian state actors have previously engaged in influence operations aimed at disrupting the electoral process, including hacking emails, particularly during the 2016 election.
Recently, Iran has emerged as a significant threat, focused more on disrupting the U.S. election process through cyberattacks than directly influencing voters. Other state actors, including China, have similarly exploited weak cybersecurity measures to advance their own interests in the past.
Read more about these campaigns: UK blames China for 2021 hack that targeted data of millions of voters
The impact of cyberattacks on democratic processes
According to Red Sift analysis, without DMARC, campaigns remain highly susceptible to phishing, domain spoofing, and impersonation attacks. These threats can slow election campaigns, create disinformation, or leak sensitive information, all of which can have devastating effects during a critical election period.
This report highlights that while technology solutions like DMARC are important, they must be properly configured and managed to be effective.
The FBI and CISA have recently issued advisories highlighting the importance of DMARC in protecting against email spoofing and maintaining the integrity of campaign communications. Implementing these measures will not only help you operate safely, but will also reassure constituents, contributors, and staff that communications are genuine.
The introduction of DMARC reflects the campaign’s commitment to protecting the democratic process and maintaining public trust amid increased attention to election security. The report calls for immediate action to prioritize DMARC implementation in the U.S. Senate and across presidential campaigns.
