|
|
|
|
|
|
by x0ner
2605 days ago
|
|
|
I agree with your general sentiment, but if it were that easy, we wouldn't even be having the discussion. Nation states going after a campaign are likely to succeed, it's limiting the exposure if they do. To your point, there are a number of no-brainer processes or technologies to make those compromises difficult or severely limit the damage and many do not require much to put in place. You do need someone on-staff though constantly monitoring and enforcing best practices. |
|
|
You really have to get a sense for how ragtag a political campaign is. Startups --- themselves pretty ragtag --- are raising funds and building for an imagined future in which they're big. They might engage professional IT and security (though many don't). Campaigns aren't like that; every single one of them will be "out of business" within a year and a half. They have minimal infrastructure and a mostly volunteer staff, and there are many hundreds of them every cycle.
At best, you might suggest that the upstream service providers for campaigns, like NGP VAN, should get better at security. The DNC, for instance, has an experienced CSO. But that CSO can't do all that much for individual campaigns.