PRESIDENT TRUMP may claim that Democratic incompetence was to blame for hacks of the party’s systems during the 2016 election. But news from Politico that the National Republican Congressional Committee suffered a cyberattack by a possible foreign agent during this year’s midterm campaigns shows that election security is a bipartisan affair. It is, in fact, an issue for everyone in the United States, demanding a broad response from Congress and political actors across the board.
Congress has done too little since 2016 to shore up election cybersecurity. Actions to increase the integrity of voting systems are regrettably stalled. Voting machines are not the only critical infrastructure under threat: There is no minimum federal standard for the cybersecurity of campaigns or parties, and there is no single dedicated agency responsible for overseeing how those organizations protect their information — or don’t. There’s a money problem, too: Without federal help, cash-strapped campaigns and state election systems lack the resources to guard themselves.
All this has to change. But when it comes to protecting elections, it is not only the hacks that matter. It is also what happens after. The Democratic Congressional Campaign Committee and the NRCC considered signing a voluntary agreement ahead of the midterms not to disseminate stolen material. The parties also discussed pledging not to create fake accounts on social media or enlist the help of troll farms to push talking points — and pressuring their candidates to uphold the same norms of fair play.
The negotiations fell through. Yet an agreement of this sort among all partisan campaign committees would protect against the poisoning of the public conversation by adversaries intent on sowing discord. The understanding that neither party would weaponize illegally obtained information against the other would reduce the incentives for malicious actors to access their systems in the first place. If those actors went ahead anyway, it would limit the impact.
Forming a robust agreement would require confronting tough questions about what it means to disseminate stolen information. News organizations would continue to make their own judgments and would not be bound by any pact among political parties. But if the parties agreed not to accept opposition research from hackers or use it in campaign ads, the value of such material would decline. It’s not a total solution, but it might help.
We live in an age of information warfare. The United States’ two major political parties may see each other as enemies, but their common interest in keeping the country’s democracy intact could be the basis for an alliance — working together to build better defenses, and maybe even crafting an arms-control treaty.