Democratic candidate for president and former South Bend, Indiana Mayor Pete Buttigieg’s campaign cybersecurity official has resigned, according to a report in the Wall Street Journal.
Buttigieg’s campaign confirmed to the paper that the staffer in question, chief information security officer Mick Baccio, has resigned, though it “has retained a new security firm and continues to be committed to digital security and protecting against cyberattacks.” Another source told the Journal that the resignation was over an internal dispute over how to manage security, though more details were not immediately forthcoming.
None of the other Democratic campaigns for the presidency are known to have had a full-time staffer with similar responsibilities. That is more than a little troubling, given the outsize role played in the 2016 elections by a sprawling controversy over Democratic nominee Hillary Clinton’s private email server (including classified documents) and a separate hack and subsequent leak of Democratic party officials’ email inboxes allegedly planned by Russian military intelligence officers.
In a statement to TechCrunch, Baccio said that he “had fundamental philosophical differences with campaign management regarding the architecture and scope of the information security program.” Baccio had previously told attendees at the Cyberwarcon conference that his role entailed preventing a recurrence of the 2016 fiasco, with a particular focus on averting interference by nation-states. Other duties included watching out for any possible “deepfakes” looking to smear the candidate or leaks of sensitive fundraising, strategy, and voter data from third-party vendors working with the campaign. A former threat intelligence team leader in the Barack Obama and Donald Trump administrations, Baccio was also in charge of making sure campaign officials used basic security measures like encrypted messaging and two-factor authentication.
According to the Journal, Baccio said at Cyberwarcon that devoting adequate resources to these tasks could be difficult because “Every dollar we spend on cybersecurity is a dollar we don’t spend on ads in New Hampshire or Iowa.” One way they had protected against deepfakes, he added, was keeping Buttigieg on camera as often as possible to have an independent log of his movements.
Baccio also alluded to the potentially brief nature of the position with Buttigieg’s campaign, per Cyberscoop: “Initially I wasn’t going to do it. The nature of the job is very temporary. We all know the Iowa caucus. It’s a really important date, all the primaries. This job might end in March… It might end at any point in between then if there’s a political or media hiccup. It’s not a really good selling point.”
While individual political campaigns could fall prey to hackers, wariness over the potential vulnerability of U.S. elections writ large has grown before the 2020 election. Democrats in Congress have pushed for major increases in federal funding to protect state and local election systems through the federal Electoral Assistance Commission. Reports have consistently found that the nation’s voting systems are highly reliant on outdated or vulnerable technology, such as paperless voting machines that don’t create physical records of votes.
House Democrats and Republican leadership in the Senate eventually reached a compromise position of some $US425 ($616) million to be spent in 2020, though it will likely arrive too late to make more than a minor difference before this year’s elections (Democratic presidential primaries in Iowa and New Hampshire will commence in less than a month).
Shelby Pierson, election security threats executive at the Office of the Director of National Intelligence, recently told NBC News that “The threats as we go into 2020 are more sophisticated. This is not a Russia-only problem. Russia, China, Iran, North Korea, non-state hacktivists all have opportunity, means and potentially motive to come after the United States in the 2020 election to accomplish their goals.” She added that, among other things, security officials had identified reports of voting machines improperly connected to the internet as indicating potential vulnerabilities.