Google expands election security offerings for federal and state campaigns

Google is expanding the security tools it offers to federal and state-level campaigns to counter mounting threats from cybervillains and political opponents.

In partnership with the cybersecurity nonprofit Defending Digital Campaigns, Google said it is extending the strongest form of two-factor authentication, Titan Security Keys, to federal campaigns and including state-level campaigns as part of its election security efforts.

“To help spread awareness and educate all persons involved in the campaign ecosystem, we’re collaborating with DDC to bring non-partisan virtual security training to all 50 states by the end of 2021,” wrote Mark Risher, Google director of product management, identity, and user security, on the company’s blog. “These trainings are designed to inform and educate state campaign officials, staff and others in the political sector, to understand the basics of protecting their organizations, keeping their information safe, and using built-in and widely available security tools.”

Ahead of the 2020 election, Google said it discovered attempts by an Iran-backed group looking to attack former President Donald Trump’s campaign and a Chinese group targeting President Biden’s campaign.

Many of America’s adversaries used the digital domain in 2020 to sow discord, exacerbate chaos or influence U.S. politics to tilt things in their preferred direction.

William R. Evanina, former director of U.S. counterintelligence, warned 100 days before the election that China aimed to pressure political figures, while Iran and Russia both spread disinformation.

Federal law enforcement and intelligence agencies engaged executives at Google and other Big Tech companies — including Facebook, Twitter and Microsoft — to help fight malign influence online.

The FBI and Cybersecurity and Infrastructure Security Agency (CISA) announced on Oct. 30 that Iranian cyber attackers gained access to voter registration data in “at least one state.”

After the Nov. 3 election, CISA issued a statement calling the election “the most secure in American history.”

Then came the end-of-year revelation that hackers breached SolarWinds’ computer network management software to access federal government and corporate networks. Cybersecurity officials pivoted from election security back toward the nation’s critical infrastructure.

Google’s announcement, however, underscores the need for political targets to harden their defenses and increase awareness of the sophisticated threats they face.

Google provided its two-factor authentication protections to more than 140 federal campaigns before the 2020 election and is now working on cybersecurity training initiatives for elected officials and their staffs, Mr. Risher wrote.