2016: The Year Political Hacking Gets Real.

Political organizations are much like nation-states. Run by talented, driven individuals focused on achieving revolutionary aims, they have secrets just like countries. Richard Nixon knew it. As do his peers across history. And though Watergate remains the most prominent example of high-level political espionage, I would bet that it in fact happens every cycle.

This year will be no different. The only difference is that over the past four years, the tools for conducting sophisticated electronic surveillance have become widely available on the grey market. And I have a hunch they are going to make their way into this Presidential campaign cycle.

We’ve already seen what damage an e-mail server can do. What would happen if entire databases went public? Every donor name, private e-mail, and commentary. Every strategy document. Every consultant?—?and their fees, made public. Compromise could be catastrophic, generating negative publicity for days, if not weeks as motivated partisan researchers comb through the gigabytes of data spilled into the open.

Much like nation states, campaigns (or even their high-level donors of means, without sanction from their favored candidate) might employ neutral third parties in this cat-and-mouse game of 1's and 0's. Electronic spies associated with, or posing as, “Anonymous,” or as some little-known Eastern European hacking collective, posting data to Wikileaks, and taunting the candidate over twitter to gain the attention of the press.

It will be incredibly hard to tell who the perpetrator was until long after the damage is done. And even then, sophisticated actors may seek to conduct attacks that incriminate an innocent third party as the culprit (say by conducting the attack from the network of a third rival campaign headquarters with an unsecure wireless network).

So: what is a campaign to do?

And now, for a brief disclaimer. What follows is simply some strategic thoughts about how to think about security. Seek out paid professionals if you actually need this sort of help?—?do not use this article as anything more than inspiration.

The first step to protecting data is to first identify exactly what needs protecting. Take a hard look and figure out what data must never, under any circumstance, come to light. Focus your efforts there.

Having answered that critical question, put yourself in the shoes of the attacker. Consider that when it comes to technical compromise, often the weakest link is human. Be it loose lips, weak passwords, or stolen credentials, even the most well-meaning and loyal staff can make critical errors that lead to compromise.

Often the most damaging attacks can be prevented with simple training from certified professionals. “Phishing” (the practice of sending official-looking e-mails that direct people to sites that look like official login pages, in order to discover usernames and passwords) can often be prevented with some basic training along the lines of “NEVER CLICK A LINK SENT OVER E-MAIL.” Other attacks can be prevented with password managers like 1Password, or Apple’s “keychain” system. For those worried about stolen hardware, there are programs that allow IT administrators to remote-wipe computers from your own data center.

Bottom line: it’s a rough world out there on the internet, and just like insurance companies, government organizations, and other websites who have found themselves on the receiving end of digital attacks, political organizations offer a tempting target. And with the barriers of entry getting lower every day, I think that it behooves political organizations to investigate how to take basic steps to hedge against this emerging problem.