The Federal Election Committee (FEC) has voted that lawmakers are allowed to use leftover campaign funds to guard personal email accounts and devices from cyber threats.
In a proposed draft of its advisory opinion, the FEC responded to Sen. Ron Wyden’s question: “May a United States Senator use campaign funds to pay for the costs of cybersecurity measures to protect his personal electronic devices and accounts?”
The FEC responded, “Yes.”
“The Commission concludes that you may use campaign funds to pay for the costs of security measures to protect your personal devices and accounts without such payments constituting an impermissible conversion of campaign funds to personal use, under the Act and Commission regulations,” the FEC wrote.
In submitting his request to the FEC, Sen. Wyden acknowledged that he had not experienced any personal threats thus far, but he argued that the cyber threats elected officials face include "attacks by sophisticated state-sponsored hackers and intelligence agencies against personal devices and accounts."
In the advisory opinion, the FEC acknowledged that both Dan Coats, director of National Intelligence, and Michael Rogers, former director of the National Security Agency (NSA), agreed that the personal accounts of lawmakers are at risk of cyber-attacks.
“It’s become increasingly clear in recent years that foreign attackers view institutions that underpin democracy as high-value targets. From election equipment to the elected representatives themselves, malicious actors will systematically look for access,” said Ben Johnson, co-founder and CTO, Obsidian Security.
“The ruling by the FEC allowing leftover campaign funds to purchase additional cybersecurity detection and protection has kept the conversation about election protection going. We need to ask whether cybersecurity should have to rely on unpredictable leftover funds or if it should be a key component to candidates’ campaign machinery. Personal devices and personal accounts are coupled with corporate and government security,." said Johnson.
"That trend is only going to increase. A stronger approach to personal cybersecurity hygiene can help provide a critical extra layer of defense against attackers looking to influence or access US government systems. Put simply: anything that makes our personal identities safer will benefit our professional identities."