FUTURE TENSE: Running on a Cybersecurity Platform
Some candidates are using their technical backgrounds to make their pitch to voters.
When Atlanta’s city government computers were infected by SamSam ransomware last year, the effects were wide-ranging. The city had to postpone its court proceedings. No one in Atlanta could apply for city jobs or pay parking tickets or water bills. In an effort to contain the damage, Atlanta shut down the wireless network at Hartsfield-Jackson Airport. In Baltimore, earlier this year, a similar ransomware attack prevented home buyers from completing real estate purchases, city employees from accessing their email accounts, and residents from paying property taxes, water bills, and parking tickets. Baltimore and Atlanta were only two of several U.S. city governments hit by crippling ransomware attacks in the past few years, along with Riviera Beach, Florida; Lake City, Florida; and LaPorte County, Indiana, to name just a few.
In the upcoming elections cycle, at least two candidates with experience in cybersecurity are running for state-level elected offices. They hope to capitalize on the newfound awareness of cybersecurity as not just a national security issue but also a critical component of helping a city—or a state—function on a day-to-day basis. Voters are genuinely interested in hearing about ideas to strengthen state and local cybersecurity right now, the candidates say, but it’s unclear whether that interest will last until Election Day. People tend to care about cybersecurity most at the moment when they’re unable to pay their utility bills or sell their house, not necessarily when everything seems to be running fine.
Sheri Donahue, the Democratic candidate in the upcoming Kentucky election for state auditor of public accounts, told me, “It’s amazing when we go out and speak and you see everyone’s heads start nodding for sure when we get to talking about cybersecurity.” Unlike most politicians (see, for instance, Donald Trump in 2016: “The security aspect of cyber is very, very tough. And maybe it’s hardly do-able. But I will say, we are not doing the job we should be doing”), Donahue knows of what she speaks—she’s a former Navy engineer who worked on auditing and securing military systems before moving on to do cybersecurity for the health insurance company…