The Democratic National Committee has warned candidates running in the 2018 midterm elections not to use devices made by Chinese telecom firms Huawei and ZTE because of security concerns.
“[P]lease make sure that you are not using or purchasing ZTE or Huawei devices anywhere within your staff – for personal or work-related use,” DNC Chief Security Officer Bob Lord wrote in an email obtained by CyberScoop.
Lord sent the email Friday to Democratic state parties and the DNC’s sister committees.
U.S. intelligence officials have long expressed concerns that equipment from Huawei and ZTE could be used to spy on Americans due to the companies’ alleged links to the Chinese government. Both companies have vigorously denied the allegations.
Lord cited congressional testimony from February, in which U.S. intelligence directors raised security concerns about the Chinese companies. “I wanted to highlight that the intelligence community does not make statements like this lightly,” he wrote.
The DNC hired Lord, Yahoo’s former chief information security officer, in January, and former Uber technology executive Raffi Krikorian in June 2017, as part of a security overhaul after the 2016 presidential election. Ahead of that election, Russian hackers stole and leaked emails from the DNC as part of an effort to discredit Hillary Clinton.
On Thursday, top security officials in President Donald Trump’s cabinet warned of the ongoing threat of Russian interference in the fall midterm elections.
CNN was first to report on the DNC’s warning.
The full email can be read below:
tl;dr: It’s very important that party and campaign workers not use ZTE or Huawei devices, even if the price is low or free.
I wanted to take a second to flag something very important for all of you that you should be vigilant about as you’re purchasing mobile devices to support your campaign staff and efforts.
Last February the heads of the FBI, CIA and NSA strongly recommended that Americans not purchase Huawei or ZTE devices as they pose a security risk. You can read more about it here. I wanted to highlight that the intelligence community does not make statements like this lightly. Again, please make sure that you are not using or purchasing ZTE or Huawei devices anywhere within your staff – for personal or work-related use.
While I have your attention on device security, please find attached the checklist I shared a while ago with some of you to ensure all of your and your staff’s devices are reasonably secured.
As a reminder, the checklist is meant to be printed out, and for people to go through it, confirming that they have completed the tasks. That way you know if you’re done, or if you have a few more items to take care of. I would like to see this checklist become part of each team’s culture. After all, even if you have completed all the tasks, a co-worker who has not can put the entire group at risk. No one wants to be the next “patient zero.”
Please make a pledge to your co-workers to check off all the tasks, and insist that they do the same. When new people join, make the checklist part of the onboarding process. At regular intervals before a major event like an election, gather the team to run through it again.
And as always, I recommend reading the Belfer Center Cybersecurity Campaign Playbook. It’s filled with great advice. If you have any questions, please don’t hesitate to reach out to myself or to [email redacted].
Thank you for your commitment to securing our Party and keeping us all safe!