Every two years almost seventy major candidates vie for Senate seats across the United States. Many of the candidates have or will soon have a major impact on policy and spending, and their campaign web sites are visited by millions of voters and other interested parties. 2016 has been the year of the political cyberattack, with hacked emails, phishing, insecure servers and even whispers of foreign penetration in the news.
Despite this backdrop, the cybersecurity of US Senate senatorial campaigns leaves much to be desired. On the eve of the 2016 election, Cybertical employed a new tool to scan the sites of 67 major candidates and found unpatched vulnerabilities, administrative usernames and public entry points on many of them. To help communicate which candidates’ sites were better or worse than others, every site scanned was awarded a “grade point average” (GPA) and a letter grade from A to F.
This presentation demonstrates the newly released tool, how it was used to get these results, and how the scoring process worked (and could be repeated across time to track improvement). Several Wisconsin and Milwaukee-area political sites will also be scanned and graded live.