How Microsoft AccountGuard will Help Protect Democratic Processes

In the midst of continuous political scandal, Microsoft announced an expansion of their Defending Democracy Program (DDP) this week through a new service called Microsoft AccountGuard.

Though the program itself is new, it is grounded in years of work to protect democratic processes. What exactly is AccountGuard and how will it account for threats against at-risk organizations? Let’s take a look.

Defending Democracy Program

Increasing threats against voting systems and technology infrastructure of political campaigns encouraged Microsoft to launch the DDP as a way for technology companies and governments to work together in order to safeguard electoral processes. Their overall goals include:

• Protect campaigns from hacking through increased cyber resilience measures, enhanced account monitoring and incident response capabilities.
• Increase political advertising transparency online by supporting relevant legislative proposals such as the Honest Ads Act and adopting additional self-regulatory measures across platforms.
• Explore technological solutions to preserve and protect electoral processes and engage with federal, state and local officials to identify and remediate cyber threats.
• Defend against disinformation campaigns in partnership with leading academic institutions and think tanks dedicated to countering state-sponsored computational propaganda and junk news.

AccountGuard

Microsoft’s role as a technology supplier to conventions for both major U.S. parties and other U.S. government institutions makes them responsible for keeping sensitive data safe from cyberattacks. Therefore, AccountGuard is open to:

• All current candidates for federal, state, and local office in the United States and their campaigns.
• The campaign organizations of all sitting members of Congress.
• National and state party committees.
• Technology vendors who primarily serve campaigns and committees.
• Certain nonprofit organizations and non-governmental organizations.

How it Will Work

AccountGuard will provide notification about cyberthreats, including attacks by known nation-state actors, across email systems run by organizations and the personal accounts of these organizations’ leaders and staff who opt-in.

When threats are detected, Microsoft works directly with participating organizations to notify them and help them secure their systems. This aspect of AccountGuard will draw on the expertise of the Microsoft Threat Intelligence Center (MSTIC).

Organizations that register for AccountGuard will receive best practice guidance and materials designed specifically for the unique problems faced by politically oriented organizations. This advice will come in two forms: off-the-shelf materials organizations can use as they grow and take on new staff, and in-depth live sessions.

AccountGuard will provide three services that will cover both organizational and personal email accounts:

• Threat notification across accounts: MSTIC will enable Microsoft to detect and provide notification of attacks in a unified way across both organizational and personal email systems. For political campaigns and other eligible organizations, when an attack is identified, this will provide a more comprehensive view of attacks against campaign staff. When verifiable threats are detected, Microsoft will provide personal and expedited recommendations to campaigns and campaign staff to secure their systems.
• Security guidance and ongoing education: Officials, campaigns and related political organizations will receive guidance to help make their networks and email systems more secure. This can include applying multi-factor authentication, installing the latest security updates and guidance for setting up systems that ensure only those people who need data and documents can access them. AccountGuard will provide updated briefings and training to address evolving cyberattack trends.
• Early adopter opportunities: Microsoft will provide preview releases of new security features on a par with the services offered to our large corporate and government account customers.

Microsoft AccountGuard will be offered on a non-partisan basis and Microsoft will not disclose the participation of any customer in the program without its permission. Nonprofit and nongovernmental organizations may register for AccountGuard if they are focused on political education, policy analysis, research or the advancement of democracy and meet Microsoft’s non-profit Mission Eligibility Guidelines.

Source

Microsoft uses threat intelligence to protect, detect, and respond to threats