The Trump campaign is facing criticism and renewed questions about its obligations to report potential election interference after allegedly failing to notify law enforcement about a hacking incident targeting its email system. The incident came to light on August 9 when Microsoft disclosed Iranian attempts to hack an unnamed presidential campaign. It was later revealed that the Trump campaign had been hacked and vetting documents on Senator JD Vance, a potential running mate for former President Trump, had been leaked.

According to The Washington Post, the Trump campaign was aware of the hacking issue earlier in the summer but did not disclose it to law enforcement. Both the Trump campaign and Microsoft declined to comment on whether they reported the incident or made any referrals to law enforcement.

The episode highlights the reluctance of companies to disclose being hacked, fearing embarrassment and potential liability. However, cybersecurity experts argue that such disclosure is crucial, particularly in the face of ongoing attempts by foreign adversaries to interfere in US elections.

Kiersten Todt, a former chief of staff at the Cybersecurity and Infrastructure Security Agency (CISA), emphasized that campaigns have more at stake, and the timing of incidents can significantly impact election outcomes. Todt stressed the importance of sharing information across sectors and involving the federal government to prevent future incidents.

Microsoft, in its report, publicly attributed the hacking to the group Mint Sandstorm, operated by the Islamic Revolutionary Guard Corps. However, Brian Greer, a former CIA attorney, found it odd that the Trump campaign did not seek law enforcement assistance considering the severity of the crime. Greer highlighted the FBI's role in uncovering the broader picture and determining if other campaigns were targeted.

While companies have been resistant to reporting hacks, the FBI's involvement is seen as crucial for understanding the breadth of such attacks and the public education that comes with it. The Trump campaign called the leaked documents "illegally obtained," while the Harris campaign claimed they were notified by the FBI in July of targeted foreign influence operations.

The resistance to reporting incidents extends beyond political campaigns and into the broader cybersecurity space. Concerns over potential investigations, regulatory action, and lawsuits discourage many companies from reporting hacking incidents. However, legislation such as the Cyber Incident Reporting for Critical Infrastructure Act aims to encourage reporting by offering safe harbors for disclosure.

In response to these developments, cybersecurity experts argue that election infrastructure, including campaigns, should be required to report hacking incidents given their critical nature in democratic processes. Disclosure not only demonstrates moral courage but also raises awareness for other companies and helps prevent future attacks.

As the investigation into the Trump campaign's alleged failure to report the email hack unfolds, the episode serves as a reminder of the ongoing threats to US election integrity and the importance of robust collaboration between campaigns, private companies, and law enforcement agencies to safeguard democratic processes.