Ensuring Cyber Security in Elections: A Crucial Imperative
As countries around the world gear up for elections, the importance of safeguarding the electoral infrastructure against cyber threats cannot be overstated. The government has issued warnings about the potential impact of rising geopolitical tensions on elections in at least 64 countries, representing nearly half of the world’s population.
Aside from the looming threat of nation-state actors interfering in elections, there is a growing risk posed by deepfakes, misinformation campaigns, and the emergence of hacktivists-for-hire, all contributing to a hostile environment. These threats originate from various entities with diverse motivations, including criminal organizations and state-sponsored threat actors.
One particular threat that demands attention is the use of specialized malware loaders by threat actors to infiltrate systems and facilitate the deployment of more harmful malware aimed at stealing sensitive information, passwords, or contacts. The infamous case of APT28 (known as MASEPIE) allegedly compromising the Hillary Clinton campaign in 2016 to influence the US elections serves as a stark example.
The Rise of Underground Forums
Disturbing activities have been observed on the Dark Web, including the illicit sale of public sector assets such as election data. This includes voter registration rolls, election results, and internal communications, all of which can undermine trust in democratic processes or target specific voters.
Threat actors have claimed access to election systems in the Middle East and South America, offering them for sale at exorbitant prices of up to $150,000.
These underground forums pose a significant threat to national and public safety, making it imperative for public sector organizations to adopt robust threat intelligence capabilities to detect such activities early on.
The Rise of Deepfakes
The upcoming general election in the UK coincides with a period of rapid advancements in AI and deepfake technology. The UK’s Cyber Agency has warned about the increasing prevalence of highly realistic deepfake videos and other forms of disinformation that could be used to spread falsehoods. Instances such as the deepfake audio clip of Sir Keir Starmer and a fake audio note attributed to Mayor Sadiq Khan underscore the potential dangers posed by deepfakes.
While the direct impact of misinformation on voting behavior remains unclear, there is a palpable risk to the integrity of electoral processes posed by the proliferation of deepfakes.
Securing Future Processes
Given the complex global political landscape, the UK has implemented various policies, including the establishment of the Defending Democracy Taskforce in 2022. This dedicated unit of experts aims to enhance the security of UK election processes, signaling a proactive approach to mitigating risks.
Cybersecurity threats, particularly in the form of “attacks as a service,” are on the rise, posing challenges in attribution and defense. Collaborative efforts among government agencies, public awareness campaigns, and reduced reliance on third-party technologies are crucial steps in fortifying election security.
It is essential for the UK to prepare for worst-case scenarios in current and future elections and address all cybersecurity aspects to uphold the integrity of the democratic process and safeguard the country’s democracy.
Interestingly, amidst the digital vulnerabilities, the traditional method of casting votes using a pencil and paper remains a secure aspect of the election process, highlighting the importance of maintaining robust security measures.
Barry O’Connell is EMEA general manager at Trustwave.
