Cyber and information security in elections – FINN Partners
February 15, 2022
Cyber and information security in elections
In May 2022, French adults will vote to elect their new President, a crucial moment of democracy in our country. However, as the whole nation is focused on politics, this period of time also favours cyberthreats and disinformation. Cyber and information security in elections is essential to avert voters’ views being altered through identity fraud or the widespread propagation of false information.
Be careful of online identities
The pandemic drove more people online to carry out everyday tasks such as shopping and banking. Unfortunately, an increase in online activity sparks a corresponding increase in cybercrime including identity theft for the purpose of stealing information or spreading fraudulent news. According to the Verizon Data Breach Investigations report, cyberthreats are increasing every year and more than 60 per cent of hack-related data breaches involve theft and use of stolen credentials.
In politics, it’s not only senior level people who can become victims of such attacks but all staff members, whatever their positions in a political party or campaign. With high quality information made available by the exploited access, cybercriminals can exfiltrate confidential material and information, use their status to spread disinformation on social media and email, or even lock down campaign operations via targeted malware and ransomware attacks.
While hackers will certainly seek to infiltrate those close to each party, the threat goes even further. State and local governments responsible for organising and protecting elections will also be attractive targets, as will organisations and voters. A political and societal supply chain is then in place. It only takes one compromised account for an attacker to potentially corrupt the entire infrastructure of an organisation. This is why Meta, the parent organisation of Facebook and Instagram, created Facebook Protect to help political candidates protect their accounts through two-factor authentication, and state they are starting to require its use.
While ‘traditional’ voting still takes place in France, Parliament is working towards remote voting. For the 2022 Parliament elections, French expats will be able to vote remotely, making it the first election in France to do so. In a country where abstention is rising considerably, the electronic vote is approved by 78 per cent of French citizens, according to a study by Odoxa Backbone Consulting.
However, the proportion of people not registered or badly registered on electoral lists worries politicians. According to a study by Céline Braconnier, 17 per cent of the French population and 51 per cent of young people aged 25 to 29 are badly registered; further digitisation of registration provides an ideal opportunity to avoid more citizens being lost from the process.
Digital voting would have to be closely monitored so as not to integrate false identities or send fraudulent ballots. A simple flaw in remote and electronic voting processes can be exploited and a whole election rendered fraudulent. Indeed, hackers could change a vote after it has been cast, or even simply cancel it. They could add a new ‘ghost’ identity to the register and cast a vote for this make-believe citizen. If the identities of candidates or voters in a remote election are not protected, the political consequences could be significant with an election outcome that does not reflect public opinion.
The more people conduct their business online, the more their activities become subject to the risk of cyberthreats. Securing elections, and political life in general, requires strong online identity security, even if the voting process is not an electronic one. We have learnt in the past how a range of techniques can be used to sway public opinion through fake news or propaganda. Securing voting processes, and mitigating the risk from hackers set to exploit people associated with campaigns or identities, is essential for global politics.