The UK’s voting system does not lend itself to electronic manipulation; voting and counting of ballots English local elections are manual processes. However, there are some areas that could be vulnerable to cyber operations; according to NCSC (National Cyber Security Centre) advice for councils, ahead of the May 3 local elections. The official UK cyber centre with CPNI warns that DDoS attacks, particularly against electoral, government or media websites, could seek to make them unavailable at key moments during an electoral campaign (for example shortly before the deadline for voter registration, or on election day. There may be attempts – whether by hackers for hire, hacktivists or cyber criminals – at spear-phishing or fake emails; or ransomware; or to alter or remove information published online, or publish falsified information or information obtained through hacking.
Comment
Andrew Lloyd, President at Corero Network Security recalled recent headlines on the apparent “mass psychology” attempts by Cambridge Analytica (aided by Facebook) to influence voting intentions; the NCSC is rightly highlighting that the infrastructure of the election process may also be vulnerable. “The UK’s pencil and paper voting mechanism largely protects the act of casting a vote, however, the cyber-threat is real for other election infrastructure such as voter registration web portals.
“Emboldened either by previous success and/or notoriety cyber-attackers will continue to exploit DDoS to make their election point; whether it’s, political, moral, or otherwise. Frustratingly for the security services, it’s seldom possible to identify the attacker or determine the true source of the attack. Where the DDoS traffic emanates from is almost certainly not directly related to the attacker, those who funded the attacks, or the geographical region they are located in.
“Given that we’re unable to deter or identify most of the attackers, we must protect the integrity of the systems being used for the democratic process. The latest always-on real-time automated DDoS protection solutions can keep systems online, and available for citizens and officials to access, at all times before, during and after putting pencil to the voting paper.”
