Nearly half the world population – around 4 billion people – heads to the polls in 2024. Elections in the European Union (EU) and in the United States (US) take the centre stage, but countries like the United Kingdom (UK), Portugal, Russia, India, and Belgium also host either national or regional elections.


Since technology and politics go hand in hand, it’s only natural that cyber experts have a lot to talk about this year. What’s the risk of election cyber interference in each of these countries? What can be done to prevent such threats? Let’s see what’s really at stake.

 

 

Election cyber interference: a real risk?

It is a fact that cyber activities targeting elections have increased worldwide in the last decade. The table below, which is part of the European Union Agency for Cybersecurity (ENISA)’s Compendium on Elections Cybersecurity and Resilience, showcases a few recent examples of elections affected by cyberattacks:

Region

Year

Method used

Target

North-America

2020

  • Data breach (voter data)
  • Defacement of campaign website
  • Ransomware
  • State and election-related websites
  • Candidates’ campaign websites
  • Voter verification system

Europe

2021

Attempted spear

phishing for data theft

Members of parliament

Europe

2023

  • Attempted DDoS
  • Attempted phishing campaigns

Unspecified targets

Latin America

2023

Unspecified attack

On-line voting system for citizens living abroad

Global

2023

  • Spear phishing
  • Data breaches
  • Unspecified (attempted) attacks
  • Members of Parliament
  • Universities, journalists, public sector, non-government organisations and other civil society organisations

 

So, what’s really at stake in upcoming elections? Theoretically speaking, cyber attackers – either politically or financially motivated – can go from tampering with the daily activities or infrastructures of political campaigns, to interfering with the voter registration databases or even the votes themselves (if submitted electronically).


A recent study predicts that the 10 countries most at risk of election cyber interference are the US, UK, South Korea, India, Belgium, Pakistan, Belarus, Mexico, Georgia and Indonesia. Overall, 31% of the examined countries were found to face high interference threats. Plus, 27% face adversary groups linked to cyber interference offender countries, including Russia, China, Iran, and North Korea.


The good news is: cybersecurity authorities are more prepared than ever to deal with such threats and to neutralise them beforehand. In fact, US authorities in charge of protecting this year’s elections claim that they “will be the most secure elections to date” – words of General Paul Nakasone, head of the National Security Agency (NSA).


In the EU, as shown by the Compendium on Elections Cybersecurity and Resilience, ENISA and other cyber taskforces are also doing their part.

 

 

Which cyberattacks could emerge?

According to Alter Solutions’ cybersecurity expert Raphaël Cossec, “political election infrastructures will face the usual cybersecurity threats that all IT infrastructures face, like Denials of Service (DoS) attacks, insider threats, social engineering, phishing, among others, to leak data, spread ransomware or achieve web defacement”.


However, he anticipates, “the aim of the attacks will differ a bit, as the focus will be to undermine either the trust given to a candidate, or faith in the voting infrastructure itself, which is even more likely with the growth of remote voting. This could lead to an increasing lack of interest in politics, usually favouring some parties more than others.”


Apart from the already mentioned most common threats, Raphaël points out a few other threats powered by Artificial Intelligence (AI) techniques, which may be used to bias elections:

  • Deepfakes
    “The use of deepfakes could undermine trust in a candidate, by making them tell or do something they do not intend to.”

  • Foreign Information Manipulation and Interference (FIMI)
    “Foreign actors who engage in intentional attempts to manipulate facts.”

  • Social media disinformation
    “The use of social media networks to modify people’s impression of a candidate or political party.”

  • Identity theft
    “Using someone else’s identity, including dead people’s, through techniques enhanced by AI to increase the number of votes for a candidate.”

 

Let’s dive a bit deeper into the role of AI in the context of political elections.

 

 

AI: a weapon for attack and defense

Artificial Intelligence will be a key player in upcoming elections, both on the defensive side (politicians, parties, and related ecosystem) and the offensive side (hackers and other malicious actors).

 

How can AI be used to undermine elections?
  • Launch sophisticated and more effective social engineering attacks.
  • AI poisoning attacks (manipulation of datasets and data breaches).
  • Evade antivirus and other protecting tools.
  • Increase the number of mutations in malicious attacks so that they will become way harder to detect or analyse (morphing malwares).
  • AI-generated fake content (images, videos, texts, or soundbites generated via AI can be used to spread false information and influence public opinion).

 

How can AI be used to counterattack those threats?
  • Enhanced detection and response to cyber threats.
  • Protection of sensitive data.
  • Improved voter engagement (with the help of virtual assistants that can clarify questions and provide information on parties or candidates).
  • Data analytics (AI algorithms can analyse big volumes of data, identify voting trends, etc.).
  • Easier detection of AI-generated fake content.

 

That is to say: fighting fire with fire – or fighting AI with AI – seems to be the only way to go.

 

 

How to keep elections safe?

The most secure form of voting is by paper – no doubt about that. In fact, that remains the preferential voting method in Europe, the UK, and the US. However, that is not enough to keep elections safe, because as long as the voting process and infrastructures are targeted, the risks still exist.


That’s why several security operational teams and researchers gather regularly to discuss the current threat landscape and define what can be done to prevent or mitigate cyber threats. In Europe, specifically, the most relevant taskforces are:

 

These organisations’ meetings usually end up with a set of recommended actions to be implemented in order to raise IT infrastructures’ defences. Some of the most recurring measures are:

  • Collaborate and share information
    Security Operations Center (SOC) teams should share information on threats to improve the detection and the overall defensive architecture.

  • Raise awareness
    Every employee should have a minimum awareness of cyber threats and best practices (phishing, password security, updates, and so on).

  • Identify and manage risks
    The risks and responses associated to them should be identified by a case study beforehand.

  • Exercise and train
    Crisis management should be tested so that the actors are aware of what to do in real conditions.

  • Audit the organisational and technical measures
    Conduct regular audits (code review, stress test, vulnerability scans, pentests, procedure and practices’ evaluation) to look for weaknesses in the infrastructure.

 

 

How will cybersecurity evolve in politics?

Our cyber expert foresees a few trends and challenges for the upcoming years. “The major cybersecurity difficulty will be to differentiate between real and fake information. Social media will become more and more important, so we’ll have to be very careful about what information can be trusted. We should have a reliable stream to get information from legitimate candidates. Plus, politicians will have to be more aware of general cybersecurity risks to avoid leaking data and spreading fake information”, Raphaël advises.


When it comes to Artificial Intelligence, he believes that “it will be a major challenge for the following years, so the governments and public’s awareness will be important”.

 

 

Can citizens contribute to election cybersecurity?

For sure. At the end of the day, there is still a lot we can do, individually, to improve cybersecurity awareness and the trustworthiness of political elections. Alter Solutions’ cybersecurity expert suggests the following actions:

  • “Fact check every information that does not come from legitimate sources: even if a video seems real (reproducing someone’s exact face, voice, behaviour, posture, verbal tics, etc.), it can be fake.
  • Read or listen to different opinions on political topics.
  • Don’t pass on information that you’re not sure is legitimate.
  • Don’t give your personal information to anyone.
  • Check the security and legitimacy of the websites where you share data.
  • Do not open suspicious links, attachments, e-mails, or messages coming from an untrusted sender.”

 


 

2024 elections around the world

Check some of the most relevant political elections taking place in 2024, considering their high risk of cyber interference, and including information on the type of election, the date, and the free and fair elections index 2023 of the country in question (ranging from 0 to 1):

 

European Union
  • Type of election: European Parliament
  • Date: 6th – 9th of June
  • Free and fair elections index: 0.91

 

United States of America
  • Type of election: Presidency, Senate, and House of Representatives
  • Date: 5th of November
  • Free and fair elections index: 0.9

 

United Kingdom
  • Type of election: House of Commons
  • Date: Expected in 2024, with the latest possible date being 28th of January 2025
  • Free and fair elections index: 0.93

 

Belgium
  • Type of election: Chamber of Representatives
  • Date: 9th of June
  • Free and fair elections index: 0.97

 

Georgia
  • Type of election: Presidency + Parliament
  • Date: 26th of October + TBD
  • Free and fair elections index: 0.60

 

India
  • Type of election: Lok Sabha (House of the People)
  • Date: 19th of April – 1st of June
  • Free and fair elections index: 0.51

 

Mexico
  • Type of election: Presidency, Senate, Chamber of Deputies
  • Date: 2nd of June
  • Free and fair elections index: 0.67

 

South Korea
  • Type of election: National Assembly
  • Date: 10th of April
  • Free and fair elections index: 0.95

 

Belarus
  • Type of election: Chamber of Representatives
  • Date: 25th of February
  • Free and fair elections index: 0.14

 

Indonesia
  • Type of election: Presidency, Regional Representative Council, House of Representatives
  • Date: 14th of February
  • Free and fair elections index: 0.66

 

Pakistan
  • Type of election: National Assembly
  • Date: 8th of February
  • Free and fair elections index: 0.28

 

Portugal
  • Type of election: Assembly of the Republic
  • Date: 10th of March
  • Free and fair elections index: 0.95

 

Russia
  • Type of election: Presidency
  • Date: 15th – 17th of March
  • Free and fair elections index: 0.23

Compartir artículo