Technology brings both benefit and risk to elections – but there are solutions that can defend the process from cybersecurity threats.
This is the message from a new Commonwealth best practice guide to cybersecurity in elections.
The product has been developed to help election management bodies identify and manage cybersecurity risks.
Technology has become a common and often indispensable part of our elections. It includes e-voting machines. biometric scanners, mobile phones, electronic voter registration databases and social media platforms.
Yet each digital development also brings dangers such as the hacking of emails, the spread of misinformation and interference with voter databases and party member lists.
If not considered and managed, these can threaten public confidence in the integrity and credibility of democratic processes.
The guide covers technical systems, laws and policies, and capabilities across the whole electoral cycle.
It offers a raft of recommendations that can be tailored to national contexts to help professionals who run elections.
Lead author Dr Ian Brown said: “It’s really important that electoral authorities build up their links with all of those different government agencies dealing with cyber security, data protection, public procurement, a whole range of issues, so they can respond most effectively together.
“We’ve also suggested, especially in the Caribbean and Pacific where there are quite a number of small Commonwealth countries, that it would be really helpful if electoral authorities can co-operate within the region in terms of sharing training and learning, but also thinking about collaborative procurement and sharing information they see about specific attacks on their election infrastructures because that will make the response of each country together much stronger.”
Commonwealth Secretary-General Patricia Scotland said: “With internet-enabled devices employed in almost every aspect of our lives, they are inevitably transforming the electoral processes that are essentials to democracy.
“Yet each advance brings with it the potential for cybersecurity vulnerability, and the concurrent risk of undermining credibility and confidence in the entire electoral process. So it is vital for member countries to exchange ideas and lessons learnt as to what has and also what has not worked.
“That is our Commonwealth way: continually to raise performance through cooperation and mutual support.”
More than a year in the making, the guide is based on an in-depth questionnaire sent to all Commonwealth election management bodies; research missions in Ghana, Pakistan, Trinidad & Tobago and the UK; and regional training workshops in Africa, Asia-Pacific and the Caribbean.
It has been written by a group of consultants in fields such as information security, internet law, technology policy and regulation.
It is the chief outcome of the Strengthening Election Cybersecurity project that is part of the Commonwealth Cyber Capability Programme.
Funded by the UK’s Foreign and Commonwealth Office, the programme supports the implementation of the Commonwealth Cyber Declaration agreed by heads of government at their 2018 meeting in London.
The declaration commits “to a cyberspace that supports economic and social development and rights online; to build the foundations of an effective national cybersecurity response; and to promote stability in cyberspace through international cooperation.’
Ahead of the guide being launched, a presentation took place for the Cybercrime Investigations project which also forms part of the Commonwealth Cyber Capability Programme.
Awards for the winners of a competitive exercise on international cooperation in criminal investigations were given to Malcolm McBain from the UK (Scotland), Jacqueline BM Palumbo from Canada, K Andy Putchay from Mauritius, and Tammika Da Silva–Mc Kenzie from Saint Vincent and the Grenadine). Another winner, Neiko Serupepeli from Fiji, was not present.