University of Sussex
Browse

File(s) under permanent embargo

Cybersecurity for elections: a Commonwealth guide on best practice

report
posted on 2023-06-09, 21:18 authored by Ian Brown, Chris Marsden, James Lee, Michael Veale
Since the 1990s, internet-connected computers, mobile and ‘smart’ devices have become integral parts of day-to-day life for many in the Commonwealth, including for election-related activities. During each phase of contemporary elections, the direct and indirect use of computers and other technology introduces a range of risks to electoral integrity. These pose threats to confidentiality, integrity, and availability of information and infrastructures concerning votes and voters, candidates and parties, and broader election processes. Canada’s Communications Security Establishment has reported that from 2015 to 2018, it observed more than twice as many digital attacks on democratic processes worldwide, and a three-fold increase in Organisation for Economic Co-operation and Development (OECD) countries. These attacks have come from sophisticated state intelligence agencies, as well as ‘hackers for hire’2 and crime gangs targeting organisations for ransoms (as suffered by one Caribbean EMB, which had to pay a bitcoin ransom to regain access to its data). This guide explains how cybersecurity issues can compromise traditional aspects of elections, such as maintaining voter lists, verifying voters, counting and casting votes and announcing results. It also describes how cybersecurity interacts with the broader electoral environment and new ways elections are being carried out, such as campaigns and data management by candidates and parties, online campaigns, social media, false or divisive information, and e-voting. Unless carefully managed, all these cybersecurity issues can present a critical threat to public confidence in election outcomes – which are the cornerstone of democracy. To help Electoral Management Bodies (EMBs) manage cybersecurity risks, this guide describes principles for electoral cybersecurity as well as specific organisational recommendations that can be adapted as required. It additionally signposts an array of more detailed materials that can help with specific technical, social, or regulatory challenges.

History

Publication status

  • Published

File Version

  • Published version

Publisher

Commonwealth Secretariat

Pages

160.0

Place of publication

London

ISBN

978-1-84929-192-7

Department affiliated with

  • Law Publications

Full text available

  • No

Legacy Posted Date

2020-06-18

First Compliant Deposit (FCD) Date

2020-06-18

Usage metrics

    University of Sussex (Publications)

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC