Cybersecurity for elections: a Commonwealth guide on best practice

Brown, Ian, Marsden, Christopher T, Lee, James and Veale, Michael (2020) Cybersecurity for elections: a Commonwealth guide on best practice. Other. Commonwealth Secretariat, London.

[img] PDF - Published Version
Restricted to SRO admin only
Available under License All Rights Reserved.

Download (2MB)

Abstract

Since the 1990s, internet-connected computers, mobile and ‘smart’ devices have become integral parts of day-to-day life for many in the Commonwealth, including for election-related activities. During each phase of contemporary elections, the direct and indirect use of computers and other technology introduces a range of risks to electoral integrity. These pose threats to confidentiality, integrity, and availability of information and infrastructures concerning votes and voters, candidates and parties, and broader election processes. Canada’s Communications Security Establishment has reported that from 2015 to 2018, it observed more than twice as many digital attacks on democratic processes worldwide, and a three-fold increase in Organisation for Economic Co-operation and Development (OECD) countries. These attacks have come from sophisticated state intelligence agencies, as well as ‘hackers for hire’2 and crime gangs targeting organisations for ransoms (as suffered by one Caribbean EMB, which had to pay a bitcoin ransom to regain access to its data).

This guide explains how cybersecurity issues can compromise traditional aspects of elections, such as maintaining voter lists, verifying voters, counting and casting votes and announcing results. It also describes how cybersecurity interacts with the broader electoral environment and new ways elections are being carried out, such as campaigns and data management by candidates and parties, online campaigns, social media, false or divisive information, and e-voting. Unless carefully managed, all these cybersecurity issues can present a critical threat to public confidence in election outcomes – which are the cornerstone of democracy.

To help Electoral Management Bodies (EMBs) manage cybersecurity risks, this guide describes principles for electoral cybersecurity as well as specific organisational recommendations that can be adapted as required. It additionally signposts an array of more detailed materials that can help with specific technical, social, or regulatory challenges.

Item Type: Reports and working papers (Other)
Schools and Departments: School of Law, Politics and Sociology > Law
SWORD Depositor: Mx Elements Account
Depositing User: Mx Elements Account
Date Deposited: 18 Jun 2020 09:42
Last Modified: 17 Jul 2020 14:02
URI: http://sro.sussex.ac.uk/id/eprint/91952

View download statistics for this item

📧 Request an update