EU Elections 2019: Critical cyberattacks loom, Estonia warns

10.09.2018

A programer shows a sample of decrypting source code in Taipei, Taiwan, 13 May 2017. [EPA/RITCHIE B. TONGO]

A programer shows a sample of decrypting source code in Taipei, Taiwan, 13 May 2017. [EPA/RITCHIE B. TONGO]

The 2019 European elections could be hit by a spate of cyberattacks, which could even prevent the new European Parliament from convening, a report led by the Estonian Information System Authority has warned.

More than 20 EU member states, as well as the European Commission and the EU’s cyber security agency, contributed to the review, which uncovered some troubling results.

“In the case of the elections to the European Parliament, a successful campaign against one member state that includes cyber-enabled elements could mean that the assignment of seats cannot be confirmed thus compromising the entirety of election processes,” the document states.

Speaking to EURACTIV, the lead editor of the report, Liisa Past, emphasised these consequences: “A coordinated cyber attack could be so severe as to hamper the democratic process and obstruct the European Parliament from convening after the elections.”

Past was also keen to highlight how such an attack can dictate the political debate in the run-up to an election: “If a hack takes place during an election campaign, the political agenda can be completely thrown off course,” she said.

“In this case, political officials are required to explain the shortcomings of their security systems rather than their policy proposals.”

The warnings have come as the EU Commissioner for the Security Union, Julian King, voiced concerns about the threats to democratic processes brought on by cybercrime. He has noted how electoral integrity has to contend with the dual challenge of security breaches to election systems as well as attempts to manipulate voting behaviours.

Writing in The Guardian, he said: “Attacks on elections and electoral campaigns fall into two main categories: those based on systems and those based on behaviours. The first category includes cyber-attacks that manipulate the electoral process or voting technology to change the number of voters or the number of votes.”

King’s analysis is particularly pertinent in the current climate, amid continuing reports of Russia’s state-sponsored hacking of governmental networks during the 2016 US presidential election.

This is in addition to past attacks against Emmanuel Macron’s election campaign that included spear-phishing campaigns and substantial data leaks, and strikes on web portals during the 2016 Montenegro parliamentary elections.

The hacking of official web systems during election campaigns can take many forms. In 2007, for example, the website of the Kyrgyz General Election Commission was defaced with the message  “This site has been hacked by Dream of Estonian organisation,” while Denial of Service attacks took place during the October 2011 South Korean by-election.

On the continent, the 2019 European Elections are due next May and, with 27 countries participating, officials are right to be concerned about the threat of malicious activity, both in the form of hacking and disinformation.

The Commission has started taking steps in the area of disinformation in particular, with the introduction of a Code of Practice for internet platforms, set to be formally announced in September.

EU citizens are indeed concerned. A 2017 Eurostat survey found that 86% of Europeans feel increasingly exposed to the threat of cybercrime, with violations in this sector accounting for as much as half of all crimes committed in certain European states.

But Past wanted to emphasise that criminal interference in elections is not a modern phenomenon. “Let’s not forget that election fraud is nothing new,” she said.

“Paper-based systems have also been exposed to similar risks in the past, it’s just that meddling in the digital domain calls for a greater degree of innovation and technical expertise in combatting these violations. As such, the tools required to tackle security breaches must themselves be secure and legal.”

Source: Link