Are European Elections Vulnerable to Cyber-attacks?

  • Pavel Hanosek
  • 30.4.2019 09:43

Arguably the most important event in European politics, the elections to the European Parliament are to be held between 23rd and 26th of May. With such an important event knocking on the door, questions arise about whether the elections are vulnerable to cyber attacks and foreign meddling. The fears of foreign interference with the electoral process are perceived seriously not only in Europe but in the whole world, especially after the 2016 US presidential elections. Trust is key in the electoral process and therefore just a minor security breach has a potential to undermine the whole election.

Free and fair elections are the backbone of democratic structures. Since the 2016 US presidential election and the Russian interference with the electoral process, fears spread rapidly over the danger of cyber attacks. Most of the participants of the G7 Summit in Dinard, France expressed their fear over the usage of cyber tools to undermine their electoral process, showing that the danger is deemed very serious all over the world.

 

Since 2017, several measures have been taken to strengthen resilience and the ability to respond to major cyber-attacks. 

 

 

However, the European Union acknowledged the importance of cybersecurity several years prior to the cyber meddling in the US elections. In 2017, the Commission came up with additional recommendations to enhance cyber-security and encouraged member states to make the necessary investments. Since 2017, several measures have been taken to strengthen resilience and the ability to respond to major cyber-attacks. The measures include the establishment of an inter-institutional Computer Emergency Response Team (CERT-EU), which is in charge of a coordinated approach to large-scale cyber attacks and the development of security certification for products and services across the EU. Just a few weeks ago, the European Council also adopted the Law Enforcement Emergency Response Protocol (LE ERP), implementing another level of coordination and cooperation on the European level.

European institutions and states are not the only ones afraid of cyber attacks. According to a Eurobarometer survey from November 2018, 61% of citizens fear cyber attacks targeting European elections and 58% fear foreign interference in the election.

The question is whether we are doing enough to protect our democratic processes. A lot of initiatives and measures are dealing with cybercrime with no special attention to electoral cyber-security. However, it is clear that the Union made significant progress when addressing a wide range of potential crisis scenarios - including large-scale cyber-attacks. This fact is highlighted by the addition of LE ERP into the existing crisis management and cyber-security structures of the EU. The Union certainly made huge progress addressing threats to businesses or individuals and is also active when creating a coordinated approach to such threats.

 

According to a Eurobarometer survey, 61% of citizens fear cyber attacks targeting European elections and 58% fear foreign interference in the election.

 

Another question is the issue of competences. European elections are organized in every country of the Union alone and European institutions don’t have any responsibility for the security of the process. Moreover, every member state uses different technologies, practises and principles when dealing with cyber threats even though significant efforts have been made to share experience, information and good practises on the European level.

Foreign interference or major cyber-attacks in the European elections are certainly a realistic scenario. In February 2019, Microsoft reported increased cyber activity in relation to the upcoming European elections. This included attacks against NGOs and think-tanks focused on electoral processes and civil society research. In response, Microsoft offered those institutions and organizations state-of-the-art cybersecurity protection. However, the burden of protecting endangered organizations should be a responsibility of national governments or European institutions instead of being a corporation’s gesture of goodwill.

 

Apart from a direct major cyberattack, there is a threat of disinformation emanating from foreign powers and indirect meddling with the elections.

 

It is clear that the election is as vulnerable as is the member state with the weakest defences. Cybersecurity is a common effort. The answer to the initial question is, therefore, yes, European elections are vulnerable to a potential large-scale cyber-attack. On one hand, the necessary procedures are in place to ensure the ability to rapidly respond in case of such an event and to decrease potential damage. On the other hand, European cyber security lacks preventive measures to protect important civil society institutions that might have a strong indirect impact on the outcome of the elections.

Apart from a direct major cyberattack, there is a threat of disinformation emanating from foreign powers and indirect meddling with the elections. Around 67% of Europeans fear that information about their activities online might be used to spread specific political messages. Disinformation is a significant threat to the European elections. Unfortunately, it is a very frequent and relatively simple way of indirectly influencing voters’ public opinions. It is also much easier and safer for a potential attacker to use disinformation than to organize a major cyber attack. Yet there is little to be done in this regard apart from educating people on media literacy and critical thinking. The European elections should be protected from both direct and indirect interference. Even though there are measures and procedures in place to rapidly respond to a major cyber incident, the elections are still relatively vulnerable to them as each member state has a different initial level of protection.

About author: Pavel Hanosek

Partners

Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace