The cyber impact on elections: safeguarding democracy in 2024

The current strategic environment is one of renewed competition between nation states. The UK and its allies face an array of challenges from those who oppose the West’s liberal democratic ideals, who reject open markets and societies, and who scorn accountable governments and institutions.

There is a constant clash of values playing out above and below the threshold of open conflict – the area below the threshold is often referred to as 'The Grey Zone'  – where authoritarian governments employ various measures to intimidate their neighbours and undermine their strategic opponents. This often takes place in or through cyberspace, enabling authoritarian countries to achieve real-world effect without clear attribution. 

One aspect of society in which this clash has become increasingly apparent over recent years is the election process. Influencing an election can alter decision-making – either of public voters or of the subsequent elected leader – to align with a foreign power’s interest, while directly attacking the central democratic pillar of a nation. Needless to say, this can have significant long-term consequences.

We have seen the threat and reality of election interference cause major problems for some of what have been considered the world’s most institutionally robust and established democracies, with cyber-attacks and disinformation campaigns being two prime examples. Such activities can have various real-world impacts, most notably: driving a wedge into existing fault lines in societies; undermining trust in government, critical services and the media; and consuming resources by diverting the attention of police and intelligence services.

With nearly half the world’s population set to face a national election this year, the issue is more prevalent than ever. In this paper, we analyse the various attack vectors that are presenting ample opportunity for malicious parties to influence, disrupt and undermine democratic elections in 2024 – as well as the motivations for attacks and how nations can mitigate against them.

Technology’s growing prominence

Awareness of the potential cybersecurity impact on elections has been especially prominent since the 2016 US Presidential Election. With many nations at risk of interference, the main challenge facing today’s democratic governments is how to ensure security while technology continues to play a growing role in national elections.

The end-to-end election process is becoming underpinned by technological infrastructure. From core electoral process infrastructure such as voting machines and election management systems, to technologies used by supporting organisations such as election commissions and state or local officials – modern elections are more digitally-driven than ever before. The image below shows the key technologies often involved in the election process, although it should be noted that these vary from country to country.

This electoral infrastructure consists of a combination of systems that are interconnected to achieve their function, and systems not persistently networked but that must exchange information to fulfil their role in the election process.

As such, attackers have a wide range of potential entry points to exploit. The connected nature of the modern electoral system (i.e. how dependent upon IT systems the electoral systems are to function) significantly increases the risk of malicious cyber-attacks designed to interfere and disrupt – either at scale or targeting a specific area/department/demographic group etc.

And the technology involved in the process itself isn’t the only factor. We must also consider the wider digital platforms that affect public opinion both before and after an election takes place, with social media in particular being a prime target for outside interference alongside more traditional media institutions and personalities. Even non-digital components such as ballot voting systems may still be at risk if digital counting devices are used to recognise the voting slips, presenting many factors for governments to consider.

Characterising election interference

Next, we come to the types of interference, which we split into three key pillars. The first is influence. Malicious activity such as disinformation campaigns can be designed to influence voters and sway public opinion – often starting far before election day – thereby polarising populations in a way that ultimately favours particular candidates or parties.

Cyber-attacks to access personal voter information can help threat actors to target their information operations. Armed with stolen databases and information, attackers can create highly targeted misinformation, disinformation, or malinformation campaigns using social media. Although measuring the true impact of such campaigns is difficult, they can have the effect of significantly manipulating general public opinion, encouraging or discouraging voter turnout from a certain demographic to influence the result, or using information to manipulate specific social groups.

In terms of actors, this would be a prime objective for a foreign nation state wanting to affect foreign policy by influencing the victory of their preferred candidate, or conducting cyber-espionage to discover and even leak voting preferences of individuals or groups of interest to support their own agenda.

Furthermore, while peaceful protests and campaigns are a legal right of passage in many voting nations to help hold governments and political parties to account, some activists may venture beyond legitimate protests into hacktivism, dishonest manipulation of information, and misinformation operations in order to maliciously influence elections. Some governments that place a heavy emphasis on state authority have been known to go as far as force widespread internet service shutdowns in the lead up to elections in an effort to restrict civilians’ ability to organise protests or acts of civil unrest through social media.

The second pillar is disrupt, which can be achieved by attacking election infrastructure such as denying access to government websites, delaying core electoral processes, or damaging integrity of critical databases. Through compromising or impeding the mechanisms and processes of voting, such as registration or casting ballots, the electorate may be unable to vote altogether. Election fraud and voter impersonation can also disrupt elections, though this is unlikely at scale.

Consider nation states attempting to ensure a preferred outcome or damage the voting system, a political party that wants to change or affect an election result, or hacktivists who want to cause mayhem.

And finally, undermine. The effects of attacks and misinformation campaigns may be deeply damaging, undermining public trust in the integrity of electoral processes and results. The defacement of results and other confusion tactics may also reduce confidence in outcomes at a societal level. Indeed, any indication that an election has been tampered with – whether true or not – could bring into question its integrity. Such a tactic may be employed by nation states seeking to destroy faith in democratic systems and societies, or by activists who are unhappy with the results of an election.

The common theme across all of these pillars is erosion of the trust people hold in the democratic process and the institutions that underpin it. Even the relatively simple act of defacing a government webpage to claim compromised election integrity would serve to sow distrust. In turn, this helps expound the view that democracy is failing, that it does not imply good or legitimate governance, and that claims of the superiority of the democratic system are false.

Means of mitigation

So, what can governments and wider society do to protect against these threats and build cyber resilience to defend democracy? Key mitigations to election risks include increased monitoring of computer systems to detect intrusions, and implementing a strong baseline of security controls for any device involved in election-related activities. These actions can help to prevent attackers from accessing online voter registration systems or exploiting technical vulnerabilities in polling stations and core electoral systems, thereby preserving the integrity of voting data and votes collected.

Another critical action is to increase the sharing of threat intelligence across government and relevant partner organisations, and to conduct regular exercises that mimic real election disruption scenarios to better anticipate and react to threats – as well as to test and strengthen resilience.  Our Threat Intelligence team is constantly tracking hundreds of threat actors and carrying out in-depth analyses of networks – the resulting insights of which can be used to uncover misinformation campaigns, for example, and gain an advantage over attackers.

Since threat actors may seek to interfere in elections for the numerous reasons mentioned above, governments should prioritise mapping out and understanding at which point technologies intersect with their election processes, conducting holistic threat and risk assessments and introducing appropriate security controls. This can help to protect against foreign espionage and minimise the risk of disruptive or destructive activity from malicious actors, which are increasingly leveraging technologies such as generative AI to influence online political debate.

Governments should also emphasise the importance of cybersecurity and cyber-hygiene for businesses and the general public. The UK’s National Cyber Security Centre (NCSC) has issued a lot of valuable guidance such as its recent paper to help high-risk individuals protect their accounts and devices, while last year the Canadian Centre for Cyber Security released the fourth iteration of its ‘Cyber Threats to Canada’s Democratic Process’ report covering a wide spectrum of cyber threat activity and cyber-enabled influence campaigns.

And remember, cyber is just one avenue through which elections can be undermined; attackers will use a blend of cyber and physical means to achieve their goal based on whatever capabilities are at their disposal. Physically attacking polling stations in specific areas based on demographics or voting preferences is a very real tactic (although potentially a more easily attributable one) that could be employed to influence an election result.

So, while the cybersecurity risk is increasing, it needs to be considered as part of an integrated and coherent security plan across the entire election process. The world is gearing up for several important elections in 2024. Only by taking a holistic view will nations be able to adequately prepare themselves for the risks of today and those on the horizon.