In 2024, some of the world’s largest democracies – including the US, UK, India and the EU – are gearing up for elections. However, cyberthreats and election interference are also on the rise globally – from attempts to disrupt polling infrastructure to spreading disinformation about political candidates and undermining confidence in the election results.
There have long been fears around the insecurity of voting technologies, including physical storage facilities, that may leave them vulnerable to cyberattacks. National security experts warn that foreign governments see elections as a pathway to undermining the United States – there have been multiple examples of this, such as Russia scanning US voting registration systems in 2016,and Iranian hackers obtaining voter data in 2020.
Additionally, the rise of AI-generated content has created an urgent need for global cooperation in developing tools and strategies to ensure election security – and safeguard democratic processes.
What are the most common cyber threats to elections?
Cybercriminals have access to increasingly sophisticated hacking and social engineering techniques. Some ways in which these could pose a threat to elections include:
- Distributed denial-of-service (DDoS) attacks to make election infrastructure unavailable to users.
- Gaining unauthorized access to election management or political party systems.
- Ransomware that interferes with access to election data and systems.
- Cyberattacks on critical infrastructure, such as power grids, to cause disruption during the election.
- Compromising voter registration databases – for example, changing names or contact details.
- Freezing up or slowing down voting systems to discourage voters from participating.
- Tampering with electronic voting machines to manipulate vote counts.
- Hacking into election management systems to undermine the accuracy of reported results.
- AI-generated deepfakes to spread false information about political candidates.
- Targeted phishing attacks on election officials or political parties to access sensitive information.
- Organized campaigns to discredit the electoral process and results.
- AI-driven targeting of voters through personalized advertisements to sway political opinions.
- Copying or leaking personally identifiable information related to voters.
- Using AI algorithms on social media to amplify certain political messages and suppress others.
- Disseminating misleading information about polling places to confuse or misdirect voters.
What role do governments play in election cybersecurity?
Fair and free elections are at the heart of a functioning democracy. More broadly, cyberattacks can significantly undermine citizens’ confidence in their country’s democratic processes and elected politicians – particularly in parts of the world with a history of voter suppression and totalitarian regimes.
While political parties and organizations are the most vulnerable parts of an electoral system, they often lack the money and resources to invest in cybersecurity. This is why it’s crucial for governments to protect elections against evolving cyberthreats, and work with intelligence agencies to identify any malicious foreign influence.
To build cyber resilience into the electoral process, collaboration is needed between government agencies, election authorities, cybersecurity experts, and tech providers. While cybersecurity specialists can help identify and address emerging risks, governments have the power to implement and enforce cybersecurity standards that will fortify election systems.
For example, the Cybersecurity & Infrastructure Security Agency (CISA) in the US publishes a toolkit and resources for election officials, including guides on how to secure voter information websites, email systems and networks. Other measures governments can take include regular security audits, and public awareness campaigns to educate individuals around safe online practices.
How can individuals help protect election integrity?
Disinformation through social media platforms or emails can affect the individual voting process and influence opinions or behaviour – for example, by providing false information about political candidates or polling places.
There are some things that people can do to protect themselves online:
- Be suspicious of unusual or unsolicited emails and don’t click on any links or attachments.
- Check official election websites to find out how, when, and where to vote.
- Do your research about which websites or apps are trustworthy.
- Verify content you find online before you share it with others or on social media.
- Use fact-checking tools like Snopes to see if a story has already been debunked.
- Look out for fake social media accounts with no profile photo or followers.
- Do a reverse image source to find out if an image has been altered or copied from elsewhere.
- Secure accounts and devices with strong, unique passwords and multi-factor authentication.
Can election systems be made completely secure?
Despite the growing list of security challenges, we are yet to see a full-scale cyberattack on major elections like in the United States. What’s more, improvements are constantly being made to electoral processes.
Paper ballots are still, by far, the most common form of voting worldwide – in order to minimize some of the risks associated with digital technologies. Since the 2016 presidential election in the US, there has been a widespread replacement of outdated voting machines that lacked paper records. By the 2020 election, around 93% of ballots cast nationwide produced a paper record, up from 82%.
After 2016, election systems were also designated as ‘critical infrastructure’ – a move that will enable the federal government to provide more support to keep state and local election systems safe from tampering. Two years later, America’s cyber defense agency, CISA, was established, employing regional election security advisers to work directly with election offices. Each state and local jurisdiction has strict protocols and tools in place to safeguard the voting process, including locks, security cameras, tamper-evident seals, audits, and access controls.
But ultimately, every member of society plays an important role in securing our election systems – from federal agencies, political parties and campaigners, media and social media platforms right down to the individual voters.