Cyber-enabled foreign interference in elections and referendums
What's the problem?
Over the past decade, state actors have taken advantage of the digitisation of election systems, election administration and election campaigns to interfere in foreign elections and referendums.1 Their activity can be divided into two attack vectors. First, they’ve used various cyber operations, such as denial of service (DoS) attacks and phishing attacks, to disrupt voting infrastructure and target electronic and online voting, including vote tabulation. Second, they’ve used online information operations to exploit the digital presence of election campaigns, politicians, journalists and voters.
Together, these two attack vectors (referred to collectively as ‘cyber-enabled foreign interference’ in this report because both are mediated through cyberspace) have been used to seek to influence voters and their turnout at elections, manipulate the information environment and diminish public trust in democratic processes.
This research identified 41 elections and seven referendums between January 2010 and October 2020 where cyber-enabled foreign interference was reported, and it finds that there’s been a significant uptick in such activity since 2017. This data collection shows that Russia is the most prolific state actor engaging in online interference, followed by China, whose cyber-enabled foreign interference activity has increased significantly over the past two years. As well as these two dominant actors, Iran and North Korea have also tried to influence foreign elections in 2019 and 2020. All four states have sought to interfere in the 2020 US presidential elections using differing cyber-enabled foreign interference tactics.
In many cases, these four actors use a combination of cyber operations and online information operations to reinforce their activities. There’s also often a clear geopolitical link between the interfering state and its target: these actors are targeting states they see as adversaries or useful to their geopolitical interests.
Democratic societies are yet to develop clear thresholds for responding to cyber-enabled interference, particularly when it’s combined with other levers of state power or layered with a veil of plausible deniability.2 Even when they’re able to detect it, often with the help of social media platforms, research institutes and the media, most states are failing to effectively deter such activity. The principles inherent in democratic societies—openness, freedom of speech and the free flow of ideas—have made them particularly vulnerable to online interference.
What’s the solution?
This research finds that not all states are being targeted by serious external threats to their electoral processes, so governments should consider scaled responses to specific challenges. However, the level of threat to all states will change over time, so there’s little room for complacency. For all stakeholders—in government, industry and civil society—learning from the experience of others will help nations minimise the chance of their own election vulnerabilities being exploited in the future.3
The integrity of elections and referendums is key to societal resilience. Therefore, these events must be better protected through greater international collaboration and stronger engagement between government, the private sector and civil society.
Policymakers must respond to these challenges without adopting undue regulatory measures that would undermine their political systems and create ‘the kind of rigidly controlled environment autocrats seek’.4 Those countries facing meaningful cyber-enabled interference need to adopt a multi-stakeholder approach that carefully balances democratic principles and involves governments, parliaments, internet platforms, cybersecurity companies, media, NGOs and research institutes. This report recommends that governments identify vulnerabilities and threats as a basis for developing an effective risk-mitigation framework for resisting cyber-enabled foreign interference.
The rapid adoption of social media and its integration into the fabric of political discourse has created an attack surface for malign actors to exploit. Global online platforms must take responsibility for taking appropriate action against actors attempting to manipulate their users, yet these companies are commercial entities whose interests aren’t always aligned with those of governments. They aren’t intelligence agencies so are sometimes limited in their capacity to attribute malign activities directly. To mitigate risk during election cycles, social media companies’ security teams should work closely with governments and civil society groups to ensure that there’s a shared understanding of the threat actors and of their tactics in order to ensure an effectively calibrated and collaborative security posture.
Policymakers must implement appropriate whole-of-government mechanisms which continuously engage key stakeholders in the private sector and civil society. Greater investments in capacity building must be made by both governments and businesses in the detection and deterrence of these. It’s vital that civil society groups are supported to build up capability that stimulates and informs international public discourse and policymaking. Threats to election integrity are persistent, and the number of actors willing to deploy these tactics is growing.
Foreign states’ efforts to interfere in the elections and referendums of other states, and more broadly to undermine other political systems, are an enduring practice of statecraft.5 Yet the scale and methods through which such interference occurs has changed, with old and new techniques adapting to suit the cyber domain and the opportunities presented by a 24/7, always connected information environment.6
When much of the world moved online, political targets became more vulnerable to foreign interference, and millions of voters were suddenly exposed, ‘in a new, “neutral” medium, to the very old arts of persuasion or agitation’.7 The adoption of electronic and online voting, voter tabulation and voter registration,8 as well as the growth of online information sharing and communication, has made interference in elections easier, cheaper and more covert.9 This has lowered the entry costs for states seeking to engage in election interference.10
Elections and referendums are targeted by foreign adversaries because they are opportunities when significant political and policy change occurs and they are also the means through which elected governments derive their legitimacy.11 By targeting electoral events, foreign actors can attempt to influence political decisions and policymaking, shift political agendas, encourage social polarisation and undermine democracies. This enables them to achieve long-term strategic goals, such as strengthening their relative national and regional influence, subverting undesired candidates, and compromising international alliances that ‘pose a threat’ to their interests.12
Elections and referendums also involve diverse actors, such as politicians, campaign staffers, voters and social media platforms, all of which can be targeted to knowingly or unknowingly participate in, or assist with, interference orchestrated by a foreign state.13 There are also a number of cases where journalists and media outlets have unwittingly shared, amplified, and contributed to the online information operations of foreign state actors.14 The use of unknowing participants has proved to be a key feature of cyber-enabled foreign election interference.
This is a dangerous place for liberal democracies to be in. This report highlights that the same foreign state actors continue to pursue this type of interference, so much so that it is now becoming a global norm that’s an expected part of some countries’ election processes. On its own, this perceived threat has the potential to undermine the integrity of elections and referendums and trust in public and democratic institutions.
Methodology and definitions
This research is an extension and expansion of the International Cyber Policy Centre’s Hacking democracies: cataloguing cyber-enabled attacks on elections, which was published in May 2019. That project developed a database of reported cases of cyber-enabled foreign interference in national elections held between November 2016 and April 2019.15 This new research extends the scope of Hacking democracies by examining cases of cyber-enabled foreign interference between January 2010 and October 2020. This time frame was selected because information on the use of cyber-enabled techniques as a means of foreign interference started to emerge only in the early 2010s.16
This reports appendix includes a dataset that provides an inventory of case studies where foreign state actors have reportedly used cyber-enabled techniques to interfere in elections and referendums.
The cases have been categorised by:
- type of political process
- attack vector (method of interference)
- alleged foreign state actor.
Also accompanying this report is an interactive online map which geo-codes and illustrates our dataset, allowing users to apply filters to search through the above categories.
This research relied on open-source information, predominantly in English, including media reports from local, national, and international outlets, policy papers, academic research, and public databases. It was desktop based and consisted of case selection, case categorisation and mixed-methods analysis.17 The research also benefited from a series of roundtable discussions and consultations with experts in the field,18 as well as a lengthy internal and external peer review process.
The accompanying dataset only includes cases where attribution was publicly reported by credible researchers, cybersecurity firms or journalists. The role of non-state actors and the use of cyber-enabled techniques by domestic governments and political parties to shape political discourse and public attitudes within their own societies weren’t considered as part of this research.19
This methodology has limitations. For example, the research is limited by the covert and ongoing nature of cyber-enabled foreign interference, which is not limited to the period of an election cycle or campaign. Case selection for the new dataset, in particular, was impeded by the lack of publicly available information and uncertainty about intent and attribution, which are common problems in work concerning cyber-enabled or other online activity. It likely results in the underreporting of cases and a skewing towards English-language and mainstream media sources. The inability to accurately assess the impact of interference campaigns also results in a dataset that doesn’t distinguish between major and minor campaigns and their outcomes. The methodology omitted cyber-enabled foreign interference that occurred outside the context of elections or referendums.20
In the context of this policy brief, the term ‘attack vector’ refers to the means by which foreign state actors carry out cyber-enabled interference. Accordingly, the dataset contains cases of interference that can broadly be divided into two categories:
• Cyber operations: covert activities carried out via digital infrastructure to gain access to a server or system in order to compromise its service, identify or introduce vulnerabilities, manipulate information or perform espionage21
• Online information operations: information operations carried out in the online information environment to covertly distort, confuse, mislead and manipulate targets through deceptive or inaccurate information.22
Cyber operations and online information operations are carried out via an ‘attack surface’, which is to be understood as the ‘environment where an attacker can try to enter, cause an effect on, or extract data from’.23
ASPI’s International Cyber Policy Centre has identified 41 elections and seven referendums between January 2010 and October 2020 (Figure 1) that have been subject to cyber-enabled foreign interference in the form of cyber operations, online information operations or a combination of the two.24
Figure 1: Cases of cyber-enabled foreign interference, by year and type of political process
Figure 1 shows that reports of the use of cyber-enabled techniques to interfere in foreign elections and referendums has increased significantly over the past five years. Thirty-eight of the 41 elections in which foreign interference was identified, and six of the referendums, occurred between 2015 and 2020 (Figure 1). These figures are significant when we consider that elections take place only every couple of years and that referendums are typically held on an ad hoc basis, meaning that foreign state actors have limited opportunities to carry out this type of interference.
As a key feature of cyber-enabled interference is deniability, there are likely many more cases that remain publicly undetected or unattributed. Moreover, what might be perceived as a drop in recorded cases in 2020 can be attributed to a number of factors, including election delays caused by Covid-19 and that election interference is often identified and reported on only after an election period is over.
Figure 2: Targets of cyber-enabled foreign interference in an election or referendum
Note: The numbers in the map represent the number of reported cases of cyber-enabled foreign interference in an election or referendum. Access this interactive map here. Source: Maptive, map data © 2020 Google.
Figure 3: Number of political processes targeted (1–4), by state or region
Cyber-enabled interference occurred on six continents (Africa, Asia, Europe, North America, Australia and South America).The research identified 33 states that have experienced cyber-enabled foreign interference in at least one election cycle or referendum, the overwhelming majority of which are democracies.25 The EU has also been a target: several member states were targeted in the lead-up to the 2019 European Parliament election.26
Significantly, this research identified 11 states that were targeted in more than one election cycle or referendum (Figure 3). The repeated targeting of certain states is indicative of their (perceived) strategic value, the existence of candidates that are aligned with the foreign state actors’ interests,27 insufficient deterrence efforts, or past efforts that have delivered results.28 This research also identified five cases in which multiple foreign state actors targeted the same election or referendum (the 2014 Scottish independence referendum, the 2016 UK referendum on EU membership, the 2018 Macedonian referendum, the 2019 Indonesian general election and the 2020 US presidential election). Rather than suggesting coordinated action, the targeting of a single election or referendum by multiple foreign state actors more likely reflects the strategic importance of the outcome to multiple states.
The attack vectors
The attack vectors are cyber operations and online information operations.29 Of the 48 political processes targeted, 26 were subjected to cyber operations and 34 were subjected to online information operations. Twelve were subjected to a combination of both (Figure 4).
Figure 4: Attacks on political processes, by attack vector
This research identified 25 elections and one referendum over the past decade in which cyber operations were used for interference purposes. In the context of election interference, cyber operations fell into two broad classes: operations to directly disrupt (such as DoS attacks) or operations to gain unauthorised access (such as phishing). Unauthorised access could be used to enable subsequent disruption or to gather intelligence that could then enable online information operations, such as a hack-and-leak campaign.
Phishing attacks were the main technique used to gain unauthorised access to the personal online accounts and computer systems of individuals and organisations involved in managing and running election campaigns or infrastructure. They were used in 17 of the 25 elections, as well as the referendum, with political campaigns on the receiving end in most of the reported instances. Phishing involves misleading a target into downloading malware or disclosing personal information, such as login credentials, by sending a malicious link or file in an otherwise seemingly innocuous email or message (Figure 5).30 For example, Google revealed in 2020 that Chinese state-sponsored threat actors pretended to be from antivirus software firm McAfee in order to target US election campaigns and staffers with a phishing attack.31
Figure 5: The email Russian hackers used to compromise state voting systems ahead of the 2016 US presidential election
Source: Sam Biddle, ‘Here’s the email Russian hackers used to try to break into state voting systems’, The Intercept, 2 June 2018, online.
When threat actors gain unauthorised access to election infrastructure, they could potentially disrupt or even alter vote counts, as well as use information gathered from their access to distract public discourse and sow doubt about the validity and integrity of the process.
Then there are DoS attacks, in which a computer or online server is overwhelmed by connection requests, leaving it unable to provide service.32 In elections, they’re often used to compromise government and election-related websites, including those used for voter registration and vote tallying.
DoS attacks were used in six of the 25 elections, and one referendum, targeting vote-tallying websites, national electoral commissions and the websites of political campaigns and candidates. For example, in 2019, the website of Ukrainian presidential candidate Volodymyr Zelenskiy was subjected to a distributed DoS attack the day after he announced his intention to run for office. The website received 5 million requests within minutes of its launch and was quickly taken offline, preventing people from registering as supporters.33
Online information operations
This research identified 28 elections and six referendums over the past decade in which online information operations were used for interference purposes. In the context of election interference, online information operations should be understood as the actions taken online by foreign state actors to distort political sentiment in an election to achieve a strategic or geopolitical outcome.34
They can be difficult to distinguish from everyday online interactions and often seek to exploit existing divisions and tensions within the targeted society.35
Online information operations combine social media manipulation (‘inauthentic coordinated behaviour’), for example partisan media coverage and disinformation to distort political sentiment during an election and, more broadly, to alter the information environment. The operations are designed to target voters directly and often make use of social media and networking platforms to interact in real time and assimilate more readily with their targets.36
Online information operations tend to attract and include domestic actors.37 There have been several examples in which Russian operatives have successfully infiltrated and influenced legitimate activist groups in the US.38 This becomes even more prominent as foreign state actors align their online information operations with domestic disinformation and extremist campaigns, amplifying rather than creating disinformation.39 The strategic use of domestic disinformation means that governments and regulators may find it difficult to target them without also taking a stand against domestic misinformers and groups.
It is important to acknowledge the synergy of the two attack vectors, and also how they can converge and reinforce one another.40 This research identified three elections where cyber operations were used to compromise a system and obtain sensitive material, such as emails or documents, which were then strategically disclosed online and amplified.41 For example, according to Reuters, classified documents titled ‘UK-US Trade & Investment Working Group Full Readout’ were distributed online before the 2019 British general election as part of a Russian-backed strategic disclosure campaign.42
The main concern with the strategic use of both attack vectors is that it further complicates the target’s ability to detect, attribute and respond. This means that any meaningful response will need to consider both potential attack vectors when securing vulnerabilities.
State actors and targets
Cyber-enabled foreign interference in elections and referendums between 2010 and 2020 has been publicly attributed to only a small number of states: Russia, China, Iran and North Korea. In most cases, a clear geopolitical link between the source of interference and the target can be identified; Russia, China, Iran and North Korea mainly target states in their respective regions, or states they regard as adversaries— such as the US.43
The increasing cohesion among foreign state actors, notably China and Iran learning and adopting various techniques from Russia, has made it increasingly difficult to distinguish between the different foreign state actors.44 This has been further complicated by the adoption of Russian tactics and techniques by domestic groups, in particular groups aligned with the far-right for example.45
Russia is the most prolific foreign actor in this space. This research identified 31 elections and seven referendums involving 26 states over the past decade in which Russia allegedly used cyber-enabled foreign interference tactics. Unlike the actions of many of the other state actors profiled here, Russia’s approach has been global and wide-ranging. Many of Russia’s efforts remain focused on Europe, where Moscow allegedly used cyber-enabled means to interfere in 20 elections, including the 2019 European Parliament election and seven referendums. Of the 16 European states affected, 12 are members of the EU and 13 are members of NATO.46 Another focus for Russia has been the US and while the actual impact on voters remains debatable, Russian interference has become an expected part of US elections.47 Moscow has also sought to interfere in the elections of several countries in South America and Africa, possibly in an attempt to undermine democratisation efforts and influence their foreign policy orientations.48
Russia appears to be motivated by the intent to signal its capacity to respond to perceived foreign interference in its internal affairs and anti-Russian sentiment.49 It also seeks to strengthen its regional power by weakening alliances that pose a threat. For instance, Russia used cyber operations and online information operations to interfere in both the 2016 Montenegrin parliamentary election and the 2018 Macedonian referendum. This campaign was part of its broader political strategy to block the two states from joining NATO and prevent the expansion of Western influence into the Balkan peninsula.50
Figure 6: States targeted by Russia between 2010 and 2020
Source: Maptive, map data © 2020 Google.
Over the past decade, it’s been reported that China has targeted 10 elections in seven states and regions. Taiwan, specifically Taiwanese President Tsai Ing-wen and her Democratic Progressive Party, has been the main target of China’s cyber-enabled election interference.51 Over the past three years, however, the Chinese state has expanded its efforts across the Indo-Pacific region.52 Beijing has also been linked to activity during the 2020 US presidential election. As reported by the New York Times and confirmed by both Google and Microsoft, state-backed hackers from China allegedly conducted unsuccessful spear-phishing attacks to gain access to the personal email accounts of campaign staff members working for the Democratic Party candidate Joseph Biden.53
China’s interference in foreign elections is part of its broader strategy to defend its ‘core’ national interests, both domestically and regionally, and apply pressure to political figures who challenge those interests. Those core interests, as defined by the Chinese Communist Party, include the preservation of domestic stability, economic development, territorial integrity and the advancement of China’s great-power status.54 Previously, China’s approach could be contrasted with Russia’s in that China attempted to deflect negativity and shape foreign perceptions to bolster its legitimacy, whereas Russia sought to destabilise the information environment, disrupt societies and weaken the target.55 More recently, however, China has adopted methods associated with Russian interference, such as blatantly destabilising the general information environment in targeted countries with obvious mistruths and conspiracy theories.56
Figure 7: States and regions targeted by China between 2010 and 2020
Source: Maptive, map data © 2020 Google.
This dataset shows that Iran engaged in alleged interference in two elections and two referendums in three states.57 Iranian interference in foreign elections appears to be similar to Russian interference in that it’s a defensive action against the target for meddling in Iran’s internal affairs and a reaction to perceived anti-Iran sentiment. A pertinent and current example of this is Iran’s recent efforts to interfere in the 2020 US presidential election by targeting President Trump’s campaign.58 As reported by the Washington Post, Microsoft discovered that the Iranian-backed hacker group Phosphorus had used phishing emails to target 241 email accounts belonging to government officials, journalists, prominent Iranian citizens and staff associated with Trump’s election campaign and successfully compromised four of those accounts.59
Figure 8: States targeted by Iran between 2010 and 2020
Source: Maptive, map data © 2020 Google.
North Korea has been identified as a foreign threat actor behind activity targeting both the 2020 South Korean legislative election and the 2020 US presidential election.60 Somewhat similarly to China’s approach, North Korea’s interference appears to focus on silencing critics and discrediting narratives that undermine its national interests. For example, North Korea targeted North Korean citizens running in South Korea’s 2020 legislative election, including Thae Yong-ho, the former North Korean Deputy Ambassador to the UK and one of the highest-ranking North Korean officials to ever defect.61
Figure 9: States targeted by North Korea between 2010 and 2020
Source: Maptive, map data © 2020 Google.
Detection and attribution
Detection and attribution requires considerable time and resources, as those tasks require the technical ability to analyse and reverse engineer a cyber operation or online information operation.
Beyond attribution, understanding the strategic and geopolitical aims of each event is challenging and time-consuming.62 The covert and online nature of cyber-enabled interference, whether carried out as a cyber operation or an online information operation, inevitably complicates the detection and identification of interference. For example, a DoS attack can be difficult to distinguish from a legitimate rise in online traffic. Moreover, the nature of the digital infrastructure and the online information environment used to carry out interference enables foreign state actors to conceal or falsify their identities, locations, time zones and languages.
As detection and attribution capabilities improve, the tactics and techniques used by foreign states will adapt accordingly, further complicating efforts to detect and attribute interference promptly.63
There are already examples of foreign state actors adapting their techniques, such as using closed groups and encrypted communication platforms (such as WhatsApp, Telegram and LINE) to spread disinformation64 or using artificial intelligence to generate false content.65 It can also be difficult to determine whether an individual or group is acting on its own or on behalf of a state.66 This is further complicated by the use of non-state actors, such as hackers-for-hire, consultancy firms and unwitting individuals, as proxies. Ahead of the 2017 Catalan independence referendum, for example, the Russian-backed media outlets RT and Sputnik used Venezuelan and Chavista-linked social media accounts as part of an amplification campaign. The hashtag #VenezuelaSalutesCatalonia was amplified by the accounts to give the impression that Venezuela supported Catalonian independence.67 More recently, Russia outsourced part of its 2020 US presidential disinformation campaign to Ghanaian and Nigerian nationals who were employed to generate content and disseminate it on social media.68
The ‘bigger picture’
States vary in their vulnerability to cyber-enabled foreign interference in elections and referendums.
In particular, ‘highly polarised or divided’ democracies tend to be more vulnerable to such interference.69 The effectiveness of cyber-enabled interference in the lead-up to an election is overwhelmingly determined by the robustness and integrity of the information environment and the extent to which the electoral process has been digitised.70 Academics from the School of Politics and International Relations at the Australian National University found that local factors, such as the length of the election cycle and the target’s preparedness and response, also play a significant role. For example, Emmanuel Macron’s En Marche! campaign prepared for Russian interference by implementing strategies to respond to both cyber operations (specifically, phishing attacks) and online information operations. In the event that a phishing attack was detected, Macron’s IT team was instructed to ‘flood’ phishing emails with multiple login credentials to disrupt and distract the would-be attacker. To deal with online information operations, Macron’s team planted fake emails and documents that could be identified in the event of a strategic disclosure and undermine the adversary’s effort.71
Electronic and online voting, vote tabulation and voter registration systems are often presented as the main targets of cyber-enabled interference. It is important to recognise that the level of trust the public has in the integrity of electoral systems, democratic processes and the information environment is at stake. In Europe, a 2018 Eurobarometer survey on democracy and elections found that 68% of respondents were concerned about the potential for fraud or cyberattack in electronic voting, and 61% were concerned about ‘elections being manipulated through cyberattacks’.72
That figure matched the result of a similar survey conducted by the Pew Research Center in the US, which found that 61% of respondents believed it was likely that cyberattacks would be used in the future to interfere in their country’s elections.73
However, not all states are equally vulnerable to this type of interference. Some, for example, opt to limit or restrict the use of information and communication technologies in the electoral process.74 The Netherlands even reverted to using paper ballots to minimise its vulnerability to a cyber operation, ensuring that there wouldn’t be doubts about the electoral outcome.75 Authoritarian states that control, suppress and censor their information environments are also less vulnerable to cyber-enabled foreign interference.76
The proliferation of actors involved in elections and the digitisation of election functions has dramatically widened the attack surface available to foreign state actors. This has in large part been facilitated by the pervasive and persistent growth of social media and networking platforms, which has made targeted populations more accessible than ever to foreign state actors. For example, Russian operatives at the Internet Research Agency were able to pose convincingly as Americans online to form groups and mobilise political rallies and protests.77 The scale of this operation wouldn’t have been possible without social media and networking platforms.
Figure 10: Number of people using social media platforms, July 2020 (million)
Source: ‘Most popular social networks worldwide as of July 2020, ranked by number of active users’, Statista, 2020, online.
While these platforms play an increasingly significant role in how people communicate about current affairs, politics and other social issues, they continue to be misused and exploited by foreign state actors.78 Moreover, they have fundamentally changed the way information is created, accessed and consumed, resulting in an online information environment ‘characterised by high volumes of information and limited levels of user attention’.79
In responding to accusations of election interference, foreign actors tend to deny their involvement and then deflect by indicating that the accusations are politically motivated. In 2017, following the release of the United States’ declassified assessment of Russian election interference,80 Russian Presidential Spokesperson Dmitry Peskov compared the allegations of interference to a ‘witch-hunt’ and stated that they were unfounded and unsubstantiated, and that Russia was ‘growing rather tired’ of the accusations.81 Russian President Vladimir Putin even suggested that it could be Russian hackers with ‘patriotic leanings’ that have carried out cyber-enabled election interference rather than state-sponsored hackers.82
Plausible deniability is often cited in response to accusations of interference, with China’s Foreign Ministry noting that the ‘internet was full of theories that were hard to trace’.83 China has attempted to deter future allegations by threatening diplomatic relations, responding to the allegations that it was behind the sophisticated cyber attack on Australia’s parliament by issuing a warning that the ‘irresponsible’ and ‘baseless’ allegations could negatively impact China’s relationship with Australia.84
The threats posed by cyber-enabled foreign interference in elections and referendums will persist, and the range of state actors willing to deploy these tactics will continue to grow. Responding to the accelerating challenges in this space requires a multi-stakeholder approach that doesn’t impose an undue regulatory burden that could undermine democratic rights and freedoms. Responses should be calibrated according to the identified risks and vulnerabilities of each state. This report proposes recommendations categorised under four broad themes: identify, protect, detect and respond.
Identify vulnerabilities and threats as a basis for developing an effective risk-mitigation framework
- Governments should develop and implement risk-mitigation frameworks for cyber-enabled foreign interference that incorporate comprehensive threat and vulnerability assessments. Each framework should include a component that is available to the public, provide an assessment of cybersecurity vulnerabilities in election infrastructure, explain efforts to detect foreign interference, raise public awareness, outline engagement with key stakeholders, and provide a clearer threshold for response.85
- The security of election infrastructure needs to be continuously assessed and audited, during and in between elections.
- Key political players, including political campaigns, political parties and governments, should engage experts to develop and facilitate tabletop exercises to identify and develop mitigation strategies that consider the different potential attack vectors, threats and vulnerabilities.86
Improve societal resilience by raising public awareness
- Governments need to develop communication and response plans for talking to the public about cyber-enabled foreign interference, particularly when it involves attempts to interfere in elections and referendums.
- Government leaders should help to improve societal resilience and situational awareness by making clear and timely public statements about cyber-enabled foreign interference in political processes. This would help to eliminate ambiguity and restore community trust. Such statements should be backed by robust public reporting mechanisms from relevant public service agencies.
- Governments should require that all major social media and internet companies regularly report on how they detect and respond to cyber-enabled foreign interference. Such reports, which should include positions on political advertising and further transparency on how algorithms amplify and suppress content, would be extremely useful in informing public discourse and also in shaping policy recommendations.
Facilitate cybersecurity training to limit the effect of cyber-enabled foreign interference
- Cybersecurity, cyber hygiene and disinformation training sessions and briefings should be provided regularly for all politicians, political parties, campaign staff and electoral commission staff to reduce the possibility of a successful cyber operation, such as a phishing attack, that can be exploited by foreign state actors.87 This could include both technical guides and induction guides for new staff, focused on detecting phishing emails and responding to DoS attacks.
Establish clear and context-specific reporting guidelines to minimise the effect of online information operations
- As possible targets of online information operations, researchers and reporters covering elections and referendums should adopt ‘responsible’ reporting guidelines to minimise the effect of online information operations and ensure that they don’t act as conduits.88 The guidelines should highlight the importance of context when covering possible strategic disclosures, social media manipulation and disinformation campaigns.89 Stanford University’s Cyber Policy Center has developed a set of guidelines that provide a useful reference point for reporters and researchers covering elections and referendums.90
Improve cyber-enabled foreign interference detection capabilities
- The computer systems of parliaments, governments and electoral agencies should be upgraded and regularly tested for vulnerabilities, particularly in the lead-up to elections and referendums.
- Greater investments by both governments and the private sector must be made in the detection of interference activities through funding data-driven investigative journalism and research institutes so that key local and regional civil society groups can build capability that stimulates and informs public discourse and policymaking.
- Governments and the private sector must invest in long-term research into how emerging technologies, such as ‘deep fake’ technologies,91 could be exploited by those engaging in foreign interference. Such research would also assist those involved in detecting and deterring that activity.
Assign a counter-foreign-interference taskforce to lead a whole-of-government approach
- Global online platforms must take responsibility for enforcement actions against actors attempting to manipulate their online audiences. Their security teams should work closely with governments and civil society groups to ensure that there’s a shared understanding of the threat actors and their tactics in order to create an effectively calibrated and collaborative security posture.
- Governments should look to build counter-foreign-interference taskforces that would help to coordinate national efforts to deal with many of the challenges discussed in this report. Australia’s National Counter Foreign Interference Coordinator and the US’s Foreign Influence Task Force provide different templates that could prove useful. Such taskforces, involving policy, electoral, intelligence and law enforcement agencies, should engage globally and will need to regularly engage with industry and civil society. They should also carry out formal investigations into major electoral interference activities and publish the findings of such investigations in a timely and transparent manner.
Signal a willingness to impose costs on adversaries
- As this research demonstrates that a small number of foreign state actors persistently carry out cyber-enabled election interference, governments should establish clear prevention and deterrence postures based on their most likely adversaries. For example, pre-emptive legislation that automatically imposes sanctions or other punishments if interference is detected has been proposed in the US Senate.92
- Democratic governments should work more closely together to form coalitions that develop a collective and publicly defined deterrence posture. Clearly communicated costs could change the aggressor’s cost–benefit calculus.
Download full report
Readers are urged to download the full report to access the appendix and citations.
28 Oct 2020