European Union Members Share Advice on Cyber Security of Elections
Over 20 EU Member states have together compiled a compendium on cyber security of democratic processes. The document is a broad set of practical and workable measures that can be applied by both election management bodies and cyber security authorities.
“Elections are crucial to the functioning of representative democracy and election processes being compromised can delegitimize a whole political system. At the same time, elections have become an increasingly frequent target in the modern digital era, coming under attack across the globe,” highlights the compendium drafted under the auspices of the Cooperation Group of the Network and Information Security (NIS) Directive.
The guidelines take a comprehensive view of cyber security of elections, starting with candidate and voter registration and ending with broadcasting the results. Cyber-enabled threats, often combined with information operations, must be reflected in election planning and risk management, emphasize the authors. “All elections are expected to be free, open and fair, and based on secret ballot; technology cannot be introduced at the cost of compromising these requirements,” the document highlights. Even electoral systems that exclusively rely on pen and paper in voting can take advantage of digital tools and services in compiling voter rolls, candidate registration or result tabulation and communication, the compendium explains.
The compendium on cyber security of election technology is designed to share experiences and provide guidance as well as give an overview of tools, techniques and protocols to detect, prevent, and mitigate such threats.
It is a broad sum of guidelines that are based on the experiences and best practices of contributors. Thus, cyber security measures are reviewed as pertaining to:
- the specifics of European Parliament elections, including the communication of results from capitals to the European Parliament;
- universal development and security principles as applicable to election technology, including testing and auditing;
- security measures specific to elections;
- voter and candidate registration and databases;
- electronic tools used in gathering or aiding the gathering of votes;
- digital tools to transmit, process and count votes;
- systems to publish or communicate election results;
- relevant auxiliary systems and services.
More than 20 EU Member states as well as the European Commission, ENISA and the staff of the European Parliament contributed in an effort led by the Estonian Information System Authority and Cyber and Information Security Agency of the Czech Republic.
The compendium on cyber security of the election process (1.24 MB, PDF)
For more information, please contact the lead editors Liisa Past of Estonian Information System Authority (liisa.past(at)ria.ee) or Viktor Paggio of Czech National Cyber and Information Security Agency (v.paggio(at)nukib.cz).
More news on the same subject
With his order, Prime Minister Jüri Ratas appointed Taimar Peterkop to the office of Secretary of State, starting from 10 December.
26.11.2018 – Trends and Challenges in Cyber Security of 4th quarter 2018 is aimed at a non-technical audience.