Language switcher

You are here

European Union Members Share Advice on Cyber Security of Elections

Over 20 EU Member states have together compiled a compendium on cyber security of democratic processes. The document is a broad set of practical and workable measures that can be applied by both election management bodies and cyber security authorities.

“Elections are crucial to the functioning of representative democracy and election processes being compromised can delegitimize a whole political system. At the same time, elections have become an increasingly frequent target in the modern digital era, coming under attack across the globe,” highlights the compendium drafted under the auspices of the Cooperation Group of the Network and Information Security (NIS) Directive. 

The guidelines take a comprehensive view of cyber security of elections, starting with candidate and voter registration and ending with broadcasting the results. Cyber-enabled threats, often combined with information operations, must be reflected in election planning and risk management, emphasize the authors. “All elections are expected to be free, open and fair, and based on secret ballot; technology cannot be introduced at the cost of compromising these requirements,”  the document highlights. Even electoral systems that exclusively rely on pen and paper in voting can take advantage of digital tools and services in compiling voter rolls, candidate registration or result tabulation and communication, the compendium explains. 

The compendium on cyber security of election technology is designed to share experiences and provide guidance as well as give an overview of tools, techniques and protocols to detect, prevent, and mitigate such threats.

It is a broad sum of guidelines that are based on the experiences and best practices of contributors. Thus, cyber security measures are reviewed as pertaining to:

  • the specifics of European Parliament elections, including the communication of results from capitals to the European Parliament;
  • universal development and security principles as applicable to election technology, including testing and auditing;
  • security measures specific to elections;
  • voter and candidate registration and databases;
  • electronic tools used in gathering or aiding the gathering of votes;
  • digital tools to transmit, process and count votes;
  • systems to publish or communicate election results;
  • relevant auxiliary systems and services.

More than 20 EU Member states as well as the European Commission, ENISA and the staff of the European Parliament contributed in an effort led by the Estonian Information System Authority and Cyber and Information Security Agency of the Czech Republic.

The compendium on cyber security of the election process (1.24 MB, PDF)

For more information, please contact the lead editors Liisa Past of Estonian Information System Authority (liisa.past(at)ria.ee) or Viktor Paggio of Czech National Cyber and Information Security Agency (v.paggio(at)nukib.cz).

More news on the same subject

12.01.2021

Trends and observations in the cyberspace Q4 2020

A successful cyber attack on public authorities showed that no one is fully protected in cyberspace

Situation

12.01.2021

The last quarter of 2020 was distinguished by attacks against the IT infrastructure of Estonia

12.01.2021 – The main topic of the cyberspace review of the 4th quarter of 2020 by the Information System Authority (RIA) is successful cyber-attacks against state institutions, which showed that nobody is completely safe in the cyberspace.