Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber attacks on Democratic processes

Published byShonda Marsh Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber attacks on Democratic processes"— Presentation transcript:

1 Cyber attacks on Democratic processes
Dr. Marnix Dekker, ENISA

2 ENISA, the EU Cybersecurity agency
CAPACITY Hands on activities POLICY Support MS & COM in Policy implementation Harmonisation across EU Mobilizing EU communities COMMUNITY EXPERTISE Recommendations Independent Advice

3 Security of Network and Information systems
Many ‘unfair’ actions can influence an election or a referendum. Vote buying, fake news, false promises, etc. Cybersecurity experts have a limited focus Cybersecurity experts can help to secure IT systems Practical scope definition: If it started with a ‘cyber security incident’ and could impact an election or referendum Actual outcome, Voter privacy, Verifiability, transparency The trust in the process and the outcome Cyber security incident: Incident with a (negative) impact on the security of a network or information system. Not only attacks: Bug causing downtime of voting systems. Not only central systems: Personal account of politician is hacked. Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

4 Brief history of cyber security
In the 90s and 2000s security was largely a compliance exercise Fire-and-forget viruses and computer worms Security was compliance checklists focussed on prevention Antivirus software Firewalls Passwords Logging, monitoring, detection and response in name only Since 2010 the game changed: ‘Advanced persistent threats’ (evading antivirus software, stealthy) Very hard to detect (keep looking) Still a lot of ‘vintage’ PCs and software (from the 90s) Lots of ‘vintage’ security advice Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

5 Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

6 Technology in the election lifecycle
Setup of the referendum or election Electoral roll (sponsors/signatures) Voter lists and voter registration Campaigning Campaign organizations, political parties, government Media (traditional media, social media) Voting Casting ballot (e.g. physical, mail, online) Counting (e.g. physical, automated) Transmission and publication of results (e.g. phone, electronic) Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

7 Cyber attacks on democratic processes
Step Assets Attacks 1. Setup Electoral roll Tampering with the electoral roll DoS party/campaign registration Fake signatures Voter lists Leak voter lists Identity fraud DoS voter registration 2. Campaign Campaign IT Hacking PCs or accounts Hacking campaign websites (deface, DDoS) Government IT Hacking government PCs Hacking government websites 3. Voting Election technology Tampering or DoS of voting/counting Tampering with logs/journals Blocking monitoring (jamming surveillance cameras) DoS counting or results publication Breaching voter privacy Media/press Hacking, DoS, defacement Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

8 Securing election technology for EMBs
You are on your own: this is not normal (no market, strange tech, high stakes) IT Security: Preventive measures and reactive measures Prevention is very important, but expect it to fail. Preventive measures Industry good practices, cyber hygiene and then some more. Audit individual systems (penetration testing, code auditing, load testing) Audit also the general organization and the IT suppliers Reactive measures (last line of defence) Monitor, detect, respond (round the clock during the elections). Anomaly detection (statistics?). Know how to get help from a CERT or CSIRT. Playbooks for all scenarios, failover plans, backup plans. Prepare communication with public and press. Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

9 IT managed by others EMB knows what is at stake but does not control all IT systems Government IT is a target also (but usually well-managed, secured) Easy target is the IT outside government/EMB, used by politicians, campaigns, parties. Awareness raising about cyber attacks User-friendly devices (smartphones and tablets, secure out of the box) IT of family and friends Phishing s (with links or malware) Get DDoS protection for the websites ( Secure social media accounts Make sure they can reach a CERT for support ( Trust is an issue. EMB can act as a neutral intermediary Don’t expect political parties to openly discuss their security issues. Maybe proactively audit everyone Cyberattacks on Democratic processes | Dr. Marnix Dekker, ENISA

10 Thank you

Download ppt "Cyber attacks on Democratic processes"

Similar presentations

Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access and attacks delivered.

Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access and attacks delivered.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.

Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Information Security Issues at Casinos and eGaming

Information Security Issues at Casinos and eGaming
IT Security for Users By Matthew Moody.

IT Security for Users By Matthew Moody.
BUSINESS B1 Information Security.

BUSINESS B1 Information Security.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Cloud services security Prof. Manel Medina Head of Unit CERT Operations support ENISA

Cloud services security Prof. Manel Medina Head of Unit CERT Operations support ENISA
Security considerations for mobile devices in GoRTT

Security considerations for mobile devices in GoRTT
UOCAVA Report Overview and Status July 2008 Andrew Regenscheid Computer Security Division National Institute of Standards and Technology.

UOCAVA Report Overview and Status July 2008 Andrew Regenscheid Computer Security Division National Institute of Standards and Technology.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Similar presentations

Ads by Google