Support the work of the FW de Klerk Foundation
For more information regarding donations contact info@fwdeklerk.org or scan the QR code below
URGENT NEED FOR GLOBAL COLLABORATION TO COMBAT CYBER THREATS TO ELECTORAL DEMOCRACY
Issued by Siyakudumisa Zicina on behalf of the FW de Klerk Foundation on 23/07/2024
Introduction:
As democracy becomes more digital, cyber-securing elections have become more important than ever. Over 70 countries around the world will hold national elections in 2024 – giving more than 3 billion voters a voice and an opportunity to choose their representatives. Yet, more than ever electoral processes are likely to be a target of several cybercrimes, including cyber warfare campaigns, generated deepfakes and automated “disinformation”. Thus while the world strives for freedom, peace and the strengthening of democracy, countries desperately need to be prepared to protect their elections against cybercrime.
Perhaps the “biggest election year in history” will also be threatened by the most potent, highly coordinated and targeted cyberattacks. Such cybercrimes could cripple economies and social systems, as some predict. It may be a precarious year for electoral democracy across the world, especially with proliferating technologies such as generative artificial intelligence (“AI”). This article aims to explore how democratic societies can defend against escalating cyber threats that threaten to undermine fair elections and emphasises the urgent need for global collaboration to mitigate these risks.
Cybercrimes and AI: Neoteric Threats to Electoral Democracy?
Over the past decades, risks to electoral security have primarily been “electoral violence”, but the widespread use of digital technologies has changed the perception of “threats to electoral democracy”. Digital technologies such as AI pose a significant threat to the integrity and security of elections, as one observer notes, mainly as a result of AI-powered algorithms that have the potential to generate false narratives during electoral processes causing:
- “Misinformation” – Where digital platforms spread misleading information to voters.
- “Disinformation” – Where digital platforms spread deceiving information to voters.
These false narratives, be it “misinformation” or “disinformation”, can appear on AI-generated articles, false social media profiles and deepfake videos making it challenging for voters to separate fact from fiction. Just days before Slovakia’s recent elections, the country witnessed a wave of disinformation challenging electoral democracy: Voters were left surprised because of an audio recording between an electoral candidate and a newscaster discussing plans to manipulate elections including buying votes. Equally shocking were allegations of an unidentified cybercriminal who allegedly hacked a Czech news website and published fake news which claimed that Ukrainians attempted to assassinate the newly elected Slovak president, Peter Pellegrini.
Meanwhile, closer to home, South Africa faces its own cybersecurity challenges, especially relating to electoral democracy. One report revealed that Pretoria is facing a surge in cyber-attacks including the use of AI, deepfakes, misinformation and disinformation targeting government and military organisations threatening electoral democracy. Such cybercrimes are usually spearheaded by several actors including state-sponsored actors, cybercriminals, “hacktivists” and insiders who undermine electoral democracy or, even worse, encourage social division and mistrust in political leaders and democratic institutions. This is concerning, because cybercrimes targeting electoral democratic processes have been increasingly proliferating posing significant cyber threats to the following categories: Electoral campaigns, electoral administrators and electoral systems, as demonstrated in Figure (1) below.
The nature of these cyber threats on electoral democracy may materialise either as:
- “Cyber espionage” – Defines a cyberattack that occurs when a threat actor exploits security and gains access to sensitive information for either personal, economic or political reasons.
- “Cyber extortion” – Defines a cyberattack that occurs when a threat actor exploits security and gains access to sensitive information and then demands ransom from their victims.
Figure 1: Cyber Threats and Impacts on the Electoral Process
Source: Cyberthreat activity and impact on Elections 2024.
Any of these cyber threats and actions certainly undermine electoral integrity, democracy and freedom. Thus, for the cybersecurity community, it is vital to understand the variety of cyber threats and how to combat such threats.
Today, electoral security is no longer simply about curbing violence during elections, but it is mostly about protecting the entire electoral ecosystem from digital threats. This ecosystem includes election office networks, voting machines and voter registration databases, etc. Yet, this electoral infrastructure remains vulnerable to cyberattacks, especially now that cyber threats targeting electoral democracy have been on the rise. It is at this juncture that greater collaborative options that could assist democratic societies in curbing cybercrimes that threaten the security and integrity of electoral democracy worldwide should be considered.
Efforts to Safeguard Electoral Democracy in a Changing World:
“Make no mistake, we are in a cyber arms race… and society as we know it is at risk … it’s essential that we shift from a reactive to a proactive-defensive stance before it is too late”, says Nadir Izreal, Chief Technology Officer and Co-founder of Armis – a global asset security platform. With several national elections at risk of cyberattack or interference in 2024, government agencies, cybersecurity stakeholders and civil society must strengthen their cyber defences. The question, therefore, is how these stakeholders can facilitate and ensure that cybersecurity measures that protect against cyber threats, build cyber resilience and defend liberal democracy exist?
Some analysts suggest the following cyber resilience initiatives:
- Ensure that proactive cybersecurity measures exist by putting together robust legal frameworks that include continuous digital monitoring to detect and prevent any cyber threats.
- Ensure that ‘risk-limiting audits’ exist to maintain election integrity.
- Enhancing the resilience of electoral systems by ensuring that there is effective cooperation between electoral authorities and entities.
- Invest in civic education on cyber resilience by providing comprehensive training on cybersecurity and how to respond to and mitigate cyber threats effectively.
While countries, such as the United States, published a cybersecurity toolkit to protect elections from cyber threats that includes a detailed guide to secure voter information, the European Commission within the European Union collaboratively agreed on a Code of Practice on Disinformation in 2018 that self-regulates disinformation. These global efforts have, to a certain extent, resulted in the monitoring and curbing of cyber threats to electoral processes, but are these efforts sufficient to mitigate cyber threats to electoral democracy?
Unfortunately, these guides do not suffice in curbing cyber threats around electoral processes. Electoral officials within the United States, for example, are still fearful of foreign interference, especially from state actors such as China and Russia, among others. This suggests that even though there are some successes in global collaborations aimed at curbing cyber threats within electoral democracy, challenges still prevail. This signals the need for improved collaboration efforts between cyber stakeholders, governments and civil society to mitigate cyber threats around electoral democracy. This piece, therefore, advocates for greater collaborative initiatives where all involved stakeholders are not only included at the table, but make meaningful contributions to efforts of curbing cyber threats within the electoral democracy.
Collaboration between government agencies, cybersecurity experts and civil society around the world could create better cybersecurity resilience. While government agencies may set proactive cybersecurity measures and standards, cybersecurity experts must conduct research where efforts are aimed at monitoring and preventing cyber threats. Civil society, with the most crucial role to play, must engage the public through awareness programs regarding cyber threats. Certainly, a collaborative initiative in combatting cyber threats requires a proactive defence strategy that wears ‘multifaceted gloves’ to enhance cybersecurity resilience among the world’s democracies during elections.
Conclusion:
As the world grapples with the rapid proliferation of digital technology, it has become clear that there are malicious actors who undermine liberal democracy. Considering that we exist within a liberal democratic world, it is our duty as a society to urgently step up and strive for the strengthening of democracy.