Slides for a 15-minute introduction to Cybersecurity for Elections: A Commonwealth Guide on Best Practice, by Ian Brown, Chris Marsden, James Lee and Michael Veale, published 5 Mar 2020

1. Why is cybersecurity
important for
elections?
Prof. Ian Brown

2. Overarching features of cybersecurity threats
• Breaching the confidentiality of systems,
and exposing information to those not
intended to see it;
• undermining the integrity of systems, and
disrupting the accuracy, consistency or
trustworthiness of information being
processed;
• affecting the availability of systems, and
rendering them offline, unusable or non-
functional.
John M. Kennedy T.

3. Election
phases
Planning and logistics
Electoral roll
Campaigning
Voting – verification, casting, counting
Communication of results
Auditing and challenging results

4. EMBs face sophisticated attackers

5. Source: Government of Canada Communications Security Establishment,
2019 Update: Cyber Threats to Canada’s Democratic Process, Feb 2019, p.17

6. Electoral roll confidentiality
• Variety of agencies responsible for electoral rolls – centralised (Ghana) vs
distributed (UK)
• Complete register usually available to parties and candidates, is public in
some countries (including Ghana)
• An independent agency, such as a data protection authority, should have
competences over the privacy and security of electoral data
• EMBs should take steps to ensure that only electoral roll data necessary for
the intended purposes of use is transmitted to authorised actors

7. Campaigning
• UK National Cyber Security Centre’s
three most common attacks:
• Hack and leak
• Hack and post
• Insider leaks
• EMBs should ensure the availability
of cybersecurity training for political
parties, in collaboration with
national actors best placed (and seen
as legitimate) to deliver such
training.

8. Communication of results
• Without timely control of reporting, results are open
to opportunistic pre-emption, meaning the EMB can
lose control of information dissemination, framing,
and the overall electoral narrative.
• Transmission systems should be secure, subject to
clear and strict access controls, and with appropriate
levels of redundancy and back-up procedures in place
should components of them unexpectedly fail.
• Tabulation is an easy point in the electoral process for
errors to occur, and the ease of errors can be
exploited by malicious actors wishing to undermine
electoral integrity.
• Software used in tabulation must be audited and
verified, and used by trained staff on appropriately
secured hardware.