Democratic institutions can be targeted by cyber threat and nation state actors, especially during an election. Threat actors may take advantage of the state of affairs during the campaign process to launch cyber attacks to exfiltrate data, obtain administrative access to systems and potentially infect democratic institutions with malware. Misinformation and disinformation attacks may also be used to target voters and discredit the outcome of the electoral process. Any of these actions could undermine the public confidence in the election results.

Threats actors can:

  • Disrupt election infrastructure using distributed denial of service (DDoS) attacks.
  • Compromise or mimic user identities to spread false information on social media or perpetuate voter fraud.
  • Exploit the current work-from-home environment to compromise systems and gain unauthorized access to election management and/or political party systems.
  • Launch online foreign influence campaigns to discredit the democratic process.
  • Use ransomware-based attacks to disrupt access to election data and systems leading to interruption of election services.

Protect your systems:

  • Patch election and IT systems regularly and avoid the use of obsolete software and hardware systems.
  • Enable two-factor authentication on social media and email accounts.
  • Use strong passwords and passphrases to secure access to social media and email accounts.
  • Avoid sharing passwords and ensure each user has unique credentials associated with their access.
  • Train your staff on basic cyber security best practices, including procedures for identifying and handling of suspicious emails.
  • Implement a high availability and disaster recovery (DR) strategy.

Reports on cyber threats

Guidance for political parties

Cyber actors target political party candidates, political party members, elected representatives and their staff.

Guidance for voters

Voters can be victims of influence peddling, misinformation and disinformation campaigns which could undermine public confidence in the electoral process.

Guidance for election authorities

Election management authorities and their staff interact with a vast array of personal identifiable information which could be targeted by threat actors using techniques, including ransomware, DDoS and spear-phishing attacks.

Guidance for vendors

Private sector organizations involved in delivering election related services could also be targeted by cybercriminals for financial gain. This may directly or indirectly impact on front-line electoral services.

Training

Self-paced 30-60 minute online course offering Canadian democratic institutions the tools and knowledge needed to make educated decisions about securing their IT infrastructure. This course requires a Learning Hub account in order to view it.

Additional resources

Refer to the following list of advice and guidance products to gain insight into common cyber threats and suggested preventative measures to reduce the risks associated with the election process.

Prevent

Defend

Respond and Recover

Report a cyber incident

Reporting a cyber incident helps the Cyber Centre keep Canada and Canadians safe online. Your information will enable us to provide cyber security advice, guidance and services.

Get Cyber Safe

Get Cyber Safe is a national public awareness campaign created to inform Canadians about cyber security and the simple steps they can take to protect themselves online.

 



Source link