October 2018 ∙ Dr. Sven Herpig, Julia Schuetze, supported by Jonathan Jones Securing Democracy in Cyberspace An Approach to Protecting Data-Driven Elections Think Tank für die Gesellschaft im technologischen Wandel Dr. Sven Herpig, Julia Schuetze, Jonathan Jones October 2018 Securing Democracy in Cyberspace Executive Summary Free, fair and anonymous elections are a cornerstone of democracies. The in- tegrity of elections has to be protected against internal and external threats. Securing elections ensures the trust of citizens in the electoral process and its outcome and therefore legitimates actions of the elected government. Election interference by (foreign) actors is not new. What is new, is that elec- tion campaigns and the election process are becoming increasingly digiti- zed and therefore vulnerable to cyber attacks. Through the digitization the attack surface has broadened. Internal party communication, databases of voters that parties and campaign agencies hold and access or information on public websites can become a tool for targeted in election interference. To protect , we must understand what individual motivation is behind the attack, which tactics are used and which concrete element of the election process is targeted. The paper analyses three aspects and based upon the results, it proposes specifc recommendations to protect against election interference. Those recommendations can be adopted by various countries and specifcally applied to their unique modern election process and geopo- litical situation. The analysis has identifed fve specifc motivations, which individually or combined are reasons behind election interference. 1. Manipulation of the election outcome 2. Delegitimization of the process and publicly weaken the democratic sys- tem 3. Discrediting political actors and institutions to infuence citizens 4. Intimidation of states to achieve a certain political outcome in the sphe- re of international relations and negotiations 5. Weakening the international credibility of certain governments To achieve those outcomes, attackers use the following tactics: • Disrupting the availability of data, information and services that are rele- vant to election campaigns and the election process • Eroding trust in the election process, attacking election relevant infor- mation on for example public websites • Manipulation of data to change information, for example the election outcome 2 Dr. Sven Herpig, Julia Schuetze, Jonathan Jones October 2018 Securing Democracy in Cyberspace • Compromising IT-systems to monitor communication and information for future exfltration or fnding additional vulnerabilities • Leaking confdential data and information to infuence citizens • Persuading citizens of one or another political position through strategic communication (and disinformation campaigns) using exfltrated data • Blackmailing candidates or politicians using confdential information or data that were gained beforehand The analysis of the tactics showed, that different data and information are the target in elections. To determine the means to secure certain data and information, we have categorized them into the following: • Publicly available data is publicly available information that creates transparency of the election process, for example time and place of elec- tions or the party platform. • Personal data is data that is factual and is used to identify a person such as name, address, phone number or biometrical data. • Self-reported data is information that report about themselves and that describes for example their interests, opinions on certain topics - can also be collected through tracking. • Governmental data is information that a citizens, usually combined with personal data, use to identify themselves to vote, such as the pass num- ber or driver’s license ID handed out by a governmental entity. • Confdential communication is data that is not meant for the public such as private email and instant messenger communications • Security data is data that is used for the protection of system and ac- counts, such as passwords. On the basis of the analysis concrete recommendations were developed that states should implement to secure their elections, including building resili- ence of the democratic society against election interference: Governments should… 1. set up the foundations for effective implementation of election security. For example they should agree on a defnition of what election interfe- rence is, make election security a national security priority and enable election security as a public-private-civil partnership goal. 2. set up an organisational structure that makes effective election security possible. For example a cross-governmental task force is one of the pro- posed actions in this category. 3 Dr. Sven Herpig, Julia Schuetze, Jonathan Jones October 2018 Securing Democracy in Cyberspace 3. create security mechanisms that protect the election infrastructure pro- actively. Threat analysis but also a strategy that analyses election tech- nology are among the recommendations for effective election security mechanisms. 4. encourage education and training mainly for stakeholders that have an active part in the election process and campaigns. Enough technical ex- pertise needs to be provided to them. 5. make strategic communications towards the public about this new thre- at a priority. It is important to build resilience and create transparency regarding the election process and security safeguards. 6. work together with other countries on election security, so democracies can help each other by exchanging information and best practices. 4 Dr. Sven Herpig, Julia Schuetze, Jonathan Jones October 2018 Securing Democracy in Cyberspace Table of Contents Executive Summary 2 Introduction 6 Strategic Motivations 9 Manipulate the Outcome 10 Delegit imize the Democratic Process 10 Discredit Political Stakeholders 11 Intimidate a Government 12 Erode International Credibility 13 Election Hacking Tactics 13 Denial 15 Erosion 15 Reconnaissance 17 Leaks 17 Persuasion 18 Blackmail 19 Data-Driven Electoral Process 20 Publicly Accessible Electoral Data 21 Personal Data 22 Self-Reported Data 24 Government-Issued Data 26 Personal Communication Data 27 Security Data 27 Conclusion 30 Election Security Recommendations and Good Practices 31 I. Foundations for effective implementation of election security 31 II. Organization of election security 32 III. Security mechanisms to secure election infrastructure 33 IV. Capacity building for key stakeholders and the public 34 V. Strategic communications to create resilience 35 VI. International Cooperation on Election Security 35 Acknowledgement 37 Annex A: Attack Vectors 38 5 Dr. Sven Herpig, Julia Schuetze, Jonathan Jones October 2018 Securing Democracy in Cyberspace 1. Introduction Elections are the cornerstone of democracy. Vulnerabilities in the electoral process increased vastly due to the all-encompassing digitization that took place in the last decade. For every democratic country, it is imperative to main- tain a free and fair electoral process, thus protecting it from “interference”. Interference in this analysis is limited to activities that leverage hacking oper- ations regardless of the adversary (domestic and foreign). Other studies have used interference in the context of disinformation. This paper however focus- es on assessing adversarial motivations and hacking methods as well as the vulnerabilities of the data-driven electoral process. Protecting the electoral process means more than just increasing information security of voting ma- chines, however. This paper asserts that at its core, it is all about security of data in the entire electoral process, which is data that can be exploited by adversaries. Safeguarding the electoral process entails protecting relevant data and designing mitigation techniques in case these security measures fail. Therefore, democracies must not only improve information security, but also increase society’s resilience to election interference. Due to the nature of the problem, solutions require the involvement of various actors: a whole- of-nation approach. In modern representative democracies, politicians and political parties are supposed to represent the people. By governing on their behalf, they derive their legitimacy from the people through periodic, free and fair elections1. Elections are therefore one of the fundamental pillars of democracy. Accor- dingly, protecting elections is imperative to democracy. The electoral pro- cess entails more than just casting a vote in a democratic society. To have free and fair elections, the activities of candidates, their parties and political campaigns leading up to election day, as well as the publication of the re- sults afterwards, must have both actual and perceived integrity from inter- ference. Because the electoral process is an integral part of democracy, any impediment to exercising the right to vote or tampering with the electoral process in any way is perceived as a serious threat to state sovereignty. This has not stopped governments in the past from interfering with foreign elec- tions, however2. To deter these incursions and guard against them when they 1 United Nations, Resolution 52/129 Strengthening the role of the United Nations in enhancing the effectiveness of the principle of periodic and genuine elections and the promotion of democratization and Inter-Parliamentary Council, Declaration on Criteria for Free and Fair Elections. 2 Scott Shane, Russia Isn’t the Only