Protecting the Digital Infrastructure of Democracy Liisa Past [email protected] “There’s been a lot of claims that our election system is unhackable. That's BS. Only a fool or liar would try to claim that their database or machine was unhackable.” Jake Braun, DefCon hacker voting village POOR SET-UP TO TACKLE CYBER THREATS • Terminological ambiguity • Digital governance is a national matter • Diverse systems, organizational set-ups • Lack of operational cooperation • Civil servants not cyber security experts HOWEVER • Most elections rely on some technology • Attack vectors and adversary often similar • Technology-related threats undermine democracy GEORGIA (2008, 2019) UKRAIN E (2014) Actual result Name Res Rank ult % Dmytro Yarosh 00.7 11 Petro Poroshenko 54.7 1 Yulia Tymoshenko 12.8 2 Serhiy Tihipko 05.2 5 Oleh Lyashko 08.3 3 Vadim Rabinovich 02.6 7 Image: https://www.stopfake.org/en/russian-first-channel-informed-of-yarosh-victory-in-ukraine-s-presidential-elections/ Screen grab: https://motherboard.vice.com/en_us/article/zmakk3/researchers-find-critical-backdoor-in-swiss-online-voting-system Image Flickr CC, https://www.flickr.com/photos/147597828@N03/34208529880/in/photolist-24SJJLe-2c9YEhm-22jgpYM-Ui7UB5-Tinopk-U7TE8j-SYpxFh-Uve1UW Graphic: The Hacker News PARTIES AND CANDIDATES (2016/17) LATVIA (2018) Screen grab: https://eng.lsm.lv/ Voting Election technology Attacks on auxiliary systems, facilitators and vendors Integrated information operations Compendium on Cyber Security of Election Technology (2018) • Under the Cooperation Group of Network and Information Security Directive • Experiences of 20+ EU Member States and several institutions • Strictly volunteer • Living document approach • Pick and mix of workable practices, recommendations, guidelines INCLUDES • the specifics of European Parliament elections; • universal development and security principles as applicable to election technology, including testing and auditing; • security measures specific to elections; • voter and candidate registration and databases; • electronic tools used in gathering or aiding the gathering of votes; • digital tools to transmit, process and count votes; • systems to publish or communicate election results; • relevant auxiliary systems and services. CHALLENGES IN CROSS-BORDER CYBERSECURITY •Situational awareness, inc actionable information sharing •Supply chains •Remote work/paradigm shift .