Blog
This Election Year, Everyone’s Talking About AI – But Let’s Not Forget Basic Cyber Hygiene To Stay Safe
Public trust in the administration of free, fair, and secure elections is the lynchpin of democratic processes everywhere. This year over 2 billion people will be called on to cast their votes in 64 national elections that include 7 of the 10 most populous countries in the world. The largest democratic vote in human history, taking place in India over a full six weeks, has just faced the final stretch. And in another of the largest elections to be held this year, 373 million EU voters are about to elect 720 members of the European Parliament.
Growing societal divisions and technological threats are testing public trust in the administration of elections like never before.
Threats Against Elections Already Exist – genAI Will Make Them Worse
Targeted social engineering techniques and the perplexing nature of computer hardware, software, and network technologies create public misapprehension about the security of elections and have the potential to undermine public trust. The antidotes to these risks are increased transparency, awareness, and cybersecurity tools.
According to ENISA, the European Union Elections Security Agency, hybrid threats including foreign information manipulation interference (FIMI), disinformation on social media, artificial intelligence (AI), and deep fakes could affect elections’ security.
With the advent of generative AI (genAI), governments, IT industry leaders, and civil society organizations are sounding the alarm about the impact genAI exploits can have on elections in 2024, and rightly so.
GenAI has already demonstrated its ability to create increasingly deceptive and sophisticated deep fakes, misinformation, and disinformation campaigns that threaten to influence voter behavior and potentially disrupt elections processes.
Thankfully, stakeholders are responding to the specter of genAI-influenced elections by coming together to develop tools to detect AI-generated content and techniques to keep voters informed about information that is trustworthy.
One example is the DISARM framework, an open-source resource that elections officials and other users can reference to identify disinformation and take immediate actions to mitigate its impact. It does this by providing and sharing a single, common, standard language for describing disinformation tactics and techniques. Likewise, governments are developing legislation to address the dangers that come with genAI and to promote the use of trustworthy, transparent, and accountable AI systems.
In November 2023, the U.K. National Cyber Security Center (NCSC) released its report, “The near-term impact of AI on the cyber threat.” While genAI provides bad actors with tools they can leverage to increase the automation and scale of cyber attacks, the NCSC notes that we must “seize the substantial opportunities genAI presents to cyber defenders. For example, AI can improve the detection and triage of cyber attacks and identify malicious emails and phishing campaigns, ultimately making them easier to counteract.”
Implement Basic Cyber Hygiene
While concerns about new threats from genAI are well founded, it is equally important to remind ourselves in this consequential election year that bad actors can already effectively disrupt elections by exploiting basic weaknesses in networks and devices used by elections officials before, during, and after election day.
From the servers that contain registered voter data to the devices that elections officials and volunteers use in the elections process, cybercriminals have a wide array of targets, using tactics older than genAI, to hack, influence voters, and otherwise undermine public trust in the administration of elections.
Elections officials continue to be vulnerable to phishing attacks generated through tried and true techniques or through newer genAI-driven chatbots and deepfake audio exploits. While stakeholders focus on developing ways to defend free and fair elections from new threats, we must continue to work together, as a community, to ensure that basic cyber hygiene defenses are in place for all elections processes to support and protect the public trust.
Basic cyber hygiene tools must be available, accessible, and implemented by elections officials everywhere to ensure a baseline of defense for elections processes, particularly for smaller and under-resourced elections offices. The GCA Cybersecurity Toolkit for Elections is a collection of curated, free tools based on the Center for Internet Security controls and the NIST framework that mitigates up to 86% of the most common cyberattacks. Like many small businesses and NGOs around the world, elections offices struggle with prioritizing cybersecurity and understanding which tools they need to put in place in their networks and devices. Unlike small businesses and NGOs, elections offices are a governmental function and, therefore, they are dependent on government budgeting and procurement processes.
In the face of this global challenge, GCA teamed up with CrowdStrike and the International Foundation for Electoral Systems to develop a Global Elections Security report that engaged election community members in Eastern Europe, Western Europe, and Asia. Through this multistakeholder community engagement, we gained insights into the types of cyberattacks (ransomware, voter data manipulation, date-of-vote interruptions, among others) elections management bodies and the organizations that support them face across different geographies. We also identified a number of best practices, such as taking a holistic approach to election security, building cybersecurity cycles separate from elections cycles, and monitoring for malicious domain names associated with distributing malinformation about elections and candidates that are used today to defend against a variety of cyber risks confronting elections officials in those respective regions. These best practices show what is possible when communities come together to act in the public interest and they can be replicated or inspire other like-minded organizations to develop new defenses that will bolster the public’s trust in open, fair, and secure elections.
Call to Action
Elections worldwide are already underway and the threats against them will not stop. It is vitally important for election administrators to find partner organizations that can help strengthen their cybersecurity posture and adopt basic cyber hygiene solutions before the next cycle.
At GCA, we believe that trustworthy and reliable cybersecurity tools and best practices should be available at no cost to elections administrators, especially those that are under-resourced. Democracy and the public trust in elections are too important to allow election processes to be exposed to bad actors who seek to undermine both.
Learn more about the GCA Cybersecurity Toolkit for Elections, or how you can do your part with the GCA Cybersecurity Toolkit for Individuals. These tools are based on globally recognized standards and are accessible and implementable, regardless of the user’s cyber capacity. By using these tools, elections officials and voters can increase public trust in electoral processes and ensure that democratic processes can continue to flourish.
Brian Cute is GCA’s Chief Operating Officer and Capacity & Resilience Program Director.