The upcoming Conservative Party leadership election, which will decide the next prime minister of the UK, has been postponed by three days after the National Cyber Security Centre (NCSC) warned that the online voting system may be vulnerable to outside influence, the Telegraph has reported.
Hackers might have tried to influence the election in order to sow doubt and test out their methods, cybersecurity experts told Tech Monitor.
Cybersecurity risk over Tory leadership vote
The current Tory leadership contest is the first to allow online voting. The proposed system would have allowed party members to change their choice after casting an initial vote. But the NCSC has warned that, if a cybercriminal were to get hold of members’ unique voting codes, they could change their votes.
The NCSC told the Telegraph that it has not identified a specific threat of election interference but issued the warning to help make the voting process more secure. “As you would expect from the UK’s national cybersecurity authority, we provided advice to the Conservative Party on security considerations for online leadership voting,” it said.
The voting process has been updated so that members may only vote once, after which their voting code will be deactivated. As a result, Conservative Party members will now receive their ballots no later than August 11th, not the 8th as originally planned.
In a letter to Conservative Party members, the government warned that “it is an offence to vote more than once – any member found to have voted more than once will have their party membership withdrawn.”
Are online elections secure?
Online voting systems may never be entirely secure, according to Jason Steer, CISO at security company Recorded Future. “The reality is all software is vulnerable to some extent to someone who has the intent and expertise to interfere,” he told Tech Monitor today.
The Tory leadership contest may well have been the subject of outside interference, given the current tensions between Russia, China and the West, Steer added. “They want to create distrust between governments and break unity within the EU,” he said. “Any opportunity to further examine the integrity of the voting system, therefore, is a good thing.”
Hackers may also have used the vote as an opportunity to test out techniques for election interference, said Jake Moore, global cybersecurity adviser at ESET. “Although this has the potential of altering the outcome from only two possibilities, it is more likely to be used as a testing ground for more dangerous, deeper attacks in the future,” he said.
“Hackers often only get a short time to test their techniques in large events such as a political voting round, so this could act as a potential first attempt in what is to come,” Moore said.