View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

NCSC in Cyber Risk Warning ahead of Local Elections

Concerns about interference in UK elections has been rising.

By James Nunns

You may think that the UK’s old-fashioned pencil and paper-based electoral system is mercifully immune to cyber disruption, but GCHQ’s National Cyber Security Centre (NCSC) has warned that some areas of the British electoral system could still be vulnerable to cyber operations, ahead of local elections scheduled for May 3, 2018.

In recent years there have been widespread incidents of cyber attacks, using a variety of techniques, timed to coincide with elections around the world, the NCSC noted; the majority distributed denial of service (DDoS) attacks against government and media websites, but others designed to steal data, or to alter or disrupt the publication of election results.

DDoS attacks, particularly against electoral, government or media websites making them unavailable at key moments during an electoral campaign (for example shortly before the deadline for voter registration, or on election day itself); spear phishing to access internet connected voter databases and attempts to alter or remove information published online, or publish falsified information or information obtained through hacking are all risks, it said.

“In periods of heightened pressure, attackers can exploit your staff’s willingness to help citizens and those involved in running the election,” the report warns, saying that “individuals involved in electoral processes in the UK are required to show integrity and discretion, but a small number of people may intend to exploit their access for their own, unauthorised purposes (known as insider activity). An insider may seek to manipulate or compromise electoral information or processes for financial gain [or] ideological reasons.”

The warning comes as the Information Commisioner’s Office (ICO) was today belatedly anticipated to raid the offices of Cambridge Analytica, which is accused of illegally harvesting Facebook user data to help influence elections.

Information Commissioner Elizabeth Denham said: “On 7 March, my office issued a Demand for Access to records and data in the hands of Cambridge Analytica. Cambridge Analytica has not responded by the deadline provided; therefore, we are seeking a warrant to obtain information and access to systems and evidence related to our investigation.” The raid has been delayed by a High Court judge adjourning the ICO’s application for a warrant.”

Concerns about interference in UK elections has been rising, with a report by Parliament’s Public Administration and Constitutional Affairs Committee (PACAC), entitled Lessons from the EU referendum saying: “Lessons in respect of the protection and resilience against possible foreign interference in IT systems that are critical for the functioning of the democratic process must extend beyond the technical.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The committee added: “The US and UK understanding of ‘cyber’ is predominantly technical and computer-network based. For example, Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals.”

The NCSC urged regular back-ups of EMS data stores (in particular the electoral roll itself) and that officers hold these offline in a separate secure location and for infrastructure used by local authorities (and other electoral organisations) to be well maintained, using modern software and hardware, and kept patched, with end user devices, such as those used by staff to manage the electoral roll, to be corporately managed.

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.