The foundations of liberal democracy are under increasing threat from cyber-attacks, according to senior crime experts and international ambassadors. The declarations were made during a recent cyber-security summit held at the UK’s National Cyber Security Centre (NCSC), opened by European Commissioner for the Security Union Julian King.
“This has been a year when the public arguably lost its cyber innocence,” claimed King. “What the people in this building and audience had long known, became mainstream as a result of the high-profile ransomware attacks like NotPetya and WannaCry.”
The summit was held in light of the ever-evolving cyber-threat that national and local security teams face today. In 2016 over 4,000 ransomware attacks were reported every day across Europe. WannaCry aside, recent years have also borne witness to a number of deliberate high-profile cyber-attacks including knocking out the Ukrainian power grid and interference with the 2016 US Presidential Election.
King warned that cyber-attacks can be especially damaging, calling them: “Cyber-enabled brute force – all the impact of multiple air strikes without any of the expense or hassle. The perfect deniable weapon.”
King went further, identifying three strategies which can all contribute to distorting democratic processes, namely: changing public opinion, constructing fake news to spread rumours and targeted messages to perpetuate confirmation bias.
More striking is that evidence exists in past elections and campaigns for each of these strategies.
A desire to manipulate public opinion is implied, for example, in the deliberate leaking of emails central to Hillary Clinton’s Electoral Campaign from Campaign Chair John Podesta’s inbox. “The intention is simple – to use a well-timed hacked and leaked email to cause maximum embarrassment and to change public opinion for political advantage. And it isn’t a massive leap to imagine the potential impact that a fake e-mail inserted as part of a large-scale hack might have,” King said.
Another disturbing method for distorting elections is spreading fake news, again to influence public opinion. King explained that while this is not a new tactic – referring to the Zinoviev letter, a fabricated document which brought down first Labour government – it has been given new life in today’s ‘cyber connected world’.
But the Commissioner also warned of a new trend of electoral fiddling – harvesting derived from online browsing habits and then targeting individuals based on those findings. For example, the role that analytics and strategic communications company Cambridge Analytica played in the UK’s EU Referendum is still the subject of two investigations by the Information Commissioner. King said: “Given that the claims attached to it are that the analysis reveals more about what motivates an individual than they know themselves, it can be a dangerous tool in the wrong hands.”
With all of these means combined, King warned, “This could leave national election laws and rules looking as obsolete as the Maginot line.”
UK Electoral Process
King’s comments were echoed by Ciaran Martin, CEO of the National Cyber Security Centre. Martin noted that previous UK governments have looked at strengthening defences only in hard infrastructure – telecom, power, defence, transport – but now needed to look at ‘soft’ targets, such as values, too.
The UK’s complex electoral process is highly attractive to malicious hackers, explained Martin. He noted that the structure of a party’s candidacy, composed of many different parts – candidate approvals, ballot papers, local authorities – means that the electoral process functions more akin to a collection of small businesses, and is open to cyber-attack.
“Perhaps we shouldn’t have been that surprised that those who oppose our liberal and democratic values, from which the Internet sprang of course, would want to undermine those institutions and processes that are fundamental to those freedoms and which underpin them.”
Collaboration with the EU
But as cyber-crime becomes increasingly tough to fight, King told the summit that the UK and EU have been working together on hardening their defences too. One of the largest and most recent steps taken has been the construction of the European Centre of Excellence for Countering Hybrid Threats in Helsinki, which brings together EU Member States, the US and NATO, to help research threats and design proactive policies against them.
He continued, noting that there are certain steps that both the NCSC and EU can take together to reduce the impact of high-profile cyber-crime when it occurs. King said, “I think there is a strong case for our electoral rules to be reviewed and looked at through this new cyber lens. The key is to reduce the vulnerability and to educate the wider public.”
Manufacturers, for example, should not forget to implement robust security when ‘rushing’ to create new devices. King also warned that the public must be made more aware of fake news, and should be encouraged to question the broadcasts they see and hear, and the articles they read.
King concluded: “When they target democratic institutions, these attacks seek to undermine the very fabric of European society: the fundamental values that we all share.
“We need to wise up and shape up to this new threat – to work together to close it down and to keep our elections free and fair. After all, that is what our citizens expect. Nothing less.”