Hacking the UK general election

The notion of election hacking was given serious attention during last year's Presidential Election, and the spotlight has quickly shifted to other countries conducting this democratic process

Hacking Election

At this stage, the most a state actor could hope to achieve is to hack into, and expose, political party strategy, secrets, membership or specific candidate information in a way that would be electorally damaging

Since Theresa May called a snap general election last month, I have been asked a number of times about the likelihood of the election being interfered with by a hostile actor – akin to what was alleged during the recent US elections.

Notwithstanding the UK’s numerous differences with the US electoral processes, voting techniques and counting mechanisms, the most important thing to remember about the US election is that the allegations against Russia are about influencing how people chose to vote, not for directly affecting the devices counting the votes themselves.

The allegations claim that, having developed a preference for Donald Trump, Vladimir Putin sanctioned an influence campaign to discredit Hillary Clinton and harm her electability by facilitating a consistent and negative narrative based on disinformation and leaked emails.

>See also: Nation State hacking: a long history?

Whilst such state “cyber” activities may be portrayed as shocking by many, this long running influence campaign followed an long established Russian approach of combining overt government and media misinformation alongside covert intelligence operations.

Meddling in another country’s political affairs has been globally conducted for generations and so the approach is not new, just the medium through which it is delivered.  Many states perpetually jostle for global, or regional, position and influence.

Some prefer overt influence, some prefer covert influence and others prefer a combination of the two.  So while the Russian are better than most at the latter, let’s place it into a global behavioural perspective.  Not right, of course, but certainly not unusual.

One of the key differences with the UK situation is that this election is now happening three years earlier than many people expected. Subsequently, any meaningful state actor wishing to influence the political landscape in the UK is likely to have been caught totally off guard by Theresa May’s decision and will have had little time to plan a meaningful effective influence campaign in such a short timeframe.

>See also: Case studies of public sector organisations deploying technology

As seen in France, the emergence of a complete outsider such as Emmanuel Macron, has caused some last minute, pretty hashed-together false news stories which have failed to take root in the French voting minds, with the “open rates” of links to false news stories dropping 20% in the space of a few weeks.

UK Defence Secretary, Sir Michael Fallon, recently warned that Russia may be seeking to influence the outcome of key European elections and that they are testing the West by “weaponising misinformation” to “disable democratic machinery”. Quite dramatic and colourful language, but fundamentally accurate.  But this is just sparring.  Just make it harder for protagonists to do (people used to call it counter subversion), and it can settle back down to state-on-state “normality”, albeit 21st Century normality.

However, experts have seen nothing to suggest that any malicious actors, state sponsored or otherwise, have the will to affect the technical and practical electoral machinery. Directly affecting voting platforms carries significantly higher risk of compromise compared to misinformation campaigns that can provide actors with a degree of plausible deniability’, and in the case of, say electoral rolls, fundamentally wouldn’t achieve anything lasting with the voting infrastructure used in the UK, other than disruption and delay.

As the country adopts new voting technologies, the opportunities for state meddling in this aspect become much more interesting. However, this is something the UK – in the form of the new NCSC – is acutely aware of.

>See also: Fighting fake news through technology

At this stage, the most a state actor could hope to achieve is to hack into, and expose, political party strategy, secrets, membership or specific candidate information in a way that would be electorally damaging.

But to do this now this would now be tactical and speculative activity, and probably not for a sophisticated state player – unless a particular piece of information was hugely inflammatory and strategically damaging.

Which leaves us with the non-state activist or political agitator who chose to hack into party or candidate machinery and expose data for embarrassment and tactical political effect.  For all political parties and players this really should be a “business as usual” risk to manage both in terms of traditional reputational management and basic data and information security measures.

 

Sourced by Brian Lord, managing director of PGI Cyber

 

The UK’s largest conference for tech leadership, Tech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Comments (0)