{"id":32727,"date":"2017-07-06T11:01:08","date_gmt":"2017-07-06T01:01:08","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=32727"},"modified":"2017-10-31T15:52:31","modified_gmt":"2017-10-31T04:52:31","slug":"cyber-threats-democracy-fire-two-fronts","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/","title":{"rendered":"Cyber threats\u2014democracy under fire on two fronts"},"content":{"rendered":"

National election campaigns remain vulnerable to cyber threats in two main areas, as ASPI\u2019s International Cyber Policy Centre noted in its recent publication, Securing democracy in the digital age<\/em><\/a>.<\/p>\n

Political elections consist of the procedural and technical processes to collect and tally votes and the arena of ideas where policies, platforms and promises are debated and discussed. In the 2016 US presidential election, for example, attempts were made to manipulate<\/a> both the voting <\/a>apparatus<\/a> and the public discourse<\/a>.<\/p>\n

<\/figure>\n

Canada\u2019s Communications Security Establishment<\/a> (CSE), the counterpart of the US National Security Agency and the Australian Signals Directorate, has just released a report titled Cyber threats to Canada\u2019s democratic process<\/em><\/a>. The report takes a threat modelling<\/a> approach to identifying election risks. That process helps people to understand and prioritise threats by identifying potential attackers and how they could carry out an attack. The report identifies possible threats (or \u2018threat actors\u2019 in security jargon)\u2014such as hacktivists, cybercriminals, terrorists and nation-states\u2014that might interfere with the democratic process, and assesses their motivations and capabilities.<\/p>\n

Some can be classed as incidental threats. Cybercriminals might accidentally affect an election because they\u2019re casting a wide net in their criminal enterprise, but are not likely to intentionally try to affect the election outcome. Hacktivists or nation-states might deliberately try to influence the outcome of an election, and CSE classifies those as strategic threats.<\/p>\n

The report examines how threat actors might influence an election, such as through distributed denial-of-service attacks that overwhelm a site with bogus internet traffic, defacing a website, cyber-espionage and spreading fake news.<\/p>\n

The modelling quickly identifies threats to entities involved in the election process, such as political parties, electoral commissions, voters and the media, and helps them prioritise those threats according to their consequences and likelihoods.<\/p>\n

Understanding the environment and having an accurate assessment of the threats are key. CSE used both open-source and classified intelligence to assess threats and provides case studies that illustrate how democratic processes have been affected by cyber intrusions.<\/p>\n

CSE assesses that hacktivist activity is all but certain at the next Canadian election in 2019. It is unsure about whether nation-states (i.e. Russia) will make an appearance, saying that will depend on how adversaries perceive Canada\u2019s foreign and domestic policies, and on the spectrum of policies candidates espouse.<\/p>\n

The CSE report doesn\u2019t suggest solutions or mitigation strategies. But what can it tell us about protecting Australian democracy?<\/p>\n

An all-source report, using both open and classified information on the threats facing Australian democracy, would be a useful start.<\/p>\n

The Australian and Canadian situations are similar. Based on open-source reading, it\u2019s highly likely that hacktivists will attempt to interfere with Australia\u2019s next election. A foreign power may attempt to interfere depending on the state of politics and issues.<\/p>\n

The Australian Electoral Commission should identify and protect high-value targets such as the electoral roll. Electoral databases are a potential point of leverage that could be manipulated or altered to swing elections or sow distrust in the system. There were widespread attempts<\/a> to access voting systems in the 2016 US election.<\/p>\n

Reports by the Australian Parliament<\/a> and the Electoral Council of Australia and New Zealand<\/a> (PDF) into electronic voting options are sensibly sober, giving highest priority to security and verifiability, while also recognising that increasing the use of technology in elections is desirable for efficiency and speed. The Joint Standing Committee on Electoral Matters recommended that current paper voting systems be augmented with electronic counting, so that paper audit trails are maintained while counting speed and accuracy are increased.<\/p>\n

A key element would be to publicise the verification and audit procedures so that Australians maintain trust in the election outcome and see any attempted hack as causing a delay within a robust process rather than throwing the whole process into doubt.<\/p>\n

Cyber-influence operations that are designed to swing public opinion\u2014by spreading fake news or by releasing information to tarnish reputations\u2014are much more troubling. Those operations require relatively few resources, take advantage of freedom of speech and expression, and use the media to amplify their message. By contrast, authoritarian governments, with their control of the media and willingness to quash dissent, are practically immune. Such attacks are also highly leveraged, taking few resources to achieve large effects.<\/p>\n

Given the relatively cheap and asymmetric nature of the threat, adversary nation-states are likely to employ it whenever it\u2019s in their interests. And it\u2019s easier to carry out such attacks than to prevent them. It\u2019s hard to even decide who has responsibility for tackling cyber-influence attacks in a democracy, and we don\u2019t yet have a ministry of truth.<\/p>\n

A well-informed and engaged populace is a good start, so critical thinking, especially as it relates to the internet, should be in the school curriculum. Publicly exposing influence operations is crucial and should occur within a bipartisan framework developed well away from the heat of an election. In the 2016 US election, partisan politics played a key role in preventing a timely response by the Obama administration to Russian attempts<\/a> to influence the outcome of the poll.<\/p>\n

Publicly exposing influence operations also raises the thorny issue of classifying information to protect sources and methods. US government information released in various cyber cases (e.g. Sony Pictures hack<\/a>; 2016 US election<\/a> (PDF)) has tended to be so vague as to be unconvincing and, given the public\u2019s declining trust in government, it\u2019s not effective\u2014for some large minority of the population\u2014for intelligence agencies to say, \u2018Trust us, we know things\u2019. But transparently revealing all your corroborating information is a terrible idea, too. Rather, it\u2019s a case of appropriate calibration and balancing the possible future value of intelligence sources against the need to protect Western democracies from foreign interference.<\/p>\n

Finally, we should look to the Europeans<\/a> for advice and inspiration. They\u2019ve been dealing with influence operations of various sorts since World War II and have considerable expertise in countering them.<\/p>\n","protected":false},"excerpt":{"rendered":"

National election campaigns remain vulnerable to cyber threats in two main areas, as ASPI\u2019s International Cyber Policy Centre noted in its recent publication, Securing democracy in the digital age. Political elections consist of the procedural …<\/p>\n","protected":false},"author":618,"featured_media":32728,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[391,106,83,399],"class_list":["post-32727","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber","tag-democracy","tag-elections","tag-parliament"],"acf":[],"yoast_head":"\nCyber threats\u2014democracy under fire on two fronts | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber threats\u2014democracy under fire on two fronts | The Strategist\" \/>\n<meta property=\"og:description\" content=\"National election campaigns remain vulnerable to cyber threats in two main areas, as ASPI\u2019s International Cyber Policy Centre noted in its recent publication, Securing democracy in the digital age. Political elections consist of the procedural ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-06T01:01:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-10-31T04:52:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/07\/Uren.png\" \/>\n\t<meta property=\"og:image:width\" content=\"634\" \/>\n\t<meta property=\"og:image:height\" content=\"263\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Tom Uren\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tom Uren\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/07\/Uren.png\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/07\/Uren.png\",\"width\":634,\"height\":263},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/\",\"name\":\"Cyber threats\u2014democracy under fire on two fronts | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/#primaryimage\"},\"datePublished\":\"2017-07-06T01:01:08+00:00\",\"dateModified\":\"2017-10-31T04:52:31+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber threats\u2014democracy under fire on two fronts\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a\",\"name\":\"Tom Uren\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g\",\"caption\":\"Tom Uren\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/thomas-uren\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyber threats\u2014democracy under fire on two fronts | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/","og_locale":"en_US","og_type":"article","og_title":"Cyber threats\u2014democracy under fire on two fronts | The Strategist","og_description":"National election campaigns remain vulnerable to cyber threats in two main areas, as ASPI\u2019s International Cyber Policy Centre noted in its recent publication, Securing democracy in the digital age. Political elections consist of the procedural ...","og_url":"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2017-07-06T01:01:08+00:00","article_modified_time":"2017-10-31T04:52:31+00:00","og_image":[{"width":634,"height":263,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/07\/Uren.png","type":"image\/png"}],"author":"Tom Uren","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Tom Uren","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/07\/Uren.png","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/07\/Uren.png","width":634,"height":263},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/","url":"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/","name":"Cyber threats\u2014democracy under fire on two fronts | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/#primaryimage"},"datePublished":"2017-07-06T01:01:08+00:00","dateModified":"2017-10-31T04:52:31+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/cyber-threats-democracy-fire-two-fronts\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Cyber threats\u2014democracy under fire on two fronts"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a","name":"Tom Uren","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g","caption":"Tom Uren"},"url":"https:\/\/www.aspistrategist.ru\/author\/thomas-uren\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/32727"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/618"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=32727"}],"version-history":[{"count":2,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/32727\/revisions"}],"predecessor-version":[{"id":34609,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/32727\/revisions\/34609"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/32728"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=32727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=32727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=32727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}