Election hacking not fundamentally a cyber issue

Regarding the possibility of a foreign state influencing the outcome of an election due to cyber influence, the most important thing to understand is that hacking an election isn't, fundamentally, a cyber-issue. 

Nation states and “ non-state actors” (e.g. terrorist organizations, political parties, special interest groups, etc.) have always sought to influence elections through diplomacy and lobbying or interfere through clandestine means in other nation states' internal politics. From espionage and assassination to bribery and military missions, this is an old game that now simply has a new domain or battlefield. 

I've been asked before which actors or foreign powers are more likely to try and hack an election, and I urge people to take hacking out of it and ask the question “who wants to change the result in this election?” Think in terms of political parties, nation states and non-state actors. Now, factor back in cyber and ask "who has the means to do this or to achieve an end causing strife, threatening Pax Europa or France's or the UK's democratic values?” This is the short list and who the civilian, military, intelligence (domestic and foreign) and public safety authorities should be scrutinizing and preparing to detect and respond to.

Cyber is an ideal domain and set of asymmetric tools for conducting a cold war against an adversary, where there isn't “hot” gunfire, explosions and death, although it is becoming more-and-more possible to have kinetic world impact too.

So the question that truly has to be posed is “which foreign actors want to affect the French or even UK general election and have the means or motivation to exercise cyber assets to accomplish their goals? This is partly a technical question and partly a political and international relations question. Think of it this way: cyber changes the risk/reward options available as it is both less risky to engage in a cyber action and both more rewarding for achieving the desired end result. 

The tools available are many, but the attackers will take the path of least resistance among authentication cracking, account takeover (personal or professional), system compromise through physical access or phishing or vishing, compromise of partners or family, network tapping, phone rooting and many more in addition to the traditional options.

Finally it's worth remarking that voter fraud on a large scale isn't more common. The democratic process, for the most part, has resisted large scale, undue influence for a long time well. Nothing has changed internationally or domestically that points to large scale voter fraud, cyber or otherwise; and such things will stand out if the non-cyber electoral authorities and their integrity is maintained.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.