Cyber threats to elections

Cyber threat Cyber threatA threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries. activity targeting democratic processes is on the rise worldwide. Leading up to and during an election, cyber threat actors may launch cyber attacks to:

  • disrupt election infrastructure
  • steal sensitive information
  • infect democratic institutions with malware

Cyber threat actors targeting elections also engage in online influence campaigns to:

  • influence voters
  • spread disinformation about the election
  • potentially discredit the voting process

Any of these actions can undermine public confidence in the election results.

On this page

Reports on cyber threats to Canada’s democratic process

The Cyber Centre’s reports on cyber threats to Canada’s democratic process aim to inform Canadians about the global trends in cyber threat activity targeting national elections and their potential impacts on Canada.

How threat actors target elections

Threat actors can use a variety of tools online to:

  • disrupt election infrastructure using distributed denial-of-service (DDoS) attacks
  • compromise or mimic user identities to spread disinformation on social media or perpetuate voter fraud
  • exploit remote work environments to compromise systems and gain unauthorized access to election management or political party systems
  • launch online foreign influence campaigns to discredit the democratic process
  • use ransomware-based attacks to disrupt access to election data and systems leading to interruption of election services
  • generate synthetic content using artificial intelligence to covertly manipulate information online and influence voter opinions and behaviours

How to protect your systems and data

  • Patch election and IT systems regularly and avoid using outdated software and hardware systems
  • Enable multi-factor authentication on social media and email accounts
  • Use strong passwords and passphrases to secure access to social media and email accounts
  • Avoid sharing passwords and ensure each user has unique credentials associated with their access
  • Train your staff on basic cyber security best practices, including procedures for identifying and handling suspicious emails
  • Implement a high availability and disaster recovery strategy

Guidance and training on cyber threats to elections

The Cyber Centre is committed to raising awareness of cyber threats to Canada and protecting the integrity IntegrityThe ability to protect information from being modified or deleted unintentionally or when it’s not supposed to be. Integrity helps determine that information is what it claims to be. Integrity also applies to business processes, software application logic, hardware, and personnel. of Canadian elections. Below you’ll find links to tailored guidance and training to help you mitigate the impacts of cyber threats to elections, whether you’re a member of a political party, a voter, an election authority or a vendor.

Guidance for political parties

Cyber actors target political party candidates, political party members, elected representatives and their staff.

The following resources provide advice and guidance for those involved in politics:

Guidance for voters

Voters can be targets of online influence campaigns aimed at undermining public confidence in the electoral process. Such campaigns can use social engineering Social engineeringThe practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or internet to trick people into revealing sensitive information. For example, phishing is a type of social engineering. , disinformation and generative AI to influence voters’ opinions and behaviours.

The following resources provide advice and guidance for voters:

Guidance for election authorities

Election management authorities and their staff interact with a vast array of sensitive and personal information. Threat actors could target this information using techniques such as ransomware RansomwareA type of malware that denies a user's access to a system or data until a sum of money is paid. , distributed denial-of-service campaigns and spear phishing Spear phishingThe use of spoofed emails to persuade people within an organization to reveal their usernames or passwords. Unlike phishing, which involves mass mailing, spear phishing is small-scale and well targeted. .

The following resources provide advice and guidance for election authorities:

Guidance for vendors

Private sector organizations involved in delivering election-related services could also be targeted by cybercriminals for financial gain. This may directly or indirectly impact on front line electoral services.

The following resources provide advice and guidance for vendors:

Training for democratic institutions

The Cyber Centre’s Leaning Hub offers a self-paced 30- to 60 -minute online course that provides Canadian democratic institutions workers with the tools and knowledge they need to make educated decisions about securing their IT infrastructure. This course requires a Learning Hub account.

Top of page
 

Political party candidate dedicated cyber security support

The Cyber Centre provides Federal Ministers and Deputy Ministers with centralized expertise to help with cyber security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. concerns. This 24/7 hotline provides cyber security support, and tailored advice and guidance.

This service is extended to federal political party candidates of all registered political parties during campaigns and to federal political parties during an election. The contact information is available through your official party representative.

Outside of election periods, the Cyber Centre has a dedicated point of contact political parties can reach out to on cyber security matters.

Additional cyber security resources

Many cyber threats can be mitigated through awareness and best practices in cyber security. These additional resources can help you reduce the risks associated with cyber threats to elections.

Report a cyber incident

Reporting a cyber incident helps the Cyber Centre keep Canada and Canadians safe online. Your information will enable us to provide cyber security advice, guidance and services.

Get Cyber Safe

Get Cyber Safe is a national public awareness campaign created to inform Canadians about cyber security and the simple steps they can take to protect themselves online.

 
Date modified: