Cyber threat activity targeting democratic processes is on the rise worldwide. Leading up to and during an election, cyber threat actors may launch cyber attacks to:
- disrupt election infrastructure
- steal sensitive information
- infect democratic institutions with malware
Cyber threat actors targeting elections also engage in online influence campaigns to:
- influence voters
- spread disinformation about the election
- potentially discredit the voting process
Any of these actions can undermine public confidence in the election results.
On this page
- Reports on cyber threats to Canada’s democratic process
- How threat actors target elections
- How to protect your systems and data
- Guidance and training on cyber threats to elections
- Additional cyber security resources
Reports on cyber threats to Canada’s democratic process
The Cyber Centre’s reports on cyber threats to Canada’s democratic process aim to inform Canadians about the global trends in cyber threat activity targeting national elections and their potential impacts on Canada.
- Cyber threats to Canada’s democratic process: 2023 update
- Cyber threats to Canada's democratic process: July 2021 update
- Cyber threats to Canada's democratic process: 2019 update
- Cyber threats to Canada's democratic process: 2017
How threat actors target elections
Threat actors can use a variety of tools online to:
- disrupt election infrastructure using distributed denial-of-service (DDoS) attacks
- compromise or mimic user identities to spread disinformation on social media or perpetuate voter fraud
- exploit remote work environments to compromise systems and gain unauthorized access to election management or political party systems
- launch online foreign influence campaigns to discredit the democratic process
- use ransomware-based attacks to disrupt access to election data and systems leading to interruption of election services
- generate synthetic content using artificial intelligence to covertly manipulate information online and influence voter opinions and behaviours
How to protect your systems and data
- Patch election and IT systems regularly and avoid using outdated software and hardware systems
- Enable multi-factor authentication on social media and email accounts
- Use strong passwords and passphrases to secure access to social media and email accounts
- Avoid sharing passwords and ensure each user has unique credentials associated with their access
- Train your staff on basic cyber security best practices, including procedures for identifying and handling suspicious emails
- Implement a high availability and disaster recovery strategy
Guidance and training on cyber threats to elections
The Cyber Centre is committed to raising awareness of cyber threats to Canada and protecting the integrity of Canadian elections. Below you’ll find links to tailored guidance and training to help you mitigate the impacts of cyber threats to elections, whether you’re a member of a political party, a voter, an election authority or a vendor.
Guidance for political parties
Cyber actors target political party candidates, political party members, elected representatives and their staff.
The following resources provide advice and guidance for those involved in politics:
- Cyber security guide for campaign teams
- Cyber security advice for political candidates
- Fact sheet for Canadian political campaigns: Protect yourself online
- Parliamentarians: Report social media account impersonation
- Parliamentarians: Know how to manage an account compromise
- Campaign teams: Identify and handle malicious messages
- Securing access controls in a volunteer-based organization
- Security considerations when using social media in your organization
- Cyber security at home and in the office: Secure your devices, computers, and networks
Guidance for voters
Voters can be targets of online influence campaigns aimed at undermining public confidence in the electoral process. Such campaigns can use social engineering, disinformation and generative AI to influence voters’ opinions and behaviours.
The following resources provide advice and guidance for voters:
Guidance for election authorities
Election management authorities and their staff interact with a vast array of sensitive and personal information. Threat actors could target this information using techniques such as ransomware, distributed denial-of-service campaigns and spear phishing.
The following resources provide advice and guidance for election authorities:
- Cyber Security Guidance for Elections Authorities
- Cyber Security Playbook for Elections Authorities
- Distributed denial of service attacks - Prevention and preparation
- Security considerations for your website
- Spotting malicious email messages
- Ransomware playbook
- Ransomware: How to prevent and recover
Guidance for vendors
Private sector organizations involved in delivering election-related services could also be targeted by cybercriminals for financial gain. This may directly or indirectly impact on front line electoral services.
The following resources provide advice and guidance for vendors:
Training for democratic institutions
The Cyber Centre’s Leaning Hub offers a self-paced 30- to 60 -minute online course that provides Canadian democratic institutions workers with the tools and knowledge they need to make educated decisions about securing their IT infrastructure. This course requires a Learning Hub account.
Additional cyber security resources
Many cyber threats can be mitigated through awareness and best practices in cyber security. These additional resources can help you reduce the risks associated with cyber threats to elections.
Guidance to prevent cyber incidents
Guidance to respond and recover from cyber incidents
Report a cyber incident
Reporting a cyber incident helps the Cyber Centre keep Canada and Canadians safe online. Your information will enable us to provide cyber security advice, guidance and services.
Get Cyber Safe
Get Cyber Safe is a national public awareness campaign created to inform Canadians about cyber security and the simple steps they can take to protect themselves online.
