CSE has examined dozens of incidents over the past ten years in which adversaries used cyber capabilities to target the democratic process. These incidents victimized almost 40 nations, on five different continents, and include some of the richest – and poorest – nations in the world. Given the covert nature of many of these activities, we assume that there is likely to be a significant number of incidents for which we have no visibility.
Strategic and incidental threats
Over the past ten years, the majority of adversary activity against the democratic process has been strategic (approximately 80 percent). This means that adversaries took action for the express purpose of influencing the democratic process. About three-quarters of this strategic activity have been of medium or high sophistication. The remaining 25 percent mostly involved cybercriminals stealing voter information and was mostly low-sophistication activity.
Of the strategic activity observed, 53 percent of the time adversaries targeted more than one aspect of the democratic process. Electoral activities were targeted just over half the time (53 percent), followed by political parties and politicians (47 percent) and media (46 percent). Therefore, all three aspects of the democratic process appear to attract adversaries.
Worryingly, there is an upward trend in the amount of cyber threat activity against democratic processes. So far, in 2017, 13 percent of countries holding national elections have had their democratic process targeted. We judge that it is highly probable that cyber threat activity against democratic processes worldwide will increase in quantity and sophistication over the next year, and perhaps beyond that.
There are a number of factors that contribute to this increase in cyber threat activity.
- Many effective cyber capabilities are readily available, cheap, and easy to use.
- Deterring cyber threat activity is challenging. We are unable to attribute about 20 percent of incidents to a particular adversary. Of those incidents that are attributed, most appear to have gone unpunished.
- The rapid growth of social media coupled with the decline in longstanding authoritative sources of information make it easier for adversaries to use cyber capabilities and other methods to inject disinformation and propaganda into the media to influence voters.
- Elections and election agencies are adopting more online processes, making them more vulnerable to cyber threats.
- There is a dynamic of success emboldening adversaries to repeat their activity, and to inspire copycat behaviour.
Figure 14: Targeting of democratic processes related to a national election, globally
Figure 14 - Description
|Year||Number of Elections||Number Targeted|