From introducing biometric voter verification machines in Kenya to testing an internet voting pilot in Norway, election management bodies (EMBs) have increasingly digitized elections in efforts to increase efficiency, promote transparency, and encourage greater voter participation. While many elections have increasingly involved technology, including digital voter rolls, biometric voter registration, and electronic voting machines, these critical democratic processes have become more susceptible to a rapidly evolving threat—cyberattacks. Failure to address cybersecurity risks inherent to a digitized electoral process can pose a grave threat to electoral integrity.

Poll workers read out presidential election ballot results to observers and officials in Tabarre in Port-au-Prince. Photo: Kendra Helmer/USAID.

Recognizing the need to secure election infrastructure, the U.S. Agency for International Development (USAID) supported DAI’s Digital Frontiers project and the International Foundation for Electoral Systems (IFES) to produce a five-part briefing series to help election stakeholders, bilateral and multilateral donors, and their implementing partners understand electoral cybersecurity risks. This series also provides an in-depth look at ways to secure voter registration and results management systems, recommendations on improving election cyber resilience, and outlines programming options to reduce cybersecurity risks before and during an electoral process.

Electoral Cyber Risk-Management Strategies, Mitigation Measures, and Recommendations

1. Electoral Cybersecurity Donor Program Development Guide: Despite its importance, cybersecurity is an often-overlooked component of election-focused international development programs. To help bridge the gap between electoral assistance programming and cybersecurity, this guide presents a four-step process to assess the electoral cybersecurity context and threat environment, identify EMB partners, assess EMB cybersecurity capacity, and determine the level of openness to cybersecurity programming assistance. The guide then summarizes options for supporting electoral cybersecurity programming and provides recommendations drawing on global best practices.

2. Cybersecurity and Elections Primer: As planning and administering elections is one of the most complex endeavors a country may undertake, EMBs and their partners must prepare for and adapt how they perceive, anticipate, and respond to evolving digital threats. To help stakeholders better integrate cybersecurity readiness into electoral assistance programming, this resource identifies potential impacts of cyberattacks on elections, introduces basic cybersecurity principles, characterizes risks in key components of the electoral process, describes cyber threat actors and their tactics, and introduces industry-standard frameworks to help guide cybersecurity planning and strategy.

3. Understanding Cybersecurity Throughout the Electoral Process: Designed to be useful to individuals that may not have prior cybersecurity knowledge, this resource provides an in-depth understanding of key concepts of cybersecurity for elections, risk management, the history and future of cyberattacks, and frameworks that can help guide cybersecurity planning and strategy.

4. Cybersecurity of Voter Registration: Citizens’ right to participate in elections is a cornerstone of democracy, and voter registration is crucial to achieving that participation. A credible registration process can help enfranchise eligible voters. However, voter registration systems susceptible to digital threats can create the appearance of a flawed registration process—potentially undermining the legitimacy of an entire election. This resource provides an overview of key technologies at risk in the voter registration process, introduces different types of threat actors and their motives, analyzes risks and impacts of cyberattacks, and outlines mitigation measures to better protect the voter registration process.

5. Cybersecurity of Election Results Management Systems: Election results management (ERM) is one of the most crucial parts of the overall electoral process. Even citizens who have no interest in politics pay attention to the results management process—because everyone wants to know who won. In the age of a rapid news cycle and social media, the slightest anomaly or hiccup in results management can quickly accelerate into a political crisis as voters want results in real time. To better secure election management systems, this resource looks at key technologies used for ERM processes, provides an overview of cybersecurity threats, threat actors, and motivations that can jeopardize ERMs, and examines options for election management bodies to secure their ERM systems.

People living with disabilities participate in a polling workshop ahead of a local election in Aceh. USAID funded inclusive efforts to create more democratic and credible electoral processes. Photo: USAID Indonesia.

What’s Next: A Call to Action

As digital technologies integrate with global elections, EMBs, political parties, and other stakeholders must prepare for and respond to the possibility of cybersecurity attacks. The international community, including USAID, other bilateral and multilateral donors, and implementing partners, can play an important role in supporting local actors to address these threats. However, EMBs and other election stakeholders must stay up to date with the rapid use of tech in electoral processes. These officials must also understand evolving cyber threat actors, their tactics, and their motivations. By drawing on the five-part publication series developed through a partnership between IFES’ Center for Applied Research and Learning, DAI’s Digital Frontiers, and USAID’s Center for Democracy, Human Rights, and Governance, election stakeholders can better protect highly sensitive and profoundly influential democratic processes while mitigating today’s most pressing digital threats.

To learn more about this five-part briefing series, visit here.

Alexander Riabov is a Senior Communications Specialist for DAI’s Digital Frontiers project.