GCA and Partners Present a Global Elections Security Report

Ten concrete ways to improve democratic resilience

  • The Global Elections Security Report contains ten recommendations focusing on policy, technology, collaboration, skill, and resources that are critical to ensuring election security.
  • These actionable recommendations result from discussions held with 41 leaders in 16 countries, representing a broad range of sectors linked to global elections security.
  • Brian Cute, Chief Operating Officer and Capacity & Resilience Program Director at GCA said: “Nonprofit organisations, governments, industry, political parties, media, and citizens all have a role to play in collectively improving the integrity of our elections.”
  • You can read the full report here

LONDON, UK – 4 APRIL 2023  Malicious actors have identified cyberspace as an instrument of power and use cyber attacks as a key method to achieve their aims across a spectrum of intentions, from causing general chaos to changing specific electoral outcomes.

The Global Cyber Alliance (GCA), as part of its vision to enable a secure and trustworthy internet, presented today in London a Global Elections Security Report, following a series of multi-stakeholder roundtable discussions with the support of CrowdStrike and the International Foundation for Electoral Systems (IFES).

The way forward: A set of recommendations

The document offers ten actionable recommendations around policy, technology, collaboration, and skills and resources that are critical to ensuring election security through a whole-of-society approach.

“Nonprofit organisations, governments, industry, political parties, media agencies, and citizens all have a role to play in collectively improving the integrity of our elections,” said Brian Cute, Chief Operating Officer and Capacity & Resilience Program Director at GCA.

 

“It’s important for democracies to remember: You’re always in a pre-or post-election period. There’s simply no such thing as down time. This is why it’s important to remember that a high impact on election security can be achieved any time by modernizing IT and implementing well-established cybersecurity best practices like endpoint detection and response, threat hunting, and zero trust,” said Drew Bagley, CrowdStrike Vice President & Counsel, Privacy & Cyber Policy. “In Europe for example, if the best practices set by the European Union Agency for Cybersecurity (ENISA) are adopted as the standards for basic IT modernization, this would go a long way in protecting election security as well. This report is substantive and CrowdStrike is proud to have been part of the discussions that resulted in its recommendations.”

 

“Cybersecurity is an important component of democratic resiliency as countries continue to integrate technology into their elections. Diverse partnerships, holistic approaches, and accessible tools are needed to help election managers succeed and ensure electoral integrity,” added Dr. Tarun Chaudhary, Global Cyber Diplomacy Specialist, IFES.

To improve cybersecurity awareness and the deployment of accessible tools and solutions, GCA organised meetings with forty leaders from fifteen countries to focus on four related sub-topics: technology, policy, collaboration, and skills and resources.

As result of these discussions, GCA shares the following recommendations:

1. When looking at the use of technology, encourage a holistic approach to election security.

2. Adopt and implement legislation and policies to promote cybersecurity and information exchange about threats.

3. Promote standardised threat data and interoperability, which can also enable the measurement of policy effectiveness across sectors and geographies.

4. Build cybersecurity cycles independently from the election cycles, supported with the right level of cybersecurity planning and incident response capability.

5. Promote best practices and testing processes for each stage of the cycle, including regular threat assessments using tools such as the IFES HEAT [1] Process.

6. Promote transparency as a key element of trust, helping ensure the integrity of the people managing the elections process and of the technology they use.

7. Provide support to election management bodies (EMBs) to comply with high cybersecurity standards through information exchange and a coordinated approach.

8. Build collaborative frameworks to help under-resourced election management bodies access information and best practices, especially in small countries.

9. Promote accessible cybersecurity resources for election management bodies, media, civil society organisations, and political parties. A selection of initiatives is included in the report.

10. Promote digital skills and literacy, including the ability of people to implement cybersecurity and to understand when information sources are reliable.

Although plenty of online cybersecurity resources are available, they are often inaccessible in many parts of the world due to budget and other constraints. To address these recommendations, GCA will form a working group to identify and undertake concrete implementation steps, collaborating with the Advisory Group for GCA Cybersecurity Toolkit for Elections, as well as other global partners.

The group will also seek, consistent with the availability of resources, to support the development and dissemination of tools to aid election management bodies globally, such as:

  • Implementation guides as appropriate to support the report’s recommendations.
  • Expansion of the GCA Cybersecurity Toolkit for Elections to make it more accessible/consumable for global audiences.
  • A guide or other resources to combat dis-, mis-, and malinformation.

You can read the full report here.


About the Global Cyber Alliance
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. GCA works with our partner community worldwide to build practical, accessible resources and measure their impact, in order to achieve a secure, trustworthy Internet that enables social and economic progress for all.

(1) Chaudhary, T. (2022 July), Primer: Cybersecurity and Election, USAID, DAI, and IFES publication. Available online.

 

For more information please contact:

Kayle Giroud: [email protected]
Marina Calvo: [email protected]