Hacking is becoming synonymous with state election processes: is this the new political norm?
The last two years have been incredibly eventful in the world of politics: The United Kingdom (UK) voting to leave the European Union (EU); Donald Trump defeating Hillary Clinton to become the 45th US president and; Emmanuel Macron’s newly formed En Marche! party winning the French election to stop the populist National Front party getting into power.
These events all have a dark undertone in common threatening our democratic freedom – hacking. Let’s briefly look at how hacking has affected each campaign.
In the run up to the UK EU referendum in 2016, the website which enabled people to register to vote suffered downtime, forcing the official deadline to be extended. At the time David Cameron agreed to extend the registration of voters by 48 hours after the website experienced ‘record demand’. However, another cause for the crash could have been a targeted denial of service attack. Fresh evidence suggests that state sponsored cyber terrorism originating from Russia could have targeted the referendum website potentially influencing the outcome of the campaign.
The 2016 US election will go down in history as one of the most controversial to date for a number of reasons: Hillary Clinton would have been the first female president; Donald Trump had no prior political experience and; the evident increasing electorate engagement and trust shown in the news on social media channels. However, perhaps the largest controversy that is still ongoing today, has been around the email hacking of the US Democratic Party. In the run up to the election, a simple typo involving a phishing scam enabled Russian hackers to access thousands of emails of Hillary Clinton’s campaign chairman. The email cache was given to WikiLeaks who released them into the public domain and the scandal dominated the election news and was extensively exploited by Trump. According to the Guardian Newspaper, further investigations by the CIA have discovered that the Kremlin deliberately intervened in the election to help Trump become president. The level of hacking that occurred during this election was unprecedented and going forward, government agencies will have to find ways to protect political parties and the electorate against these serious cyber threats.
The most recent election in France saw Emmanuel Macron defeat Marine Le Pen by a decisive margin on 7th May 2017. However, on the eve of the election a ‘massive and coordinated’ hacking attack targeted the En Marche! campaign. According to his team tens of thousands of internal emails and other documents, including some said to be false, were released into the public domain, halting campaigning, just one day before the deadline . The authentic leaked documents were deemed all lawful and given the timing, the French Election commission banned any reporting of the contents. En Marche! went on to win by a considerable majority but, the hacking could have been significantly worse for the campaign had Le Pen adopted a Trump style tactic of exploiting the leak.
What are the costs associated with a political campaign that is the subject of a high-profile hacking attack?
The largest associated cost is the potential to lose a political campaign as a result of highly sensitive and confidential data being released into the public domain which could potentially cause irreparable reputational damage. Political reputation is one of the most important factors during a campaign and the public need to trust the credibility of a party if they are to vote for them. A data breach brings about doubt and raises a number of questions around national security. This is especially poignant where the data targeted by hackers is information parties do not want in the public domain. Leaked information attracts considerable negative press coverage, often exacerbated when politics is involved. Apart from reputational damage, a political party could face data restoration costs, system repair costs, public relations expenses, costs of notification to regulatory bodies and other interested parties, legal expenses and the costs of engaging with cyber security experts.
How can cyber insurance help a political party?
Political parties have a different legal status to traditional organisations. However, this does not mean they should not be purchasing a range of insurances including cyber. Cyber insurance provides several first party covers that would be of huge benefit to political parties. Whilst political reputation is uninsurable, there are certainly protections that a cyber policy offers such as the data restoration, ransomware extortion, system repair and access to cyber security consultants that would be of benefit to political parties. Cybercrime occurs daily and the examples above highlight that political parties are not exempt from these attacks. In fact, many are targeted more regularly given their political profiles. Robust IT infrastructure combined with a comprehensive cyber insurance policy will provide a political party with a holistic risk management strategy during a campaign.
Safeonline is an experienced insurance broker in Cyber, Technology and Media insurance who can help find the right insurance products to respond to the changing digital landscape. For more information please email Henry.Sanderson@safeonline.com