Today Canadians vote on who they want their next prime minister will be. It is an important decision for any Canadian. It is what we are focused on today. But amid the partisan cacophony, few of us take the time to appreciate the efforts that made this day happen.
Fair, free, and secure elections are fundamental to any democracy. And as such, ensuring people could vote with confidence is a national interest. The stakes are therefore high, and foreign adversaries know that too.
These three scenarios can derail Election Day:
• Physical Attack
• Cyber-attack
• Information Engineering
Physical Attack
A physical attack (terror attack) around a ballot will send a clear message that voting is unsafe and dangerous. It will impact turnout, trust, and might even cause election day cancellation. The impact of such an attack is severe, but its' probability is lower compared to the other two scenarios. An organized physical attack requires unique preparations and is highly aggressive. More importantly, not only does such an attack leave fingerprints on the scene, it is visible to all. Everyone knows it has happened. Therefore its results on election day could be easily identified and contested. Additionally, the adversary behind the aggression can expect fierce retaliation.
Cyber-attack
A cyber-attack impacting the confidentiality, integrity, or availability of the electoral process can erode trust in systems and platforms, impact turnout, and undermine the outcome of an election. The underlying infrastructure facilitation elections are diverse and complex. From voter registration to voter-book preparation, to ballot facilitation, to results aggregation, analysis, reporting, communication, and audit. These, and more, must be secured at transit and at-rest. To make matters even more complex, there could be differences among some of the ridings, cities, and provinces. A lot of moving parts, and with great complexities come many vulnerabilities.
Therefore the infrastructure must be ironclad. It needs to be able to prevent attacks as much as possible, and it also needs to be resilient enough to detect and remediate if someone or something went through. This is extremely critical in tight race elections where elections can go either way. For example, imagine if an advisory could change 1 out of 10 votes. Without the proper defenses and controls, it would go unnoticed and could change the outcome of the Day. There are many more attack scenarios, but we are not here to provide others with those ideas…
Information Engineering
The last, but not least scenario, is “information engineering", which encompasses the worlds of misinformation, disinformation, and malformation. These are broad campaigns that are meant to find, create, or deepen cracks within communities in a country to saw discords, instigate animosity, and manipulate public discussion. It is done to convince certain audiences or demographics to support a specific idea, movement, or process. In many situations those manipulations create distrusts in systems (voting, legal, etc.), they shape candidates' behaviors and impact election turnout and outcome.
The simplest way to describe those campaigns is with the term “fake news” but the magnitude of these efforts is far greater. They infiltrate legitimate news sites, social networks, and other platforms of information distribution to create a real-fake or fake-real reality.
You should know that many organizations, government agencies, and vendors have worked tirelessly to make sure our Day is both resilient and secure. If we don’t hear about them in the next few weeks it means that they have done a good job!
Something to think about when casting your vote today.