The Election Commission of India (ECI) recently released a document outlining cybersecurity guidelines for the upcoming Assembly elections.
All Indian states have received detailed cybersecurity guidelines, which include a special audit of all ICT applications hosted by the chief electoral officer, cyber hygiene for the electoral staff, and detailed application/infrastructure level guidelines.
According to the document, ECI has taken several steps to ensure cyber safety for the Lok Sabha (House of the People) Elections.
ECI has created clear regulations for cybersecurity and educated its entire electoral staff through several workshops. One of its major initiatives was to revamp old applications, reduce the number of applications, and consolidate them into a few manageable ones.
Furthermore, all applications have been built with cybersecurity measures in design by default. The core principles are to reduce the attack surface area, deploy defence-in-depth, and to fix security issues correctly.
All websites have been audited internally by security experts. Every critical application has been scanned.
All National Cyber Security agencies have been put on high alert and the appropriate defences have been constructed outside the application approach areas.
On 21 August, ECI instructed all chief electoral officers in states and union territories (UT) to conduct a security audit of all websites and applications while emphasising on re-audit of already hosted applications.
ECI also set up a Cyber Security wing in Delhi. It will undertake the internal security audit of all websites and applications from all states and UTs.
A Commonwealth Guide on election cybersecurity is being developed to support election management bodies. It will help manage the risks associated with technologies in elections.
This programme was part of a wider project aimed at supporting Commonwealth member countries to implement the Commonwealth Cyber Declaration adopted by member governments in April 2018.
The Cyber Security Guide will be a stepping-stone for all election management bodies. It will also create a platform to share best practices in cybersecurity.
Cyber-attack trends during elections
Phishing
Phishing is the most common way of stealing information today. The attacks are getting more sophisticated every day. A 2018 study showed that there is a 297% increase in retail phishing websites as compared to the previous year.
Cybercrimes through mobile phones
Cybercriminals are developing customised applications to increase their anonymity to avoid detection by making it difficult to track them. On average, 82 rogue mobile applications are identified every day.
Digital dictatorships and information warfare
Countries are trying to regulate the digital space. ICT Systems are being designed to control and coerce citizens, in a gigantic social engineering that some have called a ‘gamification of trust’; a society where individuals are under round-the-clock surveillance.
New technologies might tempt governments across the world to build unprecedented totalitarian regimes to monitor and control. Massive surveillance, big data coupled with artificial intelligence is making it easy to monitor and control billions of people and threaten democracies and the fundamentals of electoral processes.