This spring, Europe is going to the polls. This weekend the elections to the European Parliament take place, and will be held between May 23 and 26. Before that, the Spanish general elections were held on April 28. It is an important moment, one that will mark the immediate political future of the continent. However, as has been the case with many electoral processes over the last decade, there are many concerns about the cybersecurity of these elections, as well as the possible influence of fake news.

Cybersecurity’s effects on previous elections

During the campaign in the run-up to the 2016 United Kingdom European Union membership referendum, fake news was used extensively, spread on social networks to try to influence voter opinion. That same year, during the US presidential election campaign, a targeted cyberattack, supposedly carried out by a Russian agency, leaked a number of emails from the Democratic Party. And in 2017, two days before the final round of the French presidential election, over 20,000 emails from the campaign of the then candidate Emmanuel Macron were leaked. Once again, there were suspicions that a group linked to Russian military intelligence carried out this attack.

What are the worries today?

In this context, it is no surprise that fears abound about similar incidents occurring during this year’s elections. Former NATO Secretary-General, Anders Fogh Rasmussen, has warned that Russia will launch a major effort to meddle in the European elections, and the Spanish Ministry of the Interior warned of the “high risk” of suffering large-scale cyberattacks. Another concern that the Spanish government has is the spreading of fake news that will try to alter the opinions of voters.

A cybersecurity plan for the Spanish election

On April 1, the Spanish Ministry of the Interior set in motion a cybersecurity plan for the April 28 election. This year was the first time that such a plan included the possibility of a disinformation campaign aimed at altering voter intentions. The Government’s plan also warned of the high risk of an IT attack against vote counting technology, as well as the political parties’ websites.

To prevent this kind of situation, around 100 police officers, alongside experts from cybersecurity organizations, scoured the deep web and social networks. The plan included “security measures and actions” for before, during and after the election. This included measures to protect critical infrastructures and places related with the electoral process and the vote count, political parties’ headquarters, spaces where political rallies were held, and polling stations.

Just four days before the election, Facebook announced that it had removed three far right groups, which were spreading sensitive content and fake news. However, Facebook explained that the groups were removed due to behaviors that went against their policies, such as the use of fake accounts and the creation of accounts with the same name.

The European Union’s efforts

The Spanish government’s efforts to protect the country’s electoral cybersecurity brought forward the European Commission’s recommendations for the European elections at the end of this month,

In September last year, the European Union published a series of recommendations about cooperation networks, online transparency, protection against cybersecurity incidents, and the fight against disinformation campaigns in the context of the European Parliament elections.

In March, the Council of the European Union adopted an emergency response protocol for EU security forces. This gives a central role to the European Cybercrime Centre in coordinating the response to cross-border cybersecurity incidents. This immediate response to incidents will include rapid assessment, secure and timely sharing of critical info, and effective coordination of international aspects of their investigations.

One of the recommendations is that member states establish a national network to monitor and enforce rules related to online activities relevant to the electoral context. It also recommends the adoption of technical measures to ensure the availability, authenticity, confidentiality and integrity of any electoral services that use IT systems. This includes protecting the networks and systems used to register voters and candidates; to collect, process and count votes; and to communicate the results to the public.

Another recommendation is the implementation of measures to prevent cyberincidents and to protect against cyberattacks.

Fake news from Russia

Just two weeks before the start of the European elections, a report was published that found proof that as many as 241 million European citizens could have been exposed to a disinformation campaign. This campaign was allegedly carried out by a group of some 6,700 bad actors that shared fake content on social networks.

The European commissioner Sir Julian King said that the evidence “underlines the dangers of disinformation online”.

According to the company that produced the research, one of the reasons that these bad actors use fake news is that they “realise that hacking election infrastructure, and hacking the perception of reality and facts, are ultimately tactics to accomplish similar outcomes.” While getting past institutional cybersecurity is still a challenge, spreading this kind of information is relatively easy.

PASS2019: Discover the European Commission’s vision

The next few months will clearly be key to the immediate future of the European Union, and will present some serious challenges in the area of cybersecurity. If you want to know more about the standpoint of the European Commission, don’t miss the Panda Security Summit 2019. At the event, Rafael Tesoro Carretero, Programme Officer – EU Policies, will share his vision of the socio-political framework set out in National Security Strategies, as well as the needs that arise when applying it to the European business environment.

You can register here