Report of the Communications Security Establishment (CSE)
The recent cyber threat activity against the democratic process in the United States and Europe has raised concerns about similar threats to Canada. In this assessment, we consider the cyber threats to Canada’s democratic process at the federal, provincial/territorial, and municipal levels of government. We restrict our analysis of the democratic process to three important aspects that adversaries can target: elections, political parties and politicians, and the media.
To better understand the threat environment, CSE examined cyber threat activity against democratic processes both in Canada and around the world over the past ten years. In this assessment, we review cyber capabilities and how adversaries use these capabilities in sophisticated ways to influence a democratic process. We provide our assessment of cyber threat activity targeting democratic processes – both around the world and in Canada – and what we expect to see against the 2019 federal election, political parties and politicians, and the media relevant to the election.
Cyber threat activity against the democratic process is increasing around the world, and Canada is not immune. In 2015, during the federal election, Canada’s democratic process was targeted by low-sophistication cyber threat activity. It is highly probable that the perpetrators were hacktivists and cybercriminals, and the details of the most impactful incidents were reported on by several Canadian media organizations.
A small number of nation-states have undertaken the majority of the cyber activity against democratic processes worldwide, and we judge that, almost certainly, they are the most capable adversaries.
However, to date, we have not observed nation-states using cyber capabilities with the purpose of influencing the democratic process in Canada during an election. We assess that whether this remains the case in 2019 will depend on how Canada’s nation-state adversaries perceive Canada’s foreign and domestic policies, and on the spectrum of policies espoused by Canadian federal candidates in 2019.
We expect that multiple hacktivist groups will very likely deploy cyber capabilities in an attempt to influence the democratic process during the 2019 federal election. We anticipate that much of this activity will be low-sophistication, though we expect that some influence activities will be well-planned and target more than one aspect of the democratic process.
Regarding Canada’s democratic process at the federal level, we assess that, almost certainly, political parties and politicians, and the media are more vulnerable to cyber threats and related influence operations than the election activities themselves. This is because federal elections are largely paper-based and Elections Canada has a number of legal, procedural, and information technology measures in place.
We assess that the threat to Canada’s democratic process at the sub-national level (i.e. provincial/territorial and municipal) is very likely to remain at its current low level. However, some of Canada’s sub-national political parties and politicians, electoral activities, and media are likely to come under increasing threat from nation-states and hacktivists.
Over the past five years, there has been an upward trend in the amount of cyber threat activity against democratic processes globally. So far, in 2017, 13 percent of countries holding federal elections have had their democratic process targeted.
Adversaries worldwide use cyber capabilities to target all three aspects of the democratic process (i.e. elections, political parties and politicians, and traditional and social media).
- Against elections, adversaries use cyber capabilities to suppress voter turnout, tamper with election results, and steal voter information.
- Against political parties and politicians, adversaries use cyber capabilities to conduct cyberespionage for the purposes of coercion and manipulation, and to publicly discredit individuals.
- Against both traditional and social media, adversaries use cyber capabilities to spread disinformation and propaganda, and to shape the opinions of voters.
We judge that it is highly probable that cyber threat activity against democratic processes worldwide will increase in quantity and sophistication over the next year, and perhaps beyond that. The reasons for this include:
- Many effective cyber capabilities are publicly available, cheap, and easy to use.
- The rapid growth of social media, along with the decline in longstanding authoritative sources of information, makes it easier for adversaries to use cyber capabilities and other methods to inject disinformation and propaganda into the media and influence voters.
- Election agencies are, increasingly, using the Internet to improve services for voters. As these services move online, they become more vulnerable to cyber threats.
- Deterring cyber threat activity is challenging because it is often difficult to detect, attribute, and respond to in a timely manner. As a result, the cost/benefit equation tends to favour those who use cyber capabilities rather than those who defend against their use.
- Finally, there is a dynamic of success emboldening adversaries to repeat their activity, and to inspire copycat behaviour.
Read the full report here.