With elections increasingly dependent on modern technology, cybersecurity has become a vital shield against election violence and manipulation. Cyberattacks present a growing threat to both nascent and mature democracies, as they can shape the election process, erode citizen trust and trigger other forms of election violence. The 2019 elections in Indonesia and Ukraine illustrate the threat cyberattacks pose, even in relatively consolidated and stable democracies.

An overhead view of electronic voting machines in Miami, FL. (Vincent Laforet/The New York Times)
An overhead view of electronic voting machines in Miami, FL. (Vincent Laforet/The New York Times)

Cyberattacks are increasingly used by government-linked groups and private individuals to target corporate, financial, and, more recently, democratic institutions. The perpetrators and their motivations often remain unclear, but cyberattacks qualify as election violence given their ability to undermine election authorities and shape results. Common tactics include distributed denial-of-service (DDOS), phishing, and malware attacks against critical infrastructure and networks. Election officials around the world have embraced advanced technologies for voter registration and results management systems. But those new technologies create new vulnerabilities, especially if there is a lack of technical expertise, modern equipment, and necessary cyber hygiene.

While the threat that cyberattacks pose to elections are recognized, international and domestic legal frameworks are insufficiently developed to ensure robust prevention and enforcement efforts. As technology rapidly transforms, prevention strategies must look forward, securing the next election rather than repairing vulnerabilities exposed in the previous election. Election management bodies (EMBs) will also face a difficult balancing act to secure their processes while preserving transparency.

In Ukraine, the Central Election Commission (CEC) has long suffered from technological vulnerabilities and a lack of technical training for staff, compounded by legal and procedural hurdles. In 2014, a cyberattack disabled CEC network nodes and erased numerous components of the election system, including the Results Management System, using advanced cyberespionage malware. In 2015, Ukraine suffered from a successful attack on its power grids, and a malware attack—known as (Not)Petya—infiltrated Ukrainian banks, government agencies and electricity firms in 2017.

With presidential elections this spring, and parliamentary elections in October, Ukraine has taken important steps to protect its election infrastructure, mostly through trainings by international specialists, improving its ability to withstand the surge in attacks on electoral servers and the personal computers of election staff.

With legislative and presidential elections scheduled on April 17, Indonesia has similarly suffered from cyberattacks targeting its electoral infrastructure. The head of the National Election Commission (KPU), Arief Budiman, remained confident that the increase in attacks against Indonesia’s voter database will not disrupt the voting process. Despite this, the threat posed by cyberattacks in the form of targeting candidates’ private data remains a concern.

The Impact of Cyberattacks on Democracy and Political Stability

While cybersecurity measures can strengthen institutions and electoral processes, they also shape the tactical considerations of would-be perpetrators of election violence. Cyberattacks could provide an alternative to more traditional forms of election violence as a method to shape election results, delegitimize the vote, or create general distrust in institutions.

As cyberattacks generally have a lower cost and provide the advantage of anonymity, an increase in the use of cyberattacks could perversely lower the risk of violence in the streets, at least in the short-term. The subsequent loss of legitimacy in the electoral process can also increase the risk of post-election violence, for instance as delayed results announcements create the suspicion of fraud.

Cyberattacks erode public trust in the electoral process and offer losing parties or candidates another reason to question and challenge the results. Preventing cyberattacks requires not only the adequate funding for EMBs to secure their digital infrastructure, but also educating the public and election staff on the complexities of hybrid warfare and its associated risks.

Related Publications

Iraq’s Democratic Imperative: Getting Provincial Elections Right

Iraq’s Democratic Imperative: Getting Provincial Elections Right

Monday, August 5, 2019

By: Sarhang Hamasaeed; Adam Gallagher

Iraq’s landmark 2018 national elections—the first since the military defeat of ISIS—presented an opportunity for a much-needed course correction for the country’s sclerotic political process. Unfortunately, that opportunity was not seized properly. The vote was marred by claims of widespread fraud, low voter turnout, a delayed results announcement and a protracted government formation process. Originally scheduled for the spring of 2017, Iraq’s parliament recently delayed provincial elections again, moving the date to early April 2020. The election delay will give Iraq’s institutions further time to do the important work necessary to get these elections right and, thus, get Iraq’s politics on the right track. But, it is urgent for this work—bolstered by support from the international community—to start now.

Democracy & Governance; Electoral Violence

Burma’s Big Test: Preventing Election Violence in 2020

Burma’s Big Test: Preventing Election Violence in 2020

Tuesday, July 2, 2019

By: Jonas Claes

The people of Burma will head to the polls in late 2020 to elect more than 1,100 representatives to national, state, and regional legislative bodies. During a recent field assessment, the U.S. Institute of Peace confirmed that the risk of election-related violence is surprisingly low considering the ongoing conflicts and multitude of grievances. However, hate speech, disinformation, and intense competition between parties could create violent incidents, particularly during the campaign period. Early efforts to promote peaceful elections need to start now as the window for effective prevention will soon be closed.

Electoral Violence

Exposure to Violence and Voting in Karachi, Pakistan

Exposure to Violence and Voting in Karachi, Pakistan

Wednesday, June 19, 2019

By: Mashail Malik ; Niloufer Siddiqui

Pakistan’s 2018 elections marked just the second time in history that power transferred peacefully from one civilian government to another after a full term in office. Although the initial months of campaigning were relatively free of violence, the two weeks before polling were dangerous for campaigners and voters alike, and the elections provided a platform for some parties to incite violence, particularly against Pakistan’s minority sects. This report provides a deep examination of how exposure to political violence in Pakistan’s largest city affects political behavior, including willingness to vote and faith in the democratic process.

Electoral Violence

Amb. Bill Taylor on Ukraine’s Presidential Elections

Amb. Bill Taylor on Ukraine’s Presidential Elections

Wednesday, April 24, 2019

Following his election observation, Taylor discusses Volodymyr Zelenskiy’s victory and how he can build support at home and abroad. “The president-elect is already getting a lot of support from the international community,” and if he implements the pro-Western policies he advocated during the campaign the U.S. will continue to strengthen bilateral ties, says Taylor.

Democracy & Governance; Electoral Violence

View All Publications