With elections increasingly dependent on modern technology, cybersecurity has become a vital shield against election violence and manipulation. Cyberattacks present a growing threat to both nascent and mature democracies, as they can shape the election process, erode citizen trust and trigger other forms of election violence. The 2019 elections in Indonesia and Ukraine illustrate the threat cyberattacks pose, even in relatively consolidated and stable democracies.

An overhead view of electronic voting machines in Miami, FL. (Vincent Laforet/The New York Times)
An overhead view of electronic voting machines in Miami, FL. (Vincent Laforet/The New York Times)

Cyberattacks are increasingly used by government-linked groups and private individuals to target corporate, financial, and, more recently, democratic institutions. The perpetrators and their motivations often remain unclear, but cyberattacks qualify as election violence given their ability to undermine election authorities and shape results. Common tactics include distributed denial-of-service (DDOS), phishing, and malware attacks against critical infrastructure and networks. Election officials around the world have embraced advanced technologies for voter registration and results management systems. But those new technologies create new vulnerabilities, especially if there is a lack of technical expertise, modern equipment, and necessary cyber hygiene.

While the threat that cyberattacks pose to elections are recognized, international and domestic legal frameworks are insufficiently developed to ensure robust prevention and enforcement efforts. As technology rapidly transforms, prevention strategies must look forward, securing the next election rather than repairing vulnerabilities exposed in the previous election. Election management bodies (EMBs) will also face a difficult balancing act to secure their processes while preserving transparency.

In Ukraine, the Central Election Commission (CEC) has long suffered from technological vulnerabilities and a lack of technical training for staff, compounded by legal and procedural hurdles. In 2014, a cyberattack disabled CEC network nodes and erased numerous components of the election system, including the Results Management System, using advanced cyberespionage malware. In 2015, Ukraine suffered from a successful attack on its power grids, and a malware attack—known as (Not)Petya—infiltrated Ukrainian banks, government agencies and electricity firms in 2017.

With presidential elections this spring, and parliamentary elections in October, Ukraine has taken important steps to protect its election infrastructure, mostly through trainings by international specialists, improving its ability to withstand the surge in attacks on electoral servers and the personal computers of election staff.

With legislative and presidential elections scheduled on April 17, Indonesia has similarly suffered from cyberattacks targeting its electoral infrastructure. The head of the National Election Commission (KPU), Arief Budiman, remained confident that the increase in attacks against Indonesia’s voter database will not disrupt the voting process. Despite this, the threat posed by cyberattacks in the form of targeting candidates’ private data remains a concern.

The Impact of Cyberattacks on Democracy and Political Stability

While cybersecurity measures can strengthen institutions and electoral processes, they also shape the tactical considerations of would-be perpetrators of election violence. Cyberattacks could provide an alternative to more traditional forms of election violence as a method to shape election results, delegitimize the vote, or create general distrust in institutions.

As cyberattacks generally have a lower cost and provide the advantage of anonymity, an increase in the use of cyberattacks could perversely lower the risk of violence in the streets, at least in the short-term. The subsequent loss of legitimacy in the electoral process can also increase the risk of post-election violence, for instance as delayed results announcements create the suspicion of fraud.

Cyberattacks erode public trust in the electoral process and offer losing parties or candidates another reason to question and challenge the results. Preventing cyberattacks requires not only the adequate funding for EMBs to secure their digital infrastructure, but also educating the public and election staff on the complexities of hybrid warfare and its associated risks.

Related Publications

Amb. Bill Taylor on Ukraine’s Presidential Elections

Amb. Bill Taylor on Ukraine’s Presidential Elections

Wednesday, April 24, 2019

By: William B. Taylor

Following his election observation, Taylor discusses Volodymyr Zelenskiy’s victory and how he can build support at home and abroad. “The president-elect is already getting a lot of support from the international community,” and if he implements the pro-Western policies he advocated during the campaign the U.S. will continue to strengthen bilateral ties, says Taylor.

Democracy & Governance; Electoral Violence

Myanmar’s 2020 Elections and Conflict Dynamics

Myanmar’s 2020 Elections and Conflict Dynamics

Monday, April 15, 2019

By: Mary Callahan; Myo Zaw Oo

In late 2020, Myanmar will hold a general election for more than a thousand seats in Union, state, and regional legislative bodies. The next year and a half will also see two high-level, conflict-laden processes capture domestic and international attention—the 21st Century Panglong peace conference and possible attempts to repatriate Rohingya refugees. This report evaluates the environment in which the peace process, Rohingya repatriation, and the election intersect and identifies opportunities for mitigating conflict in the run-up to the election.

Electoral Violence; Democracy & Governance; Peace Processes

Nigerians Head to the Polls Again for State Elections

Nigerians Head to the Polls Again for State Elections

Thursday, March 7, 2019

By: Aly Verjee; Chris Kwaja

On March 9, Nigerians return to the polls to elect governors and state legislators. The balloting follows the presidential elections held February 23, which saw the incumbent president, Muhammadu Buhari, re-elected for another four-year term. USIP’s Chris Kwaja and Aly Verjee discuss how Buhari’s victory may impact the state elections, Nigerians’ seeming disenchantment with voting, and how to avert potential violence.

Democracy & Governance; Electoral Violence

View All Publications