With general elections expected to be held within a year, Singapore’s political parties have been issued advisories about the threat of foreign interference and cybersecurity threats. They are urged to seek out precautionary measures to safeguard their ICT infrastructure, data, as well as online accounts. The city-state’s Ministry of Home Affairs, Cyber Security Agency, and Elections Department on Monday said there had been many reports of foreign interference over the past few years in elections overseas, including the French presidential and German federal elections in 2017 as well as the US mid-term and Italian general elections in 2018.
With the world\’s focus all on Coronavirus, it can be easy to forget other issues. Actors behind misinformation campaigns are still hugely active and will continue to try and disrupt elections.
Social media platforms, in particular, have a huge role to play in containing the spread of fake news or misinformation. Be that today with COVID-19 conspiracy theories or for upcoming elections around the world. People should also remain vigilant and question information presented and avoid sharing reports until verified.
The democratic election process has always invited debate and expression of opinions within the population, but which also presented a target for political parties, lobbyists and external operatives to manipulate. In decades past, such influence over opinion was comparatively easy to identify relative to that of today’s digital world. Unfortunately, social media platforms and digital impersonation create an environment where the fires of distrust can be fanned. It is against this backdrop that POFMA was enacted, but even though POFMA represents a call to action following Christchurch, there is much to be done to ensure those intent on social disruption aren’t successful in targeting elections. That’s because the reality in any cyber incident is that the attackers defined the rules. They are masters at identifying weaknesses and exploiting them, where those weaknesses are social or technological. When attackers are able to freely repeat their attacks due to a victims’ reluctance to come forth – they are exploiting personal and professional shame.
The process attackers go through to identify exploitable weaknesses is the same one anyone can use within their personal and professional life – identify exploitability. Put another way, given a specific threat, how exploitable is it and what methods could be employed to determine if an attack is underway. This exercise will raise the cyber awareness in any team or individual, but won’t prevent all attacks. When an attack is successful, the outcome should be treated as a learning event, not a shameful one. As such, sharing the experience and teaching others how to better defend helps deter future attacks and may serve to help identify the attackers.
In the end, no cyber defence process, electoral security mandate, nor misinformation law is perfect. Even when you limit the purchase of political ads to citizens or entities based in the country as Canada did in its recent elections, there will always be some grey area to exploit. The goal then becomes ensuring that grey area is as small as possible.