Cybersecurity 23-J, what the voter does not see

The socialist Paco Vázquez, former mayor of A Coruña and Knight of the Order of the British Empire, among others, spoke at ease, a little over a month ago, about the insecurity of voting by mail. He came to tell us that, as a citizen, he did not trust the system or the chain of custody. Not a single word, on the other hand, about cybersecurity, connectivity, communications problems, in short, about the problems that democratic societies currently face in critical processes such as electoral ones..

In the digital age, exercising the right to vote by mail has become an increasingly popular and frequent alternative, especially if, as occurs on 23-J, the electoral process takes place in the middle of the summer season and in the middle of a seminational macrobridge. All this poses significant challenges in terms of cybersecurity.. In this article, we will explore the relationship between voting by mail and the dangers associated with cyber security..

• Remote voting: a gateway for enemies of democracy. Voting by mail allows citizens to submit their ballots remotely, making them an attractive target for cybercriminals. The electronic transmission of data and the manipulation of ballots can compromise the integrity of the electoral process.

• Phishing and phishing attacks. Voters who participate in elections by mail are exposed to a greater risk of impersonation and phishing attacks. Scammers can send fake emails or messages that appear to come from legitimate election authorities, asking for personal information or voting addresses.
• Handling and alteration of ballots. Mailing presents offline challenges. Ballots can be intercepted and altered during transport, allowing for manipulation of election results. Here the chain of custody of Correos is basic.
• Threats to electoral infrastructure. The cybersecurity of the electoral infrastructure is fundamental to guarantee fair voting and free from interference. Voting by mail increases exposure to cyberattacks, such as tampering with records, unauthorized access to voting systems, and disruption of online services.

• Personal data protection. Elections by mail involve the handling and storage of large amounts of voters' personal data. This raises concerns about privacy protection and the possibility of leaks of sensitive information.

Recently, a family member completed all the procedures to request a vote by mail and used his certificate issued by the AC FNMT. Everything was easy and in a few minutes you already had your Request signed by the Sociedad Estatal de Correos y Telégrafos SA with its proper CSV certificate.. So far everything normal. The following day he received a suspicious email sent by the Administration of serviciodecorreo.es, from an email [email protected], communicating that Correos had updated the conditions of service. Clearly an anomaly. Clearly a cyber attack. It would not be worrisome if it is not related to the event that occurred the day before, which was neither more nor less than the digital request for a vote by mail.

The protection of the integrity of the electoral process and the security of personal data must be priorities to guarantee confidence in the democratic system. It is essential to implement effective cybersecurity measures, such as strong authentication, data encryption and awareness of safe vote-by-mail practices.. By doing so, we can strengthen cybersecurity in the context of postal elections and preserve the integrity of our democracies..

In our current digital context, where cyberattacks affect all levels and areas of our lives, voting by mail presents significant challenges in terms of cybersecurity..

• The participation of the National Institute of Cybersecurity (Incibe). In the coordination network for the network of electoral processes, the National Institute of Cybersecurity (Incibe) stands as a reference entity. Its role will be crucial to guarantee cybersecurity in the elections, monitoring possible cyberattacks that could change the intention of citizens to vote or prevent their participation in the process.

• Risks for entities and companies involved in the elections. It is essential to ensure the cybersecurity of the main entities and companies that play an active role in the elections. Cyberattacks targeting these organizations can have a considerable impact, disrupting election day and undermining citizen trust.. Even critical service companies, such as couriers, the financial market or electricity, must be monitored, since any attack on third parties could interfere with the holding of the elections.. Throughout this process we should pay special attention to the services that Indra and Telefónica de España have been successfully providing.

• The role of Incibe in the management of electoral incidents. Incibe has a specific service dedicated to the management of incidents related to elections. This demonstrates the importance of proactively addressing any cyber threats or incidents that may arise during the electoral process, ensuring a quick and efficient response to maintain the integrity of mail-in elections.

Every electoral process is susceptible to improvement, but we understand that cybersecurity problems are greater in the fields of telecommunications and critical services, more than in the alteration of the results itself. The illustrious gentleman of the British Order can rest easy with the function of the Post Office and the State throughout the electoral process, no matter how much the former head of the cabinet of President Sánchez is in charge of the organization.

*Pablo Hita is a cybersecurity consultant.