Building a cyber-resilience mindset
Recognizing complexity and risks in electoral processes to inform new initiatives and solutions
In November 2019, the Commonwealth Secretariat shared its first draft of the Good Electoral Practice Guide on Electoral Cybersecurity, which is designed to shape the approaches of many election administrations of the 53 Commonwealth member states to protect their elections from cyberthreats. The guide draws on International IDEA’s recent work on cybersecurity as well as a range of International IDEA electoral knowledge resources.
This publication is an example of how International IDEA’s knowledge products contribute to norm building and new practices through regional organizations. The Commonwealth guide directly draws on the analysis, findings and recommendations from International IDEA’s cybersecurity work. It recommends interagency cooperation, citing International IDEA’s publication Cybersecurity in Elections: Models of Interagency Collaboration as evidence of the need for multi-stakeholder collaboration and lists the multiple models of interagency collaboration identified by International IDEA. Similarly, as advocated in International IDEA’s report on the Certification of ICTs in Elections, the Commonwealth stresses the importance for electoral management bodies to recognize the separate stages of the electoral cycle in planning and delivering electoral processes.
‘Governments should cooperate on electoral cybersecurity via the Commonwealth, regional cooperation organisations such as CARICOM, ASEAN, the Organization of American States (OAS) and the Organization for Security and Co-operation in Europe (OSCE), and other intergovernmental bodies such as the International Institute for Democracy and Electoral Assistance (International IDEA).’ — Commonwealth Secretariat, Good Electoral Practice Guide on Electoral Cybersecurity
International IDEA held a series of expert meetings and face-to-face interviews with election administrations and cybersecurity expert bodies between early 2017 and 2019. These activities allowed participants from nearly 25 countries to directly exchange experiences and discuss best practice in this domain. Several participants provided informal feedback confirming that what they learned was immediately applied in their countries, sometimes leading to significant improvements in and changes to their electoral practices.
The findings and recommendations have also, in the space of a few months, informed a range of initiatives underway including the Kofi Annan Global Commission, an International Foundation for Electoral Systems white paper, EU processes and the Commonwealth good practice guide. Through these forums, International IDEA advocates a long-term, systems approach in which electoral cybersecurity is viewed as critical infrastructure that relies on the competence of officials, interagency collaboration and risk management habits.
As technology is introduced into each aspect of electoral preparations, from candidate financing disclosure software to polling operations data, electoral processes are vulnerable to hacking, even in countries with paper-based voting. Cyber-resilience refers to an electoral system’s ability to deal with shocks and stresses while continuing to operate in this environment. This holistic approach recognizes that managing public perceptions of cyberthreats to an electoral process is as important as defending against actual threats, which in turn means including political parties and civil society agencies at each step—both through cooperation and the free flow of information.
Through knowledge products and events, International IDEA has supported electoral assistance practitioners from more than 25 countries to learn about recent good practices and research on cybersecurity in elections. This helped them to adapt new practices and research to their local context.
Read more stories about International IDEA's results in our Annual Outcome Report 2019: Democracy In Action.