Romanian intelligence service outlines cyberattack scenarios during elections
The National Cyberint Center, part of the Romanian Intelligence Service (SRI), has outlined five scenarios of possible cyberattacks on the IT systems of public institutions during the EU and presidential elections of this year, Agerpres reported.
Foreign actors with geo-strategic relevance could try to influence the electoral process by using cyber-capabilities, according to Cyberint specialists.
The Permanent Electoral Authority (AEP) is organizing the elections, and the IT system used are developed by AEP, the Special Telecommunications Service and private IT companies.
One scenario takes into account cyberattacks directed at the Central Electoral Register and the IT systems used for the counting of votes. Such an attack would affect the integrity of voters’ lists and partially alter the election results.
Another scenario looks at the interception of the communication between Romania’s diplomatic missions and AEP through cyberattacks. In this case, the integrity of the data sent by the diplomatic mission to AEP would be affected through the altering of the number of voters. The communications channels used by the embassies would also be made unavailable.
Another scenario covers the propaganda and disinformation operations. These would happen with the help of fake social media accounts, sending fake news to a high number of people. These type of actions can favor a certain candidate and denigrate a counter-candidate by the spreading of fake news.
Other scenarios look at the distribution of confidential documents obtained through cyberattacks and cyberattacks on the IT infrastructure of Romania media groups.
The five scenarios were developed based on the experience of states that dealt with cyberattacks. In the past years, Russian groups launched cyberattacks to influence the results of the elections in Ukraine: the CyberBerkut group compromised and blocked in 2014 the IT system of the country's Central Election Commission. In UK, the Russian organization Internet Research Agency developed aggressive, pro-Brexit campaigns making use of bot-systems. The US witnessed cyberattacks and the denigration of presidential contender Hillary Clinton originating from Russia, while in France fake documents were published during the presidential elections of 2017. Furthermore, Germany saw a cyberattack in 2015, targeting the Parliament and the offices of chancellor Angela Merkel.
Cyberint also made several recommendations meant to help in preventing cyberattacks during the elections. These include the rigorous testing of the IT systems used in the electoral process, the use of backup systems, and the rolling out of public awareness campaigns on the risks of propaganda and disinformation.