Canada's voting process is likely safe from cyberattacks, but political parties and the media are increasingly likely to be targeted by foreign actors and activists during election campaigns, according to a security assessment of the country's democratic process.
As part of a study that was requested by the federal government, Communications Security Establishment Canada (CSEC) has issued a warning to key players in Canada's electoral and political systems that they will be at risk in the lead-up to the 2019 general election.
CSEC said Elections Canada's processes are mostly paper-based, or stored on secure electronic systems, which insulates them from most threats. However, the federal agency that oversees cybersecurity said political parties and media organizations are likely to be hit by the same types of attacks that have affected recent elections in the United States, France and other countries around the world.
"Setting aside unforeseeable events, we judge that, almost certainly, multiple hacktivist groups will deploy cybercapabilities in an attempt to influence the democratic process in 2019. Hacktivists will likely study the success of past influence operations and adopt more sophisticated and successful activities," said the report, titled Cyber Threats to Canada's Democratic Process.
The report added that provincial and municipal elections could also be targeted by foreign actors wishing to influence the voting process to advance their economic interests.
"In particular, we know that certain nation-states have core interests that can be affected by Canadian policies related to natural resources, which are often made at the provincial/territorial level," the report said. "Hacktivists may begin to view subnational elections, political parties and politicians, and the media as worthy targets."
CSEC has not found any evidence of major tampering by other countries during the 2015 general election. However, trends around the world suggest that Canada is increasingly at risk.
"To date, we have not observed nation-states using cybercapabilities with the purpose of influencing the democratic process in Canada during an election. We assess that whether this remains the case in 2019 will depend on how Canada's nation-state adversaries perceive Canada's foreign and domestic policies, and on the spectrum of policies espoused by Canadian federal candidates in 2019," the report said.
CSEC will be briefing Canada's major political parties on the growing cyberthreats next week. The most likely victims of cyberattacks are politicians themselves, political parties and news organizations, with the attacks aimed at suppressing voter turnout, stealing voter information and influencing results.
The agency has assessed that foreign countries are "the most capable adversaries," but that less sophisticated actors, such as hacktivists, cybercriminals, terrorists and thrill seekers, are more likely to be active in Canada.
CSEC's overall message is that prevention is the only effective way to deal with cybercrimes, as there is almost nothing to be done once computer systems are compromised.
"Deterring cyberthreat activity is challenging because it is often difficult to detect, attribute, and respond to in a timely manner. As a result, the cost/benefit equation tends to favour those who use cybercapabilities rather than those who defend against their use," the report said.