On July 4th, 2024, the UK will vote in what is set to be one of the most consequential general elections in recent memory. Whilst noteworthy for political reasons, perhaps a more interesting area of analysis is around the cybersecurity threats to the 2024 U.K general election.
The cyber threat landscape has changed dramatically since the last UK general election in 2019. Factors such as geopolitical tumult, the emergence and rise of new cybercriminal groups, evolving technologies, and the increasing availability of cybercrime tools and capabilities “as-a-service” have all contributed significantly to concerns around the cybersecurity of the 2024 election.
However, the UK government has assured citizens that it is prepared to deal with these threats. A briefing published on the UK Parliament website outlined some of the most pressing cybersecurity threats to the 2024 UK general election and what the government is doing to combat them. In this article, we’ll cover some of the key points.
What’s At Risk?
At this point, it’s not unreasonable to question how cybercrime could impact the UK general election. The UK currently has no digital voting system, with people generally voting in person or by post. Neither system is particularly vulnerable to cyber threats, and the UK’s highly dispersed, paper-based voting and counting system makes any significant interference in election results difficult.
However, some election technologies in the UK present a cyber risk. For example, if cybercriminals compromised the online voter registration system or social media accounts of high-profile individuals, it would not be impossible to influence the results of an election. AI-generated mis-and-disinformation could also impact election results.
As such, we can broadly split cyber threats to the UK election into two categories: cyberattackWhat is a Cyberattack?A cyberattack is a deliberate and malicious attempt to exploit vulnerabilities in computer systems, networks, or software applications to cause damage, steal information, disrupt services, or gain... and mis-and-disinformation risks. Let’s take a closer look at each risk and what the UK government is doing to prevent them.
Cyberattack Risks
First, let’s look at the cyberattack risks as one category of cybersecurity threats for the 2024 UK general election.
Ransomware and Sensitive Data Leaks
The National Cyber Security Centre (NCSC) lists ransomware as the biggest cyber threat to the UK. And for good reason: a recent update to the Information Commissioner’s Office (ICO) security incident trends data revealed that Britain’s central government, local government, and utilities sectors were each impacted by more ransomwareWhat is Ransomware?Ransomware is a type of cyberattack in which the attacker infects a computer with malicious software that encrypts the victim's data. The computer usually becomes locked, presenting a... attacks in 2023 than in all previous years combined; a bleak 2023 inquiry report by the Joint Committee on the National Security StrategyWhat is a Security Strategy?A security strategy is a comprehensive plan that outlines how an organization will protect its digital and physical assets from threats and vulnerabilities. It encompasses policies,... stated that “there is a high risk that the Government will face a catastrophic ransomware attack at any moment”; and ransomware attacks on the UK have already disrupted voter registration services, such as those on Hackney Council in 2020 and Gloucester City Council in 2021.
It’s clear that the ransomware threat to UK elections is very real.
Sensitive data leaks are also a threat to UK elections. Just last year, the UK Electoral Commission revealed that it had discovered a cyberattack on its systems that granted threat actors access to the personal information of 40 million people. Knowing that personal data is at risk of being stolen if provided to the voter registry may put people off from registering to vote, resulting in lower voter turnout and potentially impacted results.
The UK government has introduced several measures to combat these threats to elections and the country. For example, the 2022 National Cybersecurity Strategy and the 2023 House of Commons Library briefing on cybersecurity in the UK outline measures to improve cybersecurity. The strategy takes a holistic approach to cybersecurity, arguing that the public and private sectors must work together with cybersecurity professionals. It also places the burden of cybersecurity on organizations rather than the individual.
Government stakeholders suggest improving the basic cyber security practices of individuals, organizations, devices, and online services and developing a specialist cyber workforce to combat cyberattack risks to UK elections.
Attacks on Individuals
In recent months, the threat of cybercrime to high-profile individuals like parliamentarians has become increasingly apparent. We can likely attribute the rise of attacks on high-risk individuals in the past year to the impending general election and the value this adds to already sensitive data.
To combat this threat, in 2023, the NCSC launched an opt-in service to alert and advise high-risk persons if there is evidence of cyber operations on their personal devices or accounts.
Mis-and-Disinformation Risks
Mis-and-disinformation threats to UK elections primarily result from the recent advances in AI technologies. In the last year alone, we have seen Labour Party Leader Sir Keir Starmer, Mayor of London Sadiq Khan, US President Joe Biden, and the leader of a Slovakian political party all fall afoul of AI-generated videos known as “deepfakes”.
In recent years, the UK government has made great efforts towards combatting deepfakes and other mis-and-disinformation risks. For example, DSIT’s Counter Disinformation Unit exists to combat election disinformation that could threaten national security. Similarly, in 2022, the government established the Defending Democracy Taskforce to focus on “protecting the democratic integrity of the UK from threats of foreign interference,” including by combatting mis-and-disinformation.
Looking Forward
While these threats cannot be ignored, the UK government has succeeded (touch wood) in combatting cyberattacks and misinformation risks to the 2024 general election at the time of writing.
However, one cannot escape the feeling that we’re merely at the tip of the iceberg. The cyber threat landscape has changed immeasurably in the last five years, so the thought of where we’ll be by the time of the next election almost doesn’t bear thinking about. We can only hope that whoever comes into power will continue and expand upon the considerable efforts made by the current government to protect UK elections from cybercrime.
If you enjoyed this blog post examining ‘Cybersecurity threats to the 2024 UK General Election’, you can find many more informative articles in our back catalog here.
