News
Safeguarding EU elections amidst cybersecurity challenges
March 2024 by ENISA
The first compendium on elections cybersecurity was published in 2018. Since the last EU elections in 2019, the elections threat landscape has evolved significantly. For instance, the rapid developments in AI including deep fakes, hacktivists-for-hire, sophistication of threat actors along with today’s geopolitical context highlight the necessity to update the compendium in order to reflect the current risks and threats.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar highlighted that “Reliability of the EU electoral processes depends on cyber secure infrastructures and on the integrity and availability of information. We must assess the new challenges, enhance preparedness and ensure the protection of our democracies”.
The NIS Cooperation Group Chairperson, Deputy Director, National Cyber Security Directorate of Romania Manuela-Maria Catrina noted that “As chairpersons of the elections Work stream, we are very grateful for the level of cooperation and support that all the members have shown, and wish to thank them and ENISA for the work that resulted in a much-needed document in the context of the biggest electoral year in history. We do hope that the target audience will find its utility and are committed to completing this knowledge after the lessons learned in 2024.”
This second version of the EU compendium on elections cybersecurity and resilience covers the whole spectrum of the electoral cycle. It presents the current underlying cybersecurity threats and risks, illustrating examples of recent past incidents and case studies. Taking into account the diversity in the national electoral processes across the EU, the compendium provides a compilation of practical recommendations and measures to be used by the EU entities and national authorities that support elections.
A core addition is the reference to hybrid threats (including emerging threats) that could affect elections’ security, such as foreign information manipulation interference (FIMI), disinformation on social media, AI and deep fakes.
The NIS Cooperation Group
The NIS Cooperation Group, composed of representatives of EU Member States, the European Commission, and the European Union Agency for Cybersecurity (ENISA), has been established by Article 14 of the Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS2 Directive). The NIS Cooperation Group supports and facilitates strategic cooperation and the exchange of information among Member States, as well as strengthens trust and confidence between the EU Member States regarding cybersecurity issues.
ENISA efforts to further enhance EU elections cybersecurity
In addition to the EU Compendium published today, ENISA undertakes a number of other actions to support measures to ensure free and fair elections. ENISA together with partners organised a cybersecurity exercise (EU ELEx 23) to test national and EU partners’ crisis plans and responses to potential cybersecurity incidents affecting the European elections. The Agency has produced a check list for entities and national authorities that support or are involved elections in order to raise awareness on threats and risks to elections. To increase the common situational awareness for the community, ENISA shares biweekly threat briefs to the relevant stakeholders.
Compendium on Elections Cybersecurity and Resilience
EU cybersecurity exercise: foster cooperation, secure free and fair EU elections — ENISA (europa.eu)
EU Elections at Risk with Rise of AI-Enabled Information Manipulation — ENISA (europa.eu)
Testing cooperation of EU CSIRTs Network during large-scale cyber-attacks — ENISA (europa.eu)
