An election campaign under hacker attack? Only the Guardians can protect it
“Win the election and anything is possible” is the name of the third annual Guardians competition for young IT specialists. Before upcoming head of state elections, the competition will simulate attacks on a candidate’s staff, show how they can be defended against and the demonstrate consequences of a failed defense against cyber criminals.
United States Presidential Election, November 2016 – American security services have attributed multiple attacks during the campaign to hackers connected with the Russian secret service, including attacks on the Democratic Party’s computer network.
Russia is accused of influencing the election in favour of Donald Trump. French Presidential Election, April 2017 – The staff of Emmanuel Macron was exposed to hackers’ attacks after the first round. Slovak Presidential Election, spring 2019 – Attacks from an organised hacker group disrupted the campaign with the intention of discrediting a candidate and affecting the result.
The first two cases are real, the third one is just a game for now. “Win the election and anything is possible” is the name of the third annual Guardians competition for students and fresh graduates who enjoy IT security. Qualification is open until the 4th February 2019 at https://wargame.sk/.
“We know from recent history that hacker attacks are a very effective instrument for influencing elections. Since Slovakia will be electing a new head of state in the spring, we decided to dedicate the third year to the current theme of potential attacks on an election campaign,” explains competition organizer Pavol Draxler, cybersecurity manager at Binary Confidence.
And in what ways can attackers intervene in the section of the best presidential candidate? “Campaigns are ultimately based on information, how it is processed, and the way in which it is communicated. Therefore, we are talking about a very wide range of potential attacks; an example of something that can be exploited is information about purchases of advertising material. Stealing information is not the only type of successful attack; a candidate can also be compromised by hackers gaining access to and modifying their social media pages. Based on stolen information about an opposing candidate’s media plans, a candidate’s election team can easily prepare counterarguments and otherwise adjust their campaign. Competing candidates are of course not the only source of potential attacks, it can be anybody who wants either to help or compromise a specific candidate,” explains Pavol Draxler.
Students who pass the qualification will be part of a defending team – the Guardians. Their primary goal will be to defend against data leaks from electoral staff, and to prevent any discreditation of their candidate which would impact the election result. Every member of the team will have a specific role, but communication, interaction and collaboration within the team will be equally important. The attackers will primarily be security specialists from Binary Confidence.
Rastislav Janota, the manager of the National SK-CERT Unit describes the competition as good preparation for a job as a cybersecurity analyst, a role which is still very much in demand in Slovakia.
In past years, students tried to protect a power station and a hospital and, although the Guardians couldn’t withstand the attack in the end, Pavol Draxler was impressed with their attempts. “Their competence and knowledge pleasantly surprised me. As individuals, they are good admins and they could have defended against one isolated attack. Their problems were more to do with teamworking during a massive attack against which one person could not defend single-handedly, where communication was required,” said Pavol Draxler.
The European Union is also addressing the growing number of hacker attacks around the world. The NIS Directive with measures to ensure a mutually high level of network and information system security is in effect from the 9th May. In Slovakia, the NIS Directive was incorporated into the Act on Cybersecurity which came into effect on the 1st April 2018.