France has a new president. However, we need to remember about another important issue. The state of emergency in the country has been put in place a long time ago. The streets of major cities are patrolled by the military and people are afraid of bomb attacks. Recently a new threat has been added to the list: cyber attacks.
The French presidential election has shown that creating a cyber security strategy for parties during elections is not easy, but has become a necessity of the times. Those who do not do this are on the losing end. At the same time, nowadays it is impossible to create a one-size-fits-all security strategy – explains Łukasz Olejnik, PhD and expert of the Kościuszko Institute.
Political organizations, especially campaign teams, are a relatively easy target for cyber criminals. This is because in essence, campaign teams are comprised of loosely connected people. They have one specific goal, but cooperate in a relatively short time span. It is difficult to protect such a target, it is even more difficult to enforce a regime of cyber security and privacy. This means cyber security strategies in this area have to be specific and tailored to an individual organization, state and political system.
Cyber attacks and information operations are a new geopolitical reality that we find hard to get accustomed to, wrote Łukasz Olejnik on his blog prywatnik.pl. This is because cyber operations and theft of economically sensitive data have become standard intelligence practices years ago. However, using the acquired information in large scale public operations is a novelty.
This happened to Emmanuel Macron’s presidential campaign. In its final months it has become subject to attacks and operations by specialized groups associated with the Russian intelligence. Macron’s campaign team kept the public up to date about this, but not always in a professional manner. This cast doubts over the truthfulness of their statements. Procedures that limited cyber attack risks were designed, but they were not up to speed. In Łukasz Olejnik’s opinion, Macron’s team did not use experts versed in cyber security, privacy and PR aspects of communication security and data processing. These deficiencies were visible.
Right before the pre-election silence, the news about data stolen from Macron’s campaign erupted. Except for emails and other campaign data, fake documents appeared on social media. Those were modified, or even fabricated. Obviously, verifying nine gigabytes of data within a few hours was impossible.
Therefore, it can be said that the operation was conducted by the book. It did not impact the election results because it could not. This is because Macon’s advantage over Le Pen before the runoff was already too big. However, a different thing matters here. The biggest issue is the leak itself. It fuels suspicions. Based on past experiences, people can associate it with controversial, suspicious or even illegal activities. Therefore, specific goals were achieved: information chaos, misinformation, giving rise to uncertainty and doubt, explains Łukasz Olejnik.
After all cyber operations whose goal is to interfere in political elections are bigger than technological issues of cyber security. This is why preparing a cyber security strategy for parties during elections is not easy, but has become the necessity of the times.
Emmanuel Macron’s presidential campaign was successful in a political sense. Not so much when it comes to cyber attacks. This needs to be remembered in view of the upcoming elections in Great Britain and France, and next year also in Poland.
Łukasz Olejnik, PhD, is an information security strategy and privacy consultant and an independent technology researcher. His analyses are available on his blog Prywatnik.pl (https://prywatnik.pl), and twitter at @Prywatnik (https://twitter.com/prywatnik)