ELECTION CYBER SECURITY – BEST PRACTICES
Автор: Andro Gotsiridze
Организация: Business and Technology University - BTU
Ключевые слова: Cyber security, security, best practices, elections, warfare, hybrid.
Аннотация. Elections as the core attribute of democracy is one of the main target of Russian hybrid warfare. Lately, elections, referendums, or other process expressing free will of a society appear as a target of Russian cyber operations. Russia attempts to manipulate elections with cyber operations having technical and psychological effects. While standard cyber-attacks achieve technical effects, Kremlin backed actors using information operations achieve psychological effects, such as alter of perception, manipulation, and distrust. Cyber-attack often serves as a serious tool for information warfare and is used to take advantage on adversaries. Sometimes, cyber-attack is implemented parallel to psychological operation. For example, the one can use cyber-attack for unauthorized gathering of information from target`s email or social media. Then, the attacker can use this information as an authentic or fabricated and disseminated to denigrate the target. The article discusses cyber-attacks and information operations, threats, threat actors, techniques and risk mitigation best practices. At the end, it delivers practical cyber hygiene advises for election administration staff.
1. Maksim Iavich, Sergiy Gnatyuk, Giorgi Iashvili, Andriy Fesenko, Cyber security European standards in business, Scientific and practical cyber security journal, 2019
2. Sergiy Gnatyuk , Maksim Iavich , Giorgi Iashvili , Andriy Fesenko ENSURING EUROPEAN CIVIL AVIATION CYBERSECURITY, Scientific and practical cyber security journal, 2019
3. B. Zhu, A. Joseph and S. Sastry, "A Taxonomy of Cyber Attacks on SCADA Systems," 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing, 2011, pp. 380-388, doi: 10.1109/iThings/CPSCom.2011.34.
4. R. Gandhi, A. Sharma, W. Mahoney, W. Sousan, Q. Zhu and P. Laplante, "Dimensions of Cyber-Attacks: Cultural, Social, Economic, and Political," in IEEE Technology and Society Magazine, vol. 30, no. 1, pp. 28-38, Spring 2011, doi: 10.1109/MTS.2011.940293.
5. Zhiqiang Gao and N. Ansari, "Tracing cyber attacks from the practical perspective," in IEEE Communications Magazine, vol. 43, no. 5, pp. 123-131, May 2005, doi: 10.1109/MCOM.2005.1453433.
6. S. Musman, M. Tanner, A. Temin, E. Elsaesser and L. Loren, "Computing the impact of cyber attacks on complex missions," 2011 IEEE International Systems Conference, 2011, pp. 46-51, doi: 10.1109/SYSCON.2011.5929055.
7. M. Hijji and G. Alam, "A Multivocal Literature Review on Growing Social Engineering Based Cyber-Attacks/Threats During the COVID-19 Pandemic: Challenges and Prospective Solutions," in IEEE Access, vol. 9, pp. 7152-7169, 2021, doi: 10.1109/ACCESS.2020.3048839.
8. M. Elsisi, M. -Q. Tran, K. Mahmoud, D. -E. A. Mansour, M. Lehtonen and M. M. F. Darwish, "Towards Secured Online Monitoring for Digitalized GIS Against Cyber-Attacks Based on IoT and Machine Learning," in IEEE Access, vol. 9, pp. 78415-78427, 2021, doi: 10.1109/ACCESS.2021.3083499.