Cyberthreats : European elections under strict surveillance

For a decade, elections have become prime targets for cyberattacks. The upcoming European elections, scheduled for June 2024, are no exception. Cybercriminal activities targeting electoral processes have intensified, often in conjunction with disinformation operations and other hybrid tactics.

Cyberattacks against democratic processes are not new. Notably, Russian interference during the 2016 US presidential elections involved hackers breaching Democratic Party servers, followed by disinformation campaigns. In Europe, the 2017 French presidential election also saw cyberattacks and email leaks aimed at influencing voters.

In the context of European Parliament elections, a successful cyberattack on a single member state could compromise the entire election. Even a minor disruption in one country’s information systems could affect vote counting, leading to delays in transmitting results to the European Parliament. Such a scenario could undermine the Parliament’s functionality and even its legitimacy.

To mitigate these risks, an updated compendium has been published to support election management bodies, national authorities, and cybersecurity experts in EU member states. This document, a revision of the one released in March 2018 by the NIS Cooperation Group, provides guidelines and practical measures based on real-world experiences and best practices shared by contributors. The EU member states, the European Commission, the European Union Agency for Cybersecurity (ENISA), the European External Action Service (EEAS), and the European Cooperation Network on Elections (ECNE) all contributed to its development.

According to a recent report by Sekoia, “As the 2024 European Parliament elections approach, a confluence of political, social, and cyber challenges poses significant threats to democratic processes across Europe.” The report highlights that states are conducting sophisticated attacks against the European Parliament’s IT infrastructure, increasing concerns about the security of electoral systems against foreign interference. Russia and China are among the primary foreign actors potentially threatening electoral integrity. The rise of conservative eurosceptic parties, often aligned with Russian goals and opposed to the EU, illustrates the growing link between domestic politics and external influences.

“Information and cyber influence campaigns conducted by actors linked to Russia pose additional risks as they aim to increase polarization across Europe and thereby undermine support for Ukraine,” the report states.

This situation is exacerbated by recent allegations that Members of the European Parliament (MEPs) have been recruited by foreign services to support Russian rhetoric, particularly regarding the war in Ukraine. Two months before the elections, EU officials reported Russian cash payments to MEPs intended to promote pro-Russian narratives and influence the upcoming EU elections. Countries with large populations are especially vulnerable to these targeted efforts aimed at altering the final distribution of political parties in the Parliament.

Thus, informational influence campaigns are targeting the EU’s electoral process in June 2024, aiming at a diverse range of assets, including the media, internal communication platforms, and social networks associated with political parties and their voters.