In many ways, the European Parliament elections in late May were calmer than expected. The more extreme political players, while gaining strength, did not do as well as many predicted. Cyber aggression and disinformation operations seem to not have been as dramatic as in 2016, when Russian hackers and disinformation campaigns targeted elections in the U.S., France and elsewhere around the world.
However, there is no reason to be content. The dangers remain real. For one thing, the target societies might have internalized the cleavages and chaos from information operations or self-sabotaged with divisive political rhetoric. As a reaction, Russia may have scaled back its efforts, seeing an opportunity to benefit from lying low.
Disinformation campaigns seek to sow chaos and disorder; in the run-up to the elections, the EU had plenty of that already, without any outside help. In the cybersecurity sphere, the defenders seem to have successfully changed the adversarial calculation for this time around.
Protecting voting and election systems is not a technical and digital question. It is a fundamental issue of democratic rights. Europe protected the legitimacy of its parliamentary elections and showed some effective ways the U.S. and other nations can protect their own.
These are positive signs. As a former chief research officer for cybersecurity at the Estonian Information System Authority and a force behind the EU compendium on election cybersecurity, I see that European nations hardened their systems and were more ready than ever to counter meddling attempts.
The European Parliament is an important union-wide body. It is the only part of the EU system that Europeans vote directly on. Its members, elected to proportionally represent member nations, shape policy and budget decisions. This new parliament will also help determine what will happen with Brexit, the United Kingdom’s withdrawal from the EU.
In the run-up to the election, hackers backed or controlled by Russia targeted EU government, media and political or nonprofit organizations, potentially trying to steal information, spy on conversations and emails or misleadingly change information on websites. Security firm FireEye named foreign and defense ministers across the continent, as well as German and French media and Polish state and local governments, as among the targets of spearphishing and other attacks.
The main perpetrators are believed to be two Russian hacking groups, Sandworm Team and Advanced Persistent Threat 28. The latter is considered to be part of the Russian foreign military intelligence service.
Consistent adversarial behavior
Ukraine, often a target of Russian aggression, also experienced spearphishing attacks in early 2019, likely from Russian-connected hackers. More than a month before its presidential elections in March, the country’s Central Election Commission saw a wave of DDoS attacks that Ukraine’s president linked back to Russia at the time.