Select Page
Back to overview

Reading Time: .

“The security agencies in Germany are gearing up for disruptions and disinformation campaigns for the Bundestag elections,” is how Arne Schönbohm, President of the Federal Office for Information Security (BSI), outlines the situation. The reality we are confronted with in this election year is that cyber attacks on parties and politicians have been increasing on a massive scale.
The business of exerting digital political influence is booming. The public is largely aware of fake news, but politically motivated cyber attacks are now just as common. The spectrum of attackers includes everything from “script kiddies” and political activists to state actors.

Cyber attacks are destroying trust in democracy

Targeted cyber attacks on political portals and actors are doing immense damage to our democracy. In the UK, for example, a distributed denial of service (DDoS) attack just weeks before the election in November 2019 caused intentional delays and downtimes of the web portals of the two major political parties – with dramatic consequences for voter confidence.

What is known as website defacement also aims at destroying trust: Criminals sneak defamatory content onto political internet portals, guaranteeing a storm of indignation on social media. US President Joe Biden’s election campaign website fell victim to such an attack at the end of 2020.

Real danger for the federal elections

The federal government fears similar attempts to disrupt the federal elections. At the end of April, Markus Kerber, State Secretary at the Federal Ministry of the Interior, Building and Community, emphasized: “We take the risks posed by disinformation and cyber attacks as forms of illegitimate influence very seriously, also in the run-up to the federal elections.”

The closer the federal elections get, the more frequent attacks on the digital websites of parties and political candidates become. A foretaste of this was the hacker attack on the digital CDU party conference in January when a DDoS attack temporarily took down the live broadcast of the event. Fortunately, as a precaution, organizers had set up a separate online portal that enabled delegates to continue voting.

But the focus is not only on parties and politicians – attacks on the digital election infrastructure also have a huge potential for damage. Imagine, for instance, that the digital transmission of results from polling stations is rendered inoperable on election night. Such an incident would erode public trust in the resilience of our democracy in the long term.

Campaigning remotely from home increases the attack surface

Another point of vulnerability is that many politicians are working remotely from home on account of the pandemic. The security of the devices they use for work is generally inadequate. As recently as March, cybercriminals attempted to steal the credentials to the social media accounts of several members of the German Bundestag and state parliaments via targeted phishing emails. Attackers can use these access details to exploit the compromised portals for the dissemination of disinformation and propaganda.

Bundestagswahl schützen: Cybersicherheit und Human Firewall ausbauen

In order to protect themselves effectively against digital attacks, government agencies, political parties, and politicians must implement a range of technical and organizational cybersecurity measures. Specifically, this entails:

  • Web portals of political parties, candidates, and government operations must by default be secured against high-volume overload attacks by means of DDoS protection. This guarantees the permanent availability of the information presented for the public and voters.
  • An additional layer of protection in the form of a web application firewall automatically filters out harmful individual attacks that, unlike overload attacks, specifically attack individual web applications (a list of the most common types of attack is provided by the OWASP Top 10, for example). A large number of common attacks, such as taking applications and events offline and defacing portals, can be prevented using such protection systems.
  • Enhancing the “human firewall” with multi-level authentication procedures for all systems and web portals. This makes it possible to effectively and easily defend against many attack vectors, such as phishing or brute force. Above all, however, politicians must be made more aware of the complexity of digital threats. They are at the top of the list for cyber activists and very powerful state adversaries. Therefore, all political decision-makers should receive regular training because they make a decisive contribution to the cybersecurity of the federal election.

Technical implementation: Who can provide support?

The complex topic of cybersecurity requires close cooperation between government agencies and private security providers. The BSI contributes valuable knowledge on the trends involving attacks and cybersecurity. This is where political stakeholders can obtain information and best practices to permanently fortify the human firewall.

Things look different when it comes to technical implementation. The increasing complexity of attacks requires specialized IT security service providers, as this level of expertise can no longer be provided in-house, even by very well-positioned global companies. For policymakers in particular, however, the focus when it comes to outsourcing IT security is on data protection (GDPR) and digital sovereignty. De facto, this means that only European security partners should be considered. Here, too, the BSI provides support and has compiled a list of providers that meet the stringent requirements for the protection of state and critical infrastructures.

Cybersecurity strengthens democracy

The world of politics and democracy has become just as digitized as many other areas of life – and is therefore just as vulnerable. Digital attacks on political processes have an enormous potential for harm because they erode trust in our democracy in the long term. Therefore, strong cybersecurity is a necessary standard to strengthen trust in political discourse and democracy as a whole.

Share this article