Tory vote security concerns ‘highlight cyber risk to democratic process’

The security concerns which led to a delay in ballots being sent out for the Tory leadership contest should act as a wake-up call about the cyber threat to the UK’s democratic process, an expert said.

The Conservatives have made changes to the way the election to choose the next prime minister will be run following advice from the National Cyber Security Centre (NCSC), part of the GCHQ intelligence agency.

But it is not the first time that concerns about online security have surfaced during elections, with contests around the world subject to attacks.

Tory graphic
(PA Graphics)

The Intelligence and Security Committee’s report on Russia published in 2020 noted that Moscow “has carried out malicious cyber activity” including “attempting to influence the democratic elections of other countries”.

The MPs and peers who scrutinise the work of the UK’s intelligence agencies said they had been informed that “the mechanics of the UK’s voting system are deemed largely sound: the use of a highly dispersed paper-based voting and counting system makes any significant interference difficult”.

However the next prime minister – either Liz Truss or Rishi Sunak – will not enter No 10 as the result of a general election but instead the Tory contest, with members allowed to vote online.

The NCSC is not thought to have responded to a specific threat to the Tory contest and Jamie MacColl, a research fellow in the cyber team at the Royal United Services Institute, said it was unlikely Russia would try to directly interfere with the leadership race.

“I’m not personally convinced Russian intelligence would directly intervene in the leadership contest,” he said.

“Logically, the outcome for the Russian government is going to be pretty similar regardless of whether Liz Truss or Rishi Sunak is prime minister. There’s still a significant support for Ukraine’s position.

“A lot of the Russian intelligence assets and cyber operators are directly focused on the war in Ukraine, or activities that support the war in Ukraine.”

But the election could be targeted by “someone who just wants to cause a bit of mischief” rather than a hostile state.

He said those involved in the democratic process needed to be more aware of the risks.

“I don’t think there’s been the same amount of focus on it in this country compared to the US.

“There’s been a lot of media coverage in the US of potential threats to vote voting infrastructure there off the back of the 2016 election.

“Whereas in the UK, there’s been maybe more of an effort by the Government – which was highlighted in the Russia report in 2020 – maybe more of an effort to play down the potential impacts of Russian interference in our electoral electoral processes, particularly around the Brexit vote.

“That’s not to say that I think that Russian interference will have had any sort of significant impact on the outcomes of those elections, or referenda, but at the very least, we should be having an open discussion about the fact that’s happening. Because apart from anything, if we’re not, we can’t build public trust in our ability to mitigate it.”

Asked if the advice around the Tory leadership contest should be seen as a “wake-up call to everyone involved” in politics, he said: “Absolutely.”

Issues around online security surfaced in the 2019 general election, when Labour was hit by cyber attacks.

The NCSC said it had worked closely with political parties “for several years on how to protect and defend against cyber attacks” and gave them advice ahead of the election.

Mr MacColl said the fact NCSC had been able to give advice to the Tories about the leadership contest was “actually a sign of a healthy, functioning democracy”.

Advertisement