EU institutions have put their cyber systems to the test in a bid to assess the efficiency of responses to attacks against critical network infrastructure, ahead of European elections in May.
Over 80 representatives from EU governments, together with observers from the European Parliament, the European Commission and the EU Agency for cybersecurity, ENISA, participated in Friday’s (5 April) exercise. It was the first test of its kind and also aimed to analyse the ways in which cybersecurity incidents could be prevented, detected and mitigated swiftly.
Rainer Wieland, vice-president of the European Parliament and German EPP MEP, was one of many to voice concern about the dependability of the upcoming elections should cybersecurity be compromised.
“A cyber-attack on elections could dramatically undermine the legitimacy of our institutions,” he said. “The legitimacy of elections is based on the understanding that we can trust in their results.”
However, EURACTIV pressed a senior EU official on Friday as to whether any electronic voting systems themselves would be put under examination.
The official confirmed that no such testing of these specific systems would take place, because election systems “were a member state competence” and it was rather the responsibility of states themselves to ensure that any electronic voting systems used in the upcoming EU elections were watertight.
While internet voting systems will only be used in Estonia for May’s ballots, electronic voting appliances could be put to use elsewhere across the bloc, despite previous concerns.
Ireland scrapped a 2002 plan to introduce electronic voting after a €54 million outlay, following public opposition and a lack of confidence in the systems.
The Netherlands dumped electronic voting in 2007 after highly-publicised security issues, while Germany abandoned it in 2009, after the Federal Constitutional Court found that electronic voting was unconstitutional, citing high levels of public distrust.
France’s relationship with online voting has also had a number of setbacks. Internet voting was permitted in 2003 when French citizens living in the US were allowed to vote remotely in an election for representatives to the Assembly of French Citizens Abroad.
However, momentum was stifled in 2017, when France announced that electronic and internet voting would be no more, after the hacking of the Democratic National Committee’s networks during Hilary Clinton’s presidential campaign in the US prompted similar fears in France.
While not specifically testing the resilience of any electronic voting systems themselves, Friday’s exercise did allow member states to examine the ways in which they could enhance cooperation between relevant authorities at a national level and cross-border in the event of a cyber attack.
Measures such as these are bolstered by the operation of the EU’s Cooperation Network on elections, a group featuring representatives of national election centres across the bloc which provides alerts on threats as well as developing common methods of crisis response.