How’s this for a headline: Canada has a target on its back? Is it true, or just more fake news attempting to propagate distrust and fear amongst Canadians?
Sadly, it’s not fake news. Christopher Porter, CIS of FireEye, an ISA cybersecurity partner, has reported to the Canadian House of Commons committee on public safety and national security that foreign hackers targeted Canadian banks, mining companies, and government institutions recently. The cybersecurity attacks that Porter spoke of attempted to overpower organizations’ cybersecurity measures, steal data and spread malware. Porter cited that in 2017, multiple Canadian financial institutions were exposed to cybersecurity risks of state-sponsored cybertheft from North Korea. He went on to say that “The cyber espionage threat to Canada is moderate, but could be on the rise. We (FireEye) have observed ten separate espionage groups from China, Russia, and Iran targeting Canada in recent years.” Cyber espionage is especially threatening in the year of a major election, and therefore, cybersecurity is of the utmost concern in 2019 since the Canadian federal election is scheduled to take place on or before October 21, 2019.
The House of Commons committee said that “Canada, like most other western democracies, is vulnerable to foreign actors seeking to illegitimately influence or interfere in our political and economic processes.” The Canadian Centre for Cybersecurity warned that foreign countries would likely attempt to advance their agendas by manipulating Canadian opinion and conducting malicious online activity, in 2019 because it is an election year. It’s clear this nation needs to keep its cybersecurity guard up.
Cybersecurity gets political for the upcoming election
It’s a federal election year and, based on the cybersecurity questions raised by the 2016 US election, Canadians are left wondering if Elections Canada has adequate cybersecurity measures in place to protect voting constituents. Stephane Perrault, Canada’s chief electoral officer, said that “Overall, I think we’re pretty confident we are where we need to be at this point,” referring to the cybersecurity safeguards that Elections Canada has in place to prevent cybersecurity attacks from wreaking election havoc for voting Canadians. However, Perrault added, “It’s certainly uncharted territory for us. We’ve seen the Americans go through this and Brexit and France and Germany, so we have a sense of the potential out there. But we’ve never had to prepare for an election like this.” Elections Canada’s best strategy against election cybersecurity attacks is the fact that Canada still votes by paper ballots that are counted by hand. “You can’t hack that,” Perrault said.
It’s no party for cybersecurity
However, Perrault has expressed concern that the political parties have some significant cybersecurity vulnerabilities that will be amplified in an election year. The problem, as he sees it, is that the various political parties “don’t have access to the resources we (Elections Canada) have access to.” Perrault goes on to note that “securing (computer) systems is quite expensive… Even the larger parties have nowhere near our resources and you’ve got much smaller parties with very little resources.” Political parties amass vast databases of voter’s personal information while building their election campaigns which needs to be protected by a robust, layered cybersecurity strategy. There is the concern, of course, that a party’s cybersecurity system could be hacked as was the case in the US presidential elections in 2016, and the information used to humiliate the party or target voters listed in the database.
Political parties are primarily volunteer-run, which magnifies cybersecurity concerns. Ill-trained campaign and election volunteers may, unbeknownst to them, fall prey to phishing schemes that could give hackers a way to bypass cybersecurity defenses and gain access to voter databases. To this end, Perrault said, “You can spend a lot of money on those (cybersecurity) systems and if the human (fails), that’s the weak link.” Elections Canada has been educating its staff in cybersecurity measures, to be wary of communications and phishing attempts. However, when you employ hundreds, if not thousands of volunteers, you are expanding your human attack surface. Should a party’s cybersecurity safeguards be breached, and voter’s personal information obtained, cybersecurity threat actors could spread disinformation, or fake news, about where, how, and when to vote, interfering in the democratic election process.
Fake news is no laughing matter.
As Canadians, we have watched the fake news fire that has burned through the US fueled by President Trump’s claims against various media outlets. We, the neighbours to the North, often watch the fake news accusations and political realities happening south of the border with an air of amusement and immunity. We aren’t immune, and it’s not funny. Fake news may seem laughable, made so, at times, by the cartoonish rants that accompany the claims, but fake news is a serious concern. President Trump has an affinity for the term fake news, and fake news was even named the 2017 word of the year by Collins Dictionary. Remarkable being that a mere four years ago, most people had never heard of fake news and now, fake news is considered a threat to democracy.
Fake news has been paramount in raising tensions between countries and may lead to more robust regulation of social media. Part of information warfare – fake news is used to persuade public opinion and political allegiances, especially in election times. In a digital economy already struggling with cybersecurity concerns, regulating data flow and borders, fake news is escalating polarization within countries and destroying long-standing social contracts. It’s creating skepticism, distrust, and insecurity between nations, and between different factions within nations. Instead of the globalization that the new economy should be fostering, information warfare and fake news are increasing nationalism and divergence.
Old problems, new buzzword
Fake news is nothing new. People in power have used the distribution of tailored information as a weapon to bolster support or suppress rebellion throughout history. From Octavian using disinformation to help achieve his victory over Marc Anthony in the Roman Republic to propaganda used in the World Wars to advance political agendas, to using bad press to sway elections one way or another, fake news has always been around. Other than the trendy fake news buzzword, the difference between fake news then and fake news now was that, in those times, it was expensive to mass-distribute disinformation, and trust-building took years.
Enter the digital age and the rise of social media which has lessened communication boundaries making it easier to spread fake news within democracies. Social media allows anyone with a connected device to create and disseminate information, especially those people who understand how to play the social network game. With free and easy communication tools like Twitter, Facebook, and WordPress, the obstacles to generating and distributing fake news have vanished. In 2016 during the presidential campaign, headlines such as “Pope backs Trump,” “Hillary sold weapons to ISIS,” “FBI Agent Suspected in Hillary Email Leaks Found Dead” went viral on Facebook, garnering thousands of shares. When people’s feeds fill up with these appear-to-be-legit-news stories, they start to believe it. Fake news isn’t only an election-time problem. The misinformation filling our social media feeds can alter public opinion on other important issues such as immigration and vaccinations.
Fake news in the news
Fake news is at the forefront of the current Nigerian presidential campaign where accusations are flying from both sides about the spreading of unsubstantiated rumours and misinformation through multiple social media platforms. The incumbent president, Muhammadu Buhari, and his main rival, Atiku Abubakar, have both been the target of online video campaigns containing dubious information. One fake news attack claimed Mr. Buhari had been “cloned.” But “it’s [the] real me,” he assured the public after rumours spread that he had been replaced with a body double called “Jubril” from Sudan. Neither party is taking responsibility for the doctoring or creation of these fake news stories. However, Jonathan Fisher, overseer of a project looking at the role of WhatsApp in Nigeria’s elections says, “Political parties support and encourage the dissemination of divisive ‘fake news’ on their behalf but have little control over its development and spread.”
As for spreading fake news in Canada during the 2019 election year, Perrault said that Elections Canada has a team in place to monitor social media and quickly counter any fake news that would impact voting. As well as ramping up cybersecurity measures, Elections Canada’s website will list all public communication from Elections Canada so that citizens can verify the legitimacy of information they may see on social media that claims to be from the agency. Verifying information sourced from the internet is essential as more and more Canadians are searching for information on political issues online according to Statistics Canada. As political stakes, both in the US and in Canada, skyrocket we, as informed citizens, need to work at being better readers, and the political parties should talk to a cybersecurity solutions provider, like ISA, for how to protect themselves with a sound cybersecurity strategy.