- The UK’s electoral commission has now recovered from a cyberattack
- Recovery took three years and £250,000
- It’s not clear what attackers gained in the intrusion
After three long years, the UK’s Electoral Commission is finally fully recovered after a cyberattack that left the organisation reeling.
The Commission was formally reprimanded by the Information Commissioners Office over lapses in security that left millions of British voters ‘vulnerable to hackers’.
Speaking to the BBC for the first time about the incident, the Electoral Commission CEO Vijay Rangarajan, who was not CEO at the time of the attack, says colleagues described the discovery of the hackers as “feeling like you’d been burgled whilst still inside the house”.
Insufficient protections
There were six by-elections held in the time where hackers were inside the IT networks, but the Commission has confirmed there is no evidence of any tampering.
The Commission used a £250,000 grant to aid its recovery, and is now spending significantly more in its cybersecurity budget.
That being said, the commission is still not aware exactly what information was exfiltrated or what the hackers goals were with the intrusion. There have been examples of network intrusions with severe consequences, with government agencies and public organisations hit by ransomware attacks across the world.
“All of this could have caused us amazing problems. It was a dangerous thing to have happened,” he said. “I don’t think everyone realised quite how much democratic systems and electoral systems were targets. We tended to be quite comfortable in the way we run things. We now have to be really up to speed with the threats,” he said.
In the past few years, elections over the world have been targeted, and governments have faced a huge surge in cyberattacks from threat actors looking to disrupt democracy and undermine governments and processes.
Add Comment