Following the news that a former Canadian Security Intelligence Service (CSIS) director believes Canada’s elections had been hacked, the government has responded by announcing that they wants to take cybersecurity seriously.
In his mandate letter to the new Democratic Institutions Minister Karina Gould, Prime Minister Justin Trudeau listed defending the electoral system from cyberthreats as a priority. In addition, the Communications Security Establishment (CSE) has been asked to analyze the risks and release a report on the issue.
According to the Globe and Mail, the CSE will conduct a comprehensive study on cyberthreats to the electoral system and provide political parties and Elections Canada with information on how to avoid vulnerabilities, such as updating software. Minister Gould said that there are a “number of actors that we’re concerned about, some are countries, some are criminal organizations.”
The concern clearly revolves around Russia, the country that is still blamed for interfering in the American election and releasing compromising information on Hillary Clinton.
As mentioned in our previous blog post on the topic, any interference in a Canadian election would likely happen on the constituency level given how the Westminster system operates. Yet this is no less a threat than what happened in the United States.
There are two issues at play here: communications security and data storage.
Like Hillary Clinton, it is likely that any hacking of Canada’s elections would arise from poor email security. This is why anyone in a position of influence – like politicians and Elections Canada – should not be using this method of online communication. They should instead switch to a secure tool like patented Evizone Secure Communications (ESC) which provides complete security backed up by military-grade encryption.
The second issue is data storage and compliance review. Elections Canada stores a generous amount of sensitive information related to Canadian voters, and political parties have databases of information they never want released to the world. Yet if anyone manages to hack into their networks, however, these files would be vulnerable to exposure. This information also needs to be reviewed regularly to ensure compliance with appropriate regulation.
Only Evizone Secure Communications (ESC) provides the secure data storage and accountability to prevent hackers from the outside accessing your database, account for potential leaks from those within the system and ensure a robust review of all information for compliance violations.
Switching these large organizations away from email to a new product could seem daunting, but with Evizone, a new communications and governance system could be up and running within 30 days.
If the government is serious about cybersecurity and compliance, they’ll give us a call.