Cyber-securing the 2022 Philippine elections

The Philippine General Elections to be held in May 2022 offer the country another opportunity to choose leaders who will help chart the course of the future. Due to the coronavirus disease 2019 (COVID-19) pandemic, Senators have been discussing a “mail-in” voting system, with various degrees of enthusiasm. The Senate President has publicly rejected the idea while two other legislators have supported it for reasons of inclusivity and safety. As a registered voter who wants to exercise her right to vote and as a cybersecurity professional, I think that regardless of whether we shift to a mail-in voting system or stick to an electronic voting system in the upcoming elections, it will involve the use of electronic data processing systems which in turn come with their set of cybersecurity risks.

There are two areas in the election value chain where cybersecurity risks are mainly present.

The first is the voter registration process. In particular, the security of voter registration databases is one example of an inherently vulnerable risk area. Voter registration data determine who is a legitimate voter as well as whether or not they have voted. This is critical information that, if stolen, can be used to socially engineer voter behavior, encrypt the data in such a way that the data or the database becomes unusable, or manipulate the data to produce more “voters” who are in fact, not legitimate. On top of the data integrity issue associated with the data breach, data privacy is also a paramount concern for legitimate voters who have given their personally identifiable information (PII) during the voter registration process.

I don’t know about you, but the possibility of someone having my name, social security number or any information that can be used to trace my identity just does not sit well with me. Of course, there’s also the more dangerous possibility of data manipulation by a malicious third party to change the results in the election in favor of particular political leaders and/or parties.

The second risk area is the actual electoral process. During the vote counting process, ballots filled in by registered voters are first scanned by vote counting machines (VCMs). At the end of election day, the VCMs then aggregate all votes in election returns, which are then transmitted to the central and transparency servers. From there, results are further collated and transmitted to the Board of Canvassers at the municipal, provincial and state levels. The associated data networks, if left unsecured, are quite vulnerable to cyber threats.

One example of such a threat is ransomware. Unsecured election returns data could be intercepted during the transmission process by a hacker who then steals and/or withholds the data by encrypting it and in turn, demands a ransom to provide the decryption key. Another application of this is when the hacker steals the data and then uses encryption to cover up the theft. These examples really serve to highlight the importance of securing these network connections in the first place, as even just the process of connecting to the network will make these data vulnerable.

Given the risks, what best measures can our government adopt to safeguard our electoral process from cyber threats?

First, there’s a critical need to place effective controls on who will be able to access the data as well as clearly define what data they should be able to access. These may take the form of privileged access management or role-based access controls, which are just some of the controls that can be put in place in order to have an additional layer of control over the election data.

Second, there must be a reliable backup that is not accessible through the system and/or network. Said backup would not only help to preserve the integrity of the election returns data but also provide a certain guarantee that the data will not be affected in the event of a ransomware attack.

Third, network monitoring must be deployed so that election officials are able to more proactively recognize when something malicious may be happening. This should quickly galvanize our officials into taking more immediate action to protect the sanctity of our elections.

Lastly, to prevent data leaks from occurring, election officials should choose to encrypt the data whether at rest or in transit. With strong encryption in place, the encrypted data will be rendered useless should they fall into the wrong hands, as they would need a decryption key to use it.

Collectively or on their own, the measures discussed above, when taken together with supplementary controls, may address some of the inherent risks associated with the election process.

Philippine general elections determine the fate of the nation for the next six years and voting is one of the most impactful ways in which our citizens help to set that direction. As an ordinary Filipino citizen, elections are one of the platforms I use to express my opinion on matters I care about, such as public transportation, raising the minimum wage, funding local schools, and other causes. As we exercise our right to vote as a democratic nation, elections should be run in a manner that safeguards fairness and integrity as well as protects the privacy of each citizen.

After all, doing so ultimately helps to ensure that people’s rights are properly exercised and that the outcome of the elections will be in line with the will of the Filipino people.