Cyber Threats to Canada’s Democratic Process: 2023 Update from the Canadian Centre for Cyber Security
The Communications Security Establishment (CSE) is Canada’s centre of excellence for cyber operations. Part of CSE is the Canadian Centre for Cyber Security (CCCS), Canada’s technical authority on cyber security. The Cyber Centre is the single unified source of expert advice, guidance, services, and support on cyber security for Canadians and Canadian organizations. As one of the components of Skyway’s security-hardened network, we provide our clients with real-time security incident and event notifications from CCCS for any compromised IP address under their control.
This report addresses cyber threat activity targeting elections, and the growing threat that generative AI poses to democratic processes globally and in Canada. Below you will find the Executive Summary, with links to the full report.
Executive summary
Foreign adversaries are increasingly using cyber tools to target democratic processes around the world. Disinformation has become ubiquitous in national elections, and adversaries are now using generative artificial intelligence (AI) to create and spread fake content. This report addresses cyber threat activity targeting elections, and the growing threat that generative AI poses to democratic processes globally and in Canada.
Key findings and global trends
- Cyber threat activity targeting elections has increased worldwide. The proportion of elections targeted by cyber threat activity relative to the total number of national elections globally has increased from 10% in 2015 to 26% in 2022. Since our publication of Cyber Threats to Canada’s Democratic Process: July 2021 update, we observed that the proportion of elections targeted increased from 23% in 2021 to 26% in 2022.Footnote 1
- In 2022, we found that slightly over a quarter (26%) of all national elections globally had at least one reported cyber incident. Of the countries whose national elections were targeted by cyber threat activity from 2015 to 2022, approximately 25% are NATO countries and approximately 35% are OECD (Organisation for Economic Co-operation and Development) countries.
- We observe that state-sponsored cyber threat actors with links to Russia and China continue to conduct most of the attributed cyber threat activity targeting foreign elections since 2021. Russia and China’s cyber threat activity includes attempts to conduct distributed denial of service (DDoS) attacks against election authority websites, accessing voter personal information or information relating to the election, and vulnerability scanning on online election systems.Footnote 2 We assess it very likely that Russia and China will continue to be responsible for most of the attributed cyber threat activity targeting foreign elections in the next two years and will focus on targeting countries of strategic significance to them.
- State-sponsored cyber threat activity against Canada is a constant, ongoing threat that is often a subset of larger, global campaigns undertaken by adversaries. During periods of heightened bilateral tensions, cyber threat actors can be called upon to conduct cyber activity or influence operations targeting events of national importance, including elections. We assess that increased tensions or antagonism between Canada and a hostile state is very likely to result in cyber threat actors aligned with that state targeting Canada’s democratic processes or disrupting Canada’s online information ecosystem ahead of a national election.
- The majority of cyber threat activity targeting elections is unattributed. Since the publication of the Cyber Threats to Canada’s Democratic Process: July 2021 update, more than half of the perpetrators of cyber threat activity targeting national elections were unknown. In 2022, 85% of cyber threat activity targeting elections was unattributed, meaning that these cyber incidents are not ascribed or credited to a state-sponsored cyber threat actor. When the perpetrators were known, only two countries were reported to actively target foreign elections in the last two and a half years: Russia and China. We assess it very likely that cyber threat actors are increasingly using obfuscation techniques and/or are outsourcing their cyber activities in order to hide their identities or links to foreign governments.
- From the publication of the Cyber Threats to Canada’s Democratic Process: July 2021 updateuntil Spring of 2023, we found that all national elections globally (146 in total) were subject to online disinformation geared towards influencing voters and the election. We also detected an increase in the amount of synthetic content being produced relating to national level elections, almost certainly related to the increased accessibility of generative AI. However, we note that the number of reported cases where synthetic content is being used to spread disinformation about elections remains relatively low compared to the amount of synthetic content observed online. We assess that the use of generative AI for synthetic content related to national elections will almost certainly increase in the next two years, as this technology becomes more widely available.