The Paris Call for Trust and Security in Cyberspace sets out nine common principles (below) to promote responsible behavior for a secure and peaceful cyberspace. In 2020, the government of Canada, Microsoft and the Alliance for Securing Democracy committed to help implement the Paris Call’s third principle on strengthening capacity to protect democratic elections from malicious cyberattacks. After a series of six workshops with representatives from government, industry and civil society, the partners created Multistakeholder Insights: A Compendium on Countering Election Interference, demonstrating concrete results from a public-private collaboration. Here are six takeaways from the compendium:
Improving multistakeholder information sharing
Rising cyber threats highlight the need to improve information sharing between the public and private sectors nationally and internationally. By developing a shared language, improving information sharing channels and communicating continually about threats, threat actors and responses, we can enhance our ability to identify, counter and mitigate malicious cyberattacks.
Balancing foreign interference against acceptable state influence
The lack of common framing for “foreign interference” makes it difficult for policymakers to develop standards and guidelines. By adopting clear, globally accepted definitions for terms such as “influence” and “interference,” democracies will be better positioned to determine acceptable and unacceptable state actions in cyberspace.
Countering election interference in a pandemic environment
Crises such as the pandemic create opportunities for election interference by adding logistical complexities to holding an election. To achieve resiliency amid a crisis, election officials must engage in extensive contingency planning by building trust, providing credible information and implementing reliable technology. Governments should seek hybrid approaches that ensure the highest possible participation.
Mitigating and responding to interference in the information environment
The volume of information on the internet creates opportunities for bad actors to spread disinformation. Governments, traditional media, social media platforms, academia and civil social society can counter electoral interference in the information ecosystem by cooperating to provide timely and accurate information.
Defend, detect, recover: Countering the threat of interference in election infrastructure
Almost all elections now include digital technologies that must be continually assessed for vulnerabilities and protected against interference. Such improvements must be made before, during and after election day as new insights are learned.
Empowering citizens to build community resilience to counter election interference
Well-informed and engaged citizens form the core of a stable, functioning democracy. Widespread disinformation on social media is eroding trust in legitimate sources of information and must be countered by building civil and digital literacy. Citizens empowered with reliable information are better equipped to reject disinformation.
1. Protect individuals and infrastructure
Prevent and recover from malicious cyber activities that threaten or cause significant, indiscriminate or systemic harm to individuals and critical infrastructure.
2. Protect the internet
Prevent activity that intentionally and substantially damages the general availability or integrity of the public core of the internet.
3. Defend electoral processes
Strengthen our capacity to prevent malign interference by foreign actors aimed at undermining electoral processes through malicious cyber activities.
4. Defend intellectual property
Prevent ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sector.
5. Nonproliferation
Develop ways to prevent the proliferation of malicious software and practices intended to cause harm.
6. Lifecycle security
Strengthen the security of digital processes, products and services, throughout their lifecycle and supply chain.
7. Cyber hygiene
Support efforts to strengthen an advanced cyber hygiene for all actors.
8. No private hack back
Take steps to prevent nonstate actors, including the private sector, from hacking back, for their own purposes or those of other nonstate actors.
9. International norms
Promote the widespread acceptance and implementation of international norms of responsible behavior as well as confidence-building measures in cyberspace