EU Member States test their cybersecurity preparedness for fair and free 2019 EU elections
The EP, the EU Member States, the EC and the EU Agency for cybersecurity (ENISA) organised an exercise to test the EU's response to and crisis plans for potential cybersecurity incidents affecting the EU elections.
The objective of the exercise, which took place in the European Parliament, was to test how effective EU Member States and the EU's response practices and crisis plans are and to identify ways to prevent, detect and mitigate cybersecurity incidents that may affect the upcoming EU elections. This exercise is part of the measures being implemented by the European Union to ensure free and fair elections in May 2019.
Vice-President of the European Commission, for the Digital Single Market, Andrus Ansip, said:”We must protect our free and fair elections. This is the cornerstone of our democracy. To secure our democratic processes from manipulation or malicious cyber activities by private interests or third countries, the European Commission proposed in September 2018 a set of actions. Together with the EU Member States, and other EU Institutions we are implementing these actions. We also decided to test our cybersecurity vigilance and readiness towards secure, fair and free EU elections 2019 by organising the first in its kind EU exercise on elections. I believe that this is an important step forward for more resilient EU elections in a connected society.”
Vice-President of the European Parliament, Rainer Wieland, said: ”Cyber-attacks are a recent but very real threat to the stability of the European Union and its Member States. A cyber-attack on elections could dramatically undermine the legitimacy of our institutions. The legitimacy of elections is based on the understanding that we can trust in their results. This very trust has come under pressure from cyber-attacks and other new types of election fraud in the Digital Age, and we must respond! With the upcoming European elections in 2019, we have to take responsibility and build up the necessary means to strengthen our electoral cyber security. This responsibility is a common one, shared by European and Member State institutions. Together we need to safeguard the integrity of the elections.”
More than 80 representatives from EU Member States, together with observers from the European Parliament, the European Commission and the EU Agency for cybersecurity, participated in this first EU table-top exercise (with the code name EU ELEx19) on the resilience of the upcoming European Parliament elections. The main responsibility for protecting the integrity of the elections lies with the Member States, and the overall objective of the exercise was to test and further strengthen their preparedness - especially their election and cybersecurity authorities – in the face of hybrid cyber-enabled threats, and to assess their ability to swiftly develop and maintain situational awareness at national and EU level if a serious cybersecurity incident which could impact on the integrity of the 2019 EU elections were to occur.
Based on various scenarios featuring cyber-enabled threats and incidents, the exercise allowed participants to:
- Acquire an overview of the level of resilience (in terms of policies adopted, available capabilities and skills) of election systems across the EU, including an assessment of the level of awareness among other stakeholders (e.g. political parties, electoral campaign organisations and suppliers of relevant IT equipment);
- Enhance cooperation between relevant authorities at national level (including elections authorities and other relevant bodies and agencies, such as cybersecurity authorities, Computer Security Incident Response Teams (CSIRTs), the Data protections Authority (DPA), authorities dealing with disinformation issues, cybercrime units, etc.);
- Verify EU Member States' capacity to adequately assess the risks related to the cybersecurity of European elections, promptly develop situational awareness and co-ordinate communication to the public;
- Test existing crisis management plans as well as relevant procedures to prevent, detect, manage and respond to cybersecurity attacks and hybrid threats, including disinformation campaigns;
- Improve cross-border cooperation and strengthen the link with relevant cooperation groups at EU level (e.g. Election Cooperation Network, NIS Cooperation Group, CSIRTs Network) in order to improve the capacity to respond in a coordinated manner in the event of cross-border cybersecurity incidents;
- Identify all other potential gaps as well as adequate risk mitigation measures which should be implemented ahead of the European Parliament elections.
On 12 September 2018 the European Commission announced a set of concrete measures to address potential threats to elections, including a recommendation of the European Commission on election cooperation networks, online transparency, fighting disinformation campaigns and protection against cybersecurity incidents.
In line with this European Commission recommendation, a European Cooperation Network on elections has been established. This network has already met three times in Brussels to discuss necessary actions to address potential threats to the elections and thereby strengthen the resilience of the European Union's democratic systems. One of the actions that this network decided to pursue was the organisation of a table-top exercise to test EU's cybersecurity preparedness to ensure secure, free and fair EU elections 2019.
The cybersecurity test also goes hand-in-hand with the Action Plan against disinformation that the European Union adopted last December to build up capabilities and strengthen cooperation between Member States and EU institutions to proactively address the threats posed by disinformation.
Factsheet: Securing free and fair European elections
Commission Communication on securing free and fair European elections
Commission Recommendation on election cooperation networks, online transparency, protection against cybersecurity incidents and fighting disinformation campaigns in the context of elections to the European Parliament
Factsheet: Protecting Europeans' personal data in elections
Proposal for amending the Regulation on funding of European political parties
Latest News from
ESMA Consults on Fees For Benchmarks Administrators28/09/2020 09:25:00
The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, recently (25 September 2020) launched a consultation on fees for benchmarks administrators under the BMR.
Statement by Executive Vice-President Margrethe Vestager on the Commission's decision to appeal the General Court's judgment on the Apple tax State aid case in Ireland25/09/2020 15:25:00
Statement given by Executive Vice-President Margrethe Vestager on the Commission's decision to appeal the General Court's judgment on the Apple tax State aid case in Ireland.
Why is Parliament calling for new EU revenue-raising powers?25/09/2020 14:33:00
Parliament is calling for new EU revenue sources to invest in Europe’s future and support the Covid-19 recovery without burdening taxpayers.
Hong Kong: Statement by the Spokesperson on the arrest of Joshua Wong and other pro-democracy activists25/09/2020 13:25:00
The arrest of Hong Kong pro-democracy activist Joshua Wong on 24 September is the latest in a troubling series of arrests of pro-democracy activists since the summer.
ESMA Consults On MIFIR Reference Data And Transaction Reporting25/09/2020 12:38:00
The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, yesterday launched a Consultation Paper (CP) reviewing the reference data and transaction reporting obligations under the Market in Financial Instruments Regulation (MiFIR).
MEPs question whether the new Migration Pact will bring about real change25/09/2020 11:33:00
The new Migration Pact is insufficient for the majority of EP groups. Some demand compulsory relocation of refugees; others want a firmer stance on irregular arrivals.
Questions and Answers: Coronavirus and the EU Vaccines Strategy25/09/2020 09:25:00
On 17 June, the European Commission presented a European strategy to accelerate the development, manufacturing and deployment of vaccines against COVID-19.
European Centre for Disease Prevention and Control's new risk assessment shows need to step up coronavirus response in the EU24/09/2020 17:02:00
Today, the European Centre for Disease Prevention and Control (ECDC) published its updated risk assessment regarding the COVID-19 pandemic, alongside a set of guidelines for non-pharmaceutical interventions (such as hand hygiene, physical distancing, cleaning and ventilation).
Artificial intelligence: threats and opportunities24/09/2020 16:33:00
Artificial intelligence (AI) affects our lives more and more. Learn about the opportunities and threats for security, democracy, businesses and jobs.