Preluding 2024 EU elections, the NIS Cooperation Group with the support of the EU Agency for Cybersecurity (ENISA), the European Commission and the European External Action Service updated the compendium on elections cybersecurity.
The first compendium on elections cybersecurity was published in 2018. Since the last EU elections in 2019, the elections threat landscape has evolved significantly. For instance, the rapid developments in AI including deep fakes, hacktivists-for-hire, sophistication of threat actors along with today’s geopolitical context highlight the necessity to update the compendium in order to reflect the current risks and threats.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar highlighted that “Reliability of the EU electoral processes depends on cyber secure infrastructures and on the integrity and availability of information. We must assess the new challenges, enhance preparedness and ensure the protection of our democracies”.
The chairperson of the NIS Cooperation Group Work Stream on elections cybersecurity, Deputy Director, National Cyber Security Directorate of Romania Manuela-Maria Catrina noted that “As chairpersons of the elections Work stream, we are very grateful for the level of cooperation and support that all the members have shown, and wish to thank them and ENISA for the work that resulted in a much-needed document in the context of the biggest electoral year in history. We do hope that the target audience will find its utility and are committed to completing this knowledge after the lessons learned in 2024.”
This second version of the EU compendium on elections cybersecurity and resilience covers the whole spectrum of the electoral cycle. It presents the current underlying cybersecurity threats and risks, illustrating examples of recent past incidents and case studies. Taking into account the diversity in the national electoral processes across the EU, the compendium provides a compilation of practical recommendations and measures to be used by the EU entities and national authorities that support elections.
A core addition is the reference to hybrid threats (including emerging threats) that could affect elections’ security, such as foreign information manipulation interference (FIMI), disinformation on social media, AI and deep fakes.
The NIS Cooperation Group
The NIS Cooperation Group, composed of representatives of EU Member States, the European Commission, and the European Union Agency for Cybersecurity (ENISA), has been established by Article 14 of the Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS2 Directive). The NIS Cooperation Group supports and facilitates strategic cooperation and the exchange of information among Member States, as well as strengthens trust and confidence between the EU Member States regarding cybersecurity issues.
ENISA efforts to further enhance EU elections cybersecurity
In addition to the EU Compendium published today, ENISA undertakes a number of other actions to support measures to ensure free and fair elections. ENISA together with partners organised a cybersecurity exercise (EU ELEx 23) to test national and EU partners’ crisis plans and responses to potential cybersecurity incidents affecting the European elections. The Agency has produced a check list for entities and national authorities that support or are involved elections in order to raise awareness on threats and risks to elections. To increase the common situational awareness for the community, ENISA shares biweekly threat briefs to the relevant stakeholders.
Further Information
Compendium on Elections Cybersecurity and Resilience (2024 Updated Version)
EU cybersecurity exercise: foster cooperation, secure free and fair EU elections
EU Elections at Risk with Rise of AI-Enabled Information Manipulation
Testing cooperation of EU CSIRTs Network during large-scale cyber-attacks
Contact
For press questions and interviews, please contact press (at) enisa.europa.eu