Ensuring digitized voting data remains secure from the time to someone votes until the election is over remains a global concern. The Global Elections Security Report, released by the Global Cyber Alliance (GCA), highlights cybersecurity best practices surrounding elections.

The document offers ten recommendations around policy, technology, collaboration and skills and resources that are critical to ensuring election security through a whole-of-society approach. GCA organized meetings with forty leaders from fifteen countries to focus on technology, policy, collaboration and skills and resources.

As result of these discussions, GCA shares the following recommendations:

  • When looking at the use of technology, encourage a holistic approach to election security.
  • Adopt and implement legislation and policies to promote cybersecurity and information exchange about threats.
  • Promote standardized threat data and interoperability, which can also enable the measurement of policy effectiveness across sectors and geographies.
  • Build cybersecurity cycles independently from the election cycles, supported with the right level of cybersecurity planning and incident response capability.
  • Promote best practices and testing processes for each stage of the cycle, including regular threat assessments using tools such as the IFES HEAT [1] Process.
  • Promote transparency as a key element of trust, helping ensure the integrity of the people managing the elections process and of the technology they use.
  • Provide support to election management bodies (EMBs) to comply with high cybersecurity standards through information exchange and a coordinated approach.
  • Build collaborative frameworks to help under-resourced election management bodies access information and best practices, especially in small countries.
  • Promote accessible cybersecurity resources for election management bodies, media, civil society organizations and political parties.
  • Promote digital skills and literacy, including the ability of people to implement cybersecurity and to understand when information sources are reliable.