Britain’s Conservative Party has reportedly delayed its leadership selection process after GCHQ warned that hackers might be able to change people’s ballots.
The party is currently choosing the next leader of the country after prime minister Boris Johnson resigned from its leadership last month. After narrowing down the candidates, around 160,000 Conservative Party members, approximately 0.3% of the country’s electorate, are set to elect either Liz Truss or Rishi Sunak as the UK’s prime minister.
The spy agency didn’t include a specific threat from a hostile state, and the advice was more general about the voting process and its vulnerabilities, according to The Telegraph.
Following the concerns, Britain’s ruling party has been forced to abandon plans to allow members to change their vote for the next leader later in the contest.
“Defending UK democratic and electoral processes is a priority for the NCSC and we work closely with all Parliamentary political parties, local authorities, and MPs to provide cyber security guidance and support,” a spokesperson from the National Cyber Security Centre (NCSC), which is part of GCHQ, told IT Pro. “As you would expect from the UK’s national cyber security authority we provided advice to the Conservative Party on security considerations for online leadership voting.”
Postal ballots are also yet to be issued to party members, which could arrive as late as 11 August and were reportedly meant to be sent out on Monday.
“We have consulted with the NCSC throughout this process and have decided to enhance security around the ballot process. Eligible members will start receiving ballot packs this week," a Conservative Party spokesperson told IT Pro.
Professor Steve Schneider, director of the Surrey Centre for Cyber Security, agrees with the decision to not allow revoting, for cyber security reasons.
“I think a significant concern with the proposal to allow revoting will have been that the voting credentials remain live right up to the end of the election. This exposes the election to a much greater risk of attack than if credentials can only be used once,” Schneider said to IT Pro. “It provides longer for adversaries to obtain (e.g. through hacking) the credentials to be able to cast votes. It also provides adversaries with the ability to use such credentials to switch votes close to the end of the election. “
Schneider added that it also means that if a voter is not planning to vote again then they have to securely dispose of, or shred, their credentials, and there’s a risk that not all voters will recognise this.
“But some may just put them in the rubbish, making it possible for them to be retrieved and reused,” underlined the professor. “Not allowing revoting means that once a vote has been cast then the credentials are “spent” and have no further use. They cannot be reused so secure disposal is not a significant concern.”
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
The UK cybersecurity sector is worth over £13 billion, but experts say there’s huge untapped potential if it can overcome these hurdlesAnalysis A new report released by the DSIT revealed the UK’s cybersecurity sector generated £13.2 billion over the last year
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
Threat of cyber attacks to national security compared to that of chemical weaponsNews The UK government has raised the threat level posed by cyber attacks, deeming it greater on average than an event such as the Salisbury poisoning
-
2022 Public Sector Identity Index ReportWhitepaper UK Report
-
UK and Japan strike digital partnership to collaborate on IoT security, semiconductorsNews The two countries are also set to align their approaches to digital regulation to make it easier for companies to operate in each nation
-
Defra's legacy software problem 'threatens' UK gov cyber security until 2030News The department spends over two-thirds of its digital budget on maintaining the risky applications, with no plan in place for a fix within the decade
-
Netherlands urges citizens to prepare survival kits in case hackers target critical infrastructureNews The latest campaign from the national coordinator for security echoes the growing concern in the UK government over serious cyber attacks
-
35 cyber startups join largest UK government-backed acceleratorNews The startups will benefit from business masterclasses, mentoring and engineering support, and technical product development support
