IN the currently attenuated environment of international political/economic interactions, the threat of foreign stakeholders and their interference in the democratic process and the undermining of critical institutions is an important topic.

However, tariffs being the current focus in the headlines while Australia is in the midst of a federal election campaign, coverage of this issue is not getting near the attention it deserves despite the threat being more pressing than ever.

These cyber threats and external actors no longer have their eyes purely on governmental organisations, they are now targeting smaller agencies and businesses within the government ecosystem with increasingly sophisticated attacks.

The Evolving Cyber Threat Landscape

The complexity of these cyber threats have grown into streamlined operations, working to shift public opinion, destabilise trust and orchestrate disinformation campaigns. With an objective of sowing doubt into the strength of these processes and feeding into already polarised and ‘echo-chambered’ communities, these attacks are no longer just about espionage or disruption.

Such campaigns dominated headlines during and after the 2016 U.S. elections, where credible reports exist of foreign actors conducting coordinated misinformation campaigns, leveraging social media platforms to spread false narratives.

Similarly, in recent European elections, cyberattacks targeted political parties, government agencies, and electoral commissions. Australia, is a strategic middle power in the Asia-Pacific region, and with some contentious interactions with key players over the past decade, is already a target for such cyber operations.

Vulnerabilities in Government and Corporate Cybersecurity

Australia’s cybersecurity ecosystem, thanks to a number of active government and industry initiatives, has certainly strengthened in recent years. These initiatives include significant investments made by the Australian government through the Australian Cyber Security Centre such as the Critical Infrastructure Uplift Program, Department of Home Affairs’ Hosting Certifications Framework and Security of Critical Infrastructure Regime and Telstra’s Cleaner Pipes program.

However, significant vulnerabilities still remain and are regularly exploited by adversaries. These chinks in the armour, when exposed in the government agencies have a particular effect on erosion of public’s trust.

Australia’s electoral cybersecurity risks are unique. Australian Electoral Commission (AEC) has stood up the Electoral Integrity Assurance Taskforce, which brings together various agencies in the Commonwealth to support AEC to counter disinformation campaigns, foreign interference and cyber intrusions. One of the areas which provides a somewhat ‘natural barrier’ to cyber threats to our electoral process is that AEC maintains a manual process of voting.

Ballot papers are counted manually by AEC representatives and overseen by scrutineers representing each party. This makes a cyber attack against the process of voting with a view to tampering with the results difficult as there are paper based records which can be fallen back on. However, there are still a lot of avenues during pre-election (voter enrolment), vote counting and tallying and election results release process where technology based risks exist.

Some of the key risks emanate from electoral support systems still relying on legacy IT systems, which are more susceptible to cyberattacks. Voter databases, and government ICT which supports electoral processes must be secured against potential breaches. Government agencies and electoral bodies must invest in modern, secure IT infrastructure with regular penetration testing, multi-factor authentication, and zero-trust security models to reduce vulnerabilities.

Businesses and organisations must also prioritise cybersecurity awareness by training employees on phishing scams, enforcing strong password policies, and implementing end-to-end encryption. Meanwhile, media organisations, social platforms, and regulators must work together to combat disinformation through fact-checking, transparency in political advertising, and content moderation.

This is a complex area and trends on an international scale have evolved - we’ve seen global tech giants such as Meta drop fact checking from their platforms, only to bring it back in the form of crowd sourced ‘community notes’. The question remains - how do you balance the valid need for ‘free speech’ while enabling a level of validating accuracy of information?

A Call for Vigilance and Cooperation

Australia’s democratic integrity relies on a secure and resilient digital ecosystem. As we move closer to election day, governments, businesses, and individuals must recognise the stakes involved and take preemptive action to guard against state-sponsored cyber threats.

Professionals in the field also need to recognise and study the evolving nature of these threats, to assist their organisations (industry) or clients (consultants) adequately.

Ensuring defences remain robust is a collaborative effort, and is essential in ensuring that democratic institutions remain safeguarded, as well as business security and public confidence remains high.

The genie is incredibly hard to put back in the bottle and no longer just for those in Canberra’s bureaucracy or security to sweat, the issue is now a cause for all citizens to lean forward and pay attention to.

By Harry Cheema, Lead Partner Cyber Services at Anchoram Consulting.