GE2025: Use strong authentication for campaign accounts, train officials on deepfakes, advises CSA
Sign up now: Get ST's newsletters delivered to your inbox
CSA warned that cyber attacks can undermine public confidence in the electoral process, hinder campaign efforts and tarnish reputations.
PHOTO ILLUSTRATION: LIANHE ZAOBAO
Follow topic:
SINGAPORE – Political parties are advised to have strong authentication controls for all online campaign accounts, educate election candidates and officials on deepfake impersonations, and plan for redundancy measures to resist cyber attacks during this election season.
In an April 17 advisory that outlines seven detailed measures, the Cyber Security Agency of Singapore (CSA) warned that cyber attacks can undermine public confidence in the electoral process, hinder campaign efforts and tarnish reputations.
“In today’s digitally interconnected world, the integrity of election processes is increasingly challenged by cyber threats,” said the CSA, adding that the measures in the advisory are not exhaustive.
Ensuring strong authentication for all campaign-related accounts includes using complex and unique passwords and implementing multi-factor authentication for access to e-mail, social media and internal systems.
To ensure system resilience, parties should also have back-up systems and load balancers to ensure efficient distribution of traffic. Political parties are also advised to establish a secure secondary communication channel as a redundancy measure.
Among party staff and volunteers, protocols for verifying information about deepfakes and other forms of manipulated content should be established. Training to spot signs of compromised cybersecurity should be conducted. Campaign staff should also be encouraged to report near-miss or suspicious incidents.
Regular software updates and data back-ups should be scheduled to ensure data availability in the case of cyber attacks, said CSA. Parties and candidates should also establish a complete inventory of digital assets, such as having a clear understanding on what, where and how data is stored in all devices. Remote access to these assets should be strictly controlled, said CSA.
To ensure good oversight of campaign cyber-security matters, an experienced worker should be appointed to be in charge. Intrusion detection systems that monitor threats in the network and those that come from users’ devices should also be deployed, with third-party vendors reviewing and managing these deployments, if required, said CSA.
The agency noted that election stakeholders are often the target of sophisticated cyber attacks aimed at disrupting services, stealing sensitive data and spreading misinformation – all of which have been observed in elections globally.
On April 2, Polish Prime Minister Donald Tusk said that his party’s IT systems were hit by a cyber attack, ahead of a presidential election scheduled in May.
He did not elaborate on the attack. A Polish broadcast station reported that unknown persons had taken over the account of a party activist and sent out e-mails with malicious software in it, one of which went to a parliamentary account.
During the US 2024 presidential election, hackers tapped Verizon’s system
Scammers can also use the election to conduct finance-related scams, which may damage the reputation of the candidates and parties involved.
Prime Minister Lawrence Wong had in March warned the public against scams
Impersonations of various Singaporean leaders such as Deputy Prime Minister Heng Swee Keat, Defence Minister Ng Eng Hen and Health Minister Ong Ye Kung have also taken place on the platform.
If a political party or candidate suspects that their cybersecurity has been compromised, they should lodge a police report and discontinue the use of the relevant account, and inform the Elections Department of Singapore.
If their IT system has been compromised, they should inform their appointed cyber-security vendor and report it to the Singapore Cyber Emergency Response team here.
