Political Parties Get Poor Cybersecurity Report Card

Political parties in both the US and Europe could try harder when it comes to cybersecurity, warned a report from SecurityScorecard in May. 

The company’s SaaS-based security rating platform analyzes target infrastructure and scores organizations on how well they perform. It worked its magic on 29 political parties spanning the US and ten European countries, including the UK. It assessed a mixture of application and network security, software patching practices, and DNS health.

It found some worrying issues. For example, servers at IP addresses allocated to the European Union were showing signs of infection by the Gamarue file-stealing, key logging malware during the EU elections earlier this month. 

“No longer is exploitation or attack hypothetical against a corporation,” the report said. “In this instance malware has already reached a target space, may be propagating further and is beginning to execute on its goals.”

Other slip-ups included a French political party that used an insecure login for its email system, sending usernames and passwords in plaintext over an unencrypted channel. The UK's Conservative party suffered a similar issue. 

The report also warned that one major political party in the US was "programmatically leaking a voting validation application, which enumerates voter name, date of birth and address via search terms". It has already advised the party of the issue, it said.

This news came just days before special counsel Robert Mueller, speaking publicly for the first time since beginning his investigation into Russian interference, called out foreign powers for interfering in the US election. 

He warned of “multiple, systematic efforts to interfere in our election,” adding, "That allegation deserves the attention of every American."

Overall, Sweden got the best score for political party cybersecurity, with Northern Ireland, Germany, and Italy following up the lead.

The US scored fifth. Its Democratic National Committee, which Russian agents hacked as part of a campaign to destabilize the 2016 US election, trailed the Republican National Committee in almost all categories. 

France scored lowest, with Spain and Poland in second- and third-to-last place.

In the UK, which as a nation ranked fourth from the bottom, the Liberal Democrats and the Labour party scored highest for cybersecurity measures, while UKIP and the Greens scored lowest.

The topic of Data Protection will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Data Protection here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.

What’s Hot on Infosecurity Magazine?