MPs have raised the prospect that a key voter registration site which crashed ahead of the UK’s EU Referendum may have been DDoS-ed by a foreign entity.
The House of Commons Public Administration and Constitutional Affairs Committee report on “lessons learned” from the Brexit vote doesn’t introduce any new evidence as such.
However, it refused to rule out the possibility that the site was taken out on June 7 last year by a botnet-powered DDoS blitz, in a bid to prevent UK citizens from voting in the ballot.
In the end, the registration deadline was extended by 48 hours and MPs are clear that the outage didn't affect the outcome of the vote.
Claiming it is “deeply concerned” about allegations of foreign interference in the referendum, the committee continued by urging the government to take a more holistic approach to cyber-defense.
It added:
“Lessons in respect of the protection and resilience against possible foreign interference in IT systems that are critical for the functioning of the democratic process must extend beyond the technical. The US and UK understanding of ‘cyber’ is predominantly technical and computer-network based. For example, Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals. The implications of this different understanding of cyber-attack, as purely technical or as reaching beyond the digital to influence public opinion, for the interference in elections and referendums are clear.”
MPs urged the Cabinet Office, the Electoral Commission, local government, GCHQ and the new National Cyber Security Centre to partner in establishing a new “permanent machinery” to monitor and respond to any attempts to influence elections and referendums from cyber-space.
“We recommend that the government presents regular annual reports to parliament on these matters”, it concluded.
Tensions over interference have been heightened since US intelligence agencies confirmed suspicions that Russian agents had hacked and exposed private Democratic Party officials’ emails in a bid to influence the presidential election.