India Insights with Geetha Nandikotkur

Cyberwarfare / Nation-State Attacks , Endpoint Security , Fraud Management & Cybercrime

Election Security: Is Government Doing Enough?

Critics Allege a Lack of Focus on Cybersecurity Issues
Election Security: Is Government Doing Enough?

Some security experts say India's government isn't doing enough to ensure the security of the Lok Sabha elections being held through May 23. They express worries that a nation-state, such as China or Pakistan, could attempt to tamper with the results.

See Also: Forrester Report |The Total Economic Impact™ Of Palo Alto Networks Prisma Cloud

With the elections spread over seven phases across all states, the infrastructure appears to be vulnerable to cyberattacks.

Critics argue that the Indian government is not paying adequate attention to security, offering only what they portray as "superficial gestures," such as recalibrating the electronic voting machines, conducting voter verifiable paper audit trails and organizing cybersecurity workshops for poll officers.

Because hacking groups have threatened to interfere with the elections, India should have done far more to enhance election security, argues Pavan Duggal, advocate, Supreme Court of India.

The Election Commission has taken a few steps in recent months, including having a cybersecurity nodal officer in each state, conducting a third-party security audit of all poll-related applications and websites and holding workshops to train officers in cyber hygiene. Plus, it has proposed to recognize elections as "critical infrastructure" under the IT Act, 2000. As a result, any attempt to steal information would be a crime.

Some security experts argue, however, that India needs a new cybersecurity law to deal with today's cyberthreat environment.

Meanwhile, it's not yet clear whether all states, in fact, have nodal officers. And the commission lacks a clear policy for enhancing security of EVMs.

Another important step, some experts say, is for the government to use machine learning or artificial intelligence to track patterns that might indicate election interference.

S.N. Pradhan, director general of the National Disaster Response Force in the Ministry of Home Affairs says this approach could, indeed, help police investigate potential election interference.

Rakesh Goyal, a CERT-In empanelled auditor, says the government also needs to ramp up its efforts to continuously patch EVM software and improve its efforts to detect vulnerabilities in EVM operating systems.

Lack of Coordinated Efforts

Another important issue is the apparent lack of coordination on security issues among government leaders, the Election Commission and key security auditors and practitioners.

The Election Commission should seek help from the public and private sector in building a cybersecurity ecosystem.

For now, the ruling party and ECI have asked all government officials to be tight-lipped about the security measures taken in protecting election machinery. When I asked Dr. Kushal Pathak, the CISO of Election Commission of India, to discuss security details, he said he had been asked not speak to the media on any security-related issue.

The ECI should be more transparent about its security efforts to help reassure citizens that it's taking the necessary steps to ensure the integrity of the election and show its preparedness in tackling digital threats.



About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Vice President - Conferences, Asia, Middle East and Africa, ISMG

Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a group editor for CIO & Leader, IT Next and CSO Forum.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.in, you agree to our use of cookies.