Cybersecurity in Elections

Developing a Holistic Exposure and Adaptation Testing (HEAT) Process for Election Management Bodies
Keyboard with a "vote" key

In a new publication, the International Foundation for Electoral Systems (IFES) outlines strategies for election management bodies (EMBs) to strengthen their technology and procedures to resist vulnerabilities, by following what we have termed a Holistic Exposure and Adaptation Testing (HEAT) process. While no electoral process or technology is infallible, the HEAT process aims to secure automated or digitalized electoral processes – as far as possible – against unanticipated threats, illicit incursions, system failures, or unfounded legal challenges.

As the name suggests, the HEAT process focuses on the types of exposure an EMB may face when implementing different types of technology systems (technology, human, political, legal and procedural exposure). This process encourages a more holistic assessment of what could go wrong in data and technology management and allows the EMB to identify strategies to reduce or eliminate different types of exposure in a systematic manner.

Because the HEAT process seeks to provide a holistic approach to cybersecurity in elections, we have drawn lessons from international principles, election cybersecurity case studies, risk-mitigation methodologies and technology-related election court judgments. The proposed process is also guided by international best practices on data management and cybersecurity, as well as transparency, open data and privacy.