Estonia, the only country in the world where voters elect their leaders through online balloting, is taking steps to fend off potential hacking attacks as cyber-security fears intensify.
A software overhaul for the system, introduced in 2005, is ready for testing before local elections in October, according to Tarvi Martens, the National Electoral Committee’s head of e-voting.
The upgrade includes anti-tampering features known as end-to-end verifiability that addresses security concerns from groups such as the Organisation for Security and Cooperation in Europe (OSCE), he said.
“End-to-end verifiability is the ‘Holy Grail’ for electronic voting,” Mr Martens said.
“When we talk about international criticism, the new software now addresses it.”
The Baltic nation of 1.3m people is a technology hub that helped create Skype, hosts Nato’s cyber-defence centre, and files 99% of tax returns online.
However, the country is on alert after the US said Russia hacked its 2016 presidential election.
Estonia, an unwilling member of the Soviet Union for 50 years, blames the Kremlin for a massive cyber attack 10 years ago that disabled government, media and banking websites for hours.
Russia denies involvement in the US or Estonia incidents. While almost a third of votes were cast electronically in Estonia’s 2015 general elections, prime minister Juri Ratas said last week in an interview that “daily work is needed to improve its security as any breach would undermine the credibility of the entire system”.
In 2014, an expert group led by University of Michigan professor Alex Halderman, recommended the immediate withdrawal of Estonian internet voting, citing “major” security risks.
The OSCE urged Estonia to ensure end-to-end verifiability the following year.
Some members of the ruling Centre Party want e-voting to be discontinued. To cast their ballot, voters need an ID card and must clear two levels of authentication protected by pass codes.
The Estonian Information System Authority, which oversees the government’s cyber security, says the system can’t be breached, while Mr Martens says versatile authentication and adaptability to different sizes of voter pools mean other countries could use it.
Estonia’s system is very different from those used elsewhere, according to Mr Martens. The attacks on America included incursions into voter databases and software systems.
“The problems in the US aren’t about internet voting — they’re about voting machines,” Mr Martens said.
“There are a lot of machines and no one is able to oversee the software that goes into each one.
“With internet voting, there’s a single piece of software that can be controlled,” he said.
Earlier this week, the reinsurance market Lloyd’s of London estimated the commercial costs of a potential cyber attack around the world. A global cyber attack could result in damages of up to €106bn in an extreme event, comparable to economic losses caused by Hurricane Katrina in 2005, it said in a report.
Average losses from a scenario where an attack would cause a widely-used cloud-service provider to fail would be €46bn, depending on organisations involved and the length of the data storage disruption, Lloyd’s said.
Insurers could face total claims in that scenario ranging from €540m to €7bn, according to the report.
Prominent hacker attacks such as WannaCry in May and Petya in June have raised awareness of the vulnerability that some companies have to cyber crime and insurers are seeking to get into the market by offering coverage for such attacks.
The global cyber-insurance market is worth €2.6bn to €3bn, Lloyd’s estimates. It could rise to between €7.5bn and €8.5bn by 2020.
The second scenario used in the Lloyd’s report, where vulnerability in a widely used software was exploited by hackers, could result in losses of €8.4bn for a large event and €25bn for an extreme event.
Insurers would only cover €664m to €1.8bn of the cost, the document said. n Bloomberg
© Irish Examiner Ltd. All rights reserved