Bulwark Intelligence

CYBER SECURITY THREATS TO THE 2023 ELECTIONS

Most Nigerians are already tired of the elections, and it’s not even here yet. That being said, everyone is looking forward to election day so that we can all move on, and Naira can begin flowing again.

But insecurity is one of those dreadful phenomena that could lead to INEC postponing the elections.

There is a joint civil society group that meets regularly to evaluate election security and they are known as the Inter-agency Consultative Committee on Electoral Security (ICCES). A few months ago, the ICCES conducted an assessment and revealed that there were about 686 communities across Nigeria with high insecurity levels due to the activities of various Armed Non-State Actors, which were going to pose a problem for INEC effectively delivering election materials and eventually holding the elections in those areas.

About 90% of those communities were based up north. Half of those were in the North West region alone, particularly in Zamfara state which has been hard hit by proscribed bandit groups considered as terrorists. The North Central also recorded a high chunk of insecure communities, as well as the South East particularly Imo, Anambra and Abia.

The Bulwark Intelligence map below indicates areas that we are projecting will report levels of electoral attacks. Bulwark came up with their assessments using data from locations that have already reported significant pre-electoral violence, and also states that will likely show tension following the announcement of the election results.

Figure 1:The map shows the 36 states and their respective election violence risk ratings.

Despite the physical security threats, INEC insists that it is still going to go forward with the elections, and security agencies say they are going to do everything they can to prevent any form of violence on that day.

CYBER SECURITY THREATS TO NIGERIA’S ELECTIONS

The Electoral Act of 2022, ushered in the era of digitization for INEC. The reason is simple. The manual process was leading to significant interference and preventing a truly free and fair election. The introduction of the Bimodal Voter Accreditation System (BVAS) and INEC Result Viewing Portal (IReV) are supposed to help eliminate these risks. If all goes well, the issue of ballot stuffing, ballot snatching, results collation tampering, and voter fraud should be significantly reduced.

But with increased dependence on technology, comes the requisite cyber security threats to INEC. The electoral commission mentioned that during the 2022 Ekiti and Osun elections, their portal experienced “significant cyber-attacks. But thankfully their engineers and cyber security teams were able to effectively respond”.

There are interference threats of Disinformation and misinformation campaigns which are designed to influence the individual voter’s decision-making process, through intentional and unintentional dissemination of false information. There are also threats associated with deep fake videos which are doctored voiceover videos. This is particularly scary in places like Nigeria where wrong comments about tribe and religion could lead to physical violence and destruction.

CYBER ATTACK THREATS ON INEC PORTALS AND TOOLS

There are four notable tech portals and tools INEC has been using in these elections.

There’s Basic Security in Election Duties (BaSED), an online security training portal for INEC personnel which allows INEC to train their over 1 million staff and ad-hoc personnel on election security awareness and what to do in case of security incidents.

The other is the Election Logistics Management System (ELMS) which is an app INEC is using to track election materials procurement from storage to delivery. We’re talking about the movement of election materials to over 176,000 polling units across the country, which will be done using over 100,000 vehicles, and 4,200 boats escorted by the Navy. As you can imagine, the use of tech for logistics management is also a welcome development.

The two external facing tools which have a high risk of cyber-attacks are BVAS and IReV.

The Bimodal Voter Accreditation System (BVAS) helps ensure the voter is who he says he is. The upside is that it will reduce voter fraud and double dipping. But the downside is the biometric devices can act up causing delays and false negative errors which could prevent legitimate voters from being verified.

The recently conducted BVAS mock testing and accreditation exercise revealed challenges with the internet network/server which is required for activation and configuration. Some remote locations experienced delays as a result. There were some reports of faulty BVAS devices. The hardware was faulty, and the fingerprint scanners were not working properly.

INEC is also using the INEC Result Viewing Portal (IReV), which is supposed to ensure electronic transmission and viewing of results in near real-time. This is supposed to prevent cases of false results during collation or inconclusive results following interference by thugs at the polling unit. Again, the downside is going to be the internet network and the ability to upload the results. In addition, the availability of qualified personnel might be a challenge.

INEC mentioned that during the Ekiti and Osun elections, there were cases of low-quality uploads because the officers who had been trained to do these uploads were not available or had to be substituted with others who had not been adequately trained for that role. INEC says they will ensure this doesn’t happen again, by deploying only adequately trained officers.

SOLUTIONS

It’s a little too late to advise on solutions right now since it’s almost game time. But one can only hope that INEC has already done significant levels of preparedness, especially in their ability to effectively detect attacks, respond to these attacks and quickly recover from the said attacks. Hopefully, they’ve conducted penetration tests and allowed independent ethical hackers to rigorously poke for vulnerabilities.

PERSONAL SECURITY TIPS

  • To be realistic, we are going to experience some levels of electoral violence, regardless of who wins or how many security agents are deployed to the streets. There are going to be paid thugs standing by to do the bidding of their political paymaster. There will be cases of voter intimidation, where people will be threatened to vote a specific way or experience the wrath of their local warlord.
  • People are going to be upset with the results no matter who wins or loses.
  • So it is important that while citizens take the time out to exercise their civic duties, they do that safely and with the utmost caution, especially if they are located in a high-risk community.
  • Ensure you have prior information about the state/status of your polling unit before you head out. Try not to wear any politically branded attires, as this could put you in harm’s way if you encounter the wrong group of supporters. Dress neutrally. Cast your vote and go home.
  • If you plan on staying to secure your polling unit, know when it’s time to leave the area or find a secure spot, when you notice any armed persons reaching for their weapons, so that you do not become collateral damage or a statistic.

I recently joined Channels Television Adanma Milliscent Nnwoka to discuss the cyber security threats to the 2023 Nigeria elections. The Electoral Act of 2022 ushered in the era of digitization for INEC, but with increased dependence on technology comes the requisite cyber security threats. Catch the full interview here by clicking on the image below.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top