The Australian Electoral Commission has revealed the nation’s core electoral systems experienced no successful cyber-attacks during the 2019 federal election campaign.
But the agency, which has been increasingly worried by the prospect of external interference, won’t say whether any attempts to compromise the systems were detected.
In a bid to guard Australia’s systems against the threat of compromise, the AEC introduced monitoring through a dedicated security operations centre in the lead up to the May 18 ballot.
It follows what the agency has described as a worsening cyber environment in the years since the July 2016 election through events like Russia’s alleged cyber interference in the 2016 US election.
Many of these concerns stem from the ageing nature of the country’s system for election and roll management, which have been in place since the early 90s and are in dire need of replacement.
The short-term SOC capability was switched on in late March, just prior to Prime Minister Scott Morrison calling the election, with monitoring provided by Technical Security Services (TSS).
TSS, which is comprised of former government infosec specialists, was tasked with detecting any compromises – or compromise attempts – made against electoral systems in the lead up to, during and following the ballot.
At the time, the AEC said it was also working with the Australian Cyber Security Centre to maintain the security posture of its systems.
But following the return of writs late last month, an AEC spokesperson told iTnews that no successful compromises were detected."
“The AEC worked closely with our supplier of security monitoring services and other government agencies to monitor the AEC’s IT environment in the lead up to, and during, the 2019 federal election,” the electoral agency's spokesperson said.
“No successful cyber-attacks were detected by the AEC.”
That's a positive result, but the question still begs as to who might have tried to have had a poke around.
No dice. The AEC's spokesperson declined to answer questions from iTnews about whether any compromise attempts had taken place or how many had occurred.
While the systems are not critical to the vote count - Australians still use a pencil - the absence of a successful attack is a vote of confidence in the AEC’s preparation for the May 18 ballot.
Almost two years ago the agency, following speculation of Russia’s alleged cyber interference in the 2016 US election, the AEC began examining the resilience of it systems.
Other systems like the breach of the parliamentary computing network by a state-sponsored actor that also extended to the systems of the Liberal, Labor and National parties have not been so lucky.
It came in the wake of a parliamentary committee that found overdue AEC IT upgrades posed “unacceptable risks” to the integrity of the voting system and called on the government to fund an IT upgrade program.
The first steps towards that modernisation began last October, when the AEC outlined plans for a once-in-a-generation overhaul to ensure system integrity and protect against cyber-attacks.