The Ministry of Home Affairs (MHA), the Cyber Security Agency of Singapore (CSA) and the Elections Department (ELD) have issued advisories on the Election Department website to caution political parties and candidates about the threat of foreign interference in elections and cybersecurity risks.

Singapore not immune to foreign interference

Foreign interference in elections refers to attempts by foreign actors, such as countries, agencies, and people, to assert influence over elections in a sovereign state.

Citing the U.S. Presidential Elections in 2016 and French Presidential Elections in 2017 as examples of foreign interference in overseas elections, the authorities said that Singapore is "not immune" and has to guard against foreign interference in the upcoming general election, which has to be held by April 2021.

Foreign actors often employ "covert and subversive" methods to achieve their desired political outcomes, but "Singapore politics should be decided by Singaporeans alone", MHA said in the advisory.

The methods employed to influence electorate's voting behaviour include spreading disinformation, amplifying sentiments that are useful to foreign actors' agenda with fake accounts, trolls and bots, as well as funding and cultivating relationships with political parties or candidates.

Precautionary measures against foreign interference

MHA and ELD urged political parties to enhance their understanding of the threat and improve the digital literacy of their members to guard against foreign interference.

Political parties should avoid sharing or forwarding unverified articles, messages or other social media posts, monitor their social media platforms for any suspicious or anomalous activity, and abide by the Political Donations Act 2000 and its Regulations.

Cybersecurity risks

The joint news release also highlighted instances of malicious cyber activities that can undermine the electorates’ confidence in the election processes.

Political parties and candidates are responsible for their own cybersecurity and should take precautionary measures to protect their assets and online presence, CSA said.

This includes all IT infrastructure including any smartphone, computer and computing device, online and social media assets, as well as data storage and management, the advisory added.

CSA pointed out three types of cybersecurity risks that pose a threat to overseas elections.

One method involves website defacement, whereby a threat actor gains access to the official website to post graphic images or misleading and false information.

Another cybersecurity threat is by causing service disruption or denying legitimate users access through Distributed Denial of Service (DDoS).

Besides affecting traffic to the website, DDoS can also be employed to steal data or leak data onto the Internet.

Political parties should also be careful of ransomware, which is a type of malicious software designed to hold a victim's files or deny access to a computer system until a ransom is paid.

Ransomware is typically carried out via phishing emails and malicious advertisements.

CSA also cautioned political parties against data theft/breach as the threat actor could publish or sell the stolen data to cause reputational damage or launch more attacks if other account numbers and passwords are stolen.

Precautionary measures against cybersecurity risks

To safeguard their cybersecurity, CSA advised political parties to appoint a person to take charge of their party's cybersecurity matters and to consider appointing a professional cybersecurity vendor to review and manage their digital assets and data.

This can ensure any network or system vulnerabilities can be addressed timely and to establish a management or response plan in the event of a cyberattack.

Political candidates are reminded to practise good cyber hygiene, such as installing anti-virus protection, using strong passwords and two-factor authentication for devices and social media accounts and looking out for any unusual activities.

Should any political parties or candidates detect any signs of foreign interference during the general election or suspect their accounts or systems have been compromised, they should lodge a police report immediately and inform the ELD.

Top photo via Pixabay