How INEC can forestall cyber assaults

The Electoral Act 2022, which set out a proposal to digitize Nigeria’s electoral course of, goals to enhance the integrity of elections within the nation. Nonetheless, elevated digitization makes each course of weak to cyber assaults. TEMITAYO JAIYEOLA explores how INEC’s enterprise into the digital age may open it as much as cyber assaults

All eyes are on Nigeria going to the polls subsequent month. The 2023 basic election can be the primary time the nation broadcasts election outcomes electronically. As laudable as this concept is, it comes with an accompanying menace – cyber assaults.

The mud on the elections in Ekiti and Osun states had not settled when the Chairman of the Unbiased Nationwide Electoral Fee, Professor Mahmood Yakubu, revealed that each elections have been topic to cyber assaults from all over the world.

He stated: “One other technical concern for us is the repeated makes an attempt to breach our cyber safety system for the portal. Our engineers reported a number of cyber assaults on the portal through the Ekiti and Osun governorship elections, a few of them from as distant as Asia. I’m glad to notice that all of them failed.”

Though the hackers have been unsuccessful, they raised new questions in regards to the electoral course of in Nigeria. The nation is not any stranger to questions in regards to the credibility of its electoral course of. The election course of within the nation may very well be in comparison with the wild west, which is characterised by violence, stealing ballots, shopping for votes, and many others.

The worsening safety state of affairs and widespread violence are giving Nigerians trigger for concern because the February 25 and March 11 election dates strategy. Nigerians would concern the potential of many issues through the 2023 elections, however the introduction of digital transmission eliminates the concern of a random individual hijacking the poll field.

Echoing this sentiment, the Administrative Secretary of INEC in Kaduna State, Muhammed Mashi, lately stated: “With the brand new electoral reform, Nigerians shall be shocked and pleased to see what is going to occur within the 2023 elections as a result of it is going to be clean and clear, free and honest. There shall be no query of inserting and stealing ballots, no voter can vote twice.”

It’s because Nigeria signed its Electoral Act in 2022, ushering within the period of digital transmission of outcomes, which political pundits would say will result in transparency within the course of. The Regulation is anticipated to scale back a few of the disparities associated to elections within the nation.

Hailing the passage of the invoice, Oyo State Deputy Governor, Bayo Lawal, stated: “Gone are the times of poll field hijacking, which is sort of important. Frequent sense is being launched now as events need to work arduous to make sure their candidates win the election as there is no such thing as a magic. Whenever you get accreditation, you vote and your votes shall be counted and that’s the hallmark of electoral transparency.”

Expectations are excessive and lots of think about the 2023 basic election to be a litmus check for the 2022 Electoral Act. Though the Regulation solved some issues with the electoral course of within the nation, it additionally raised new points.

Adopting some type of digitization for the upcoming basic election opens the method to cyber assaults. Cyber ​​assaults have been on the rise in recent times.

In 2022, the Nigerian Communications Fee monitored many cyber threats and issued advisories by way of its Laptop Safety Incident Response Heart.

In line with the NCC, Nigeria loses $500 million yearly to cyber assaults.

Not too long ago, the Senior Supervisor of Cyber ​​Threat Companies at Deloitte, Ms. Funmilola Odumuboni, stated {that a} cyber assault happens each 39 seconds and that cyber crime has elevated by nearly 300 p.c because the begin of the COVID-19 pandemic.

In 2020, Microsoft warned that the Russian navy intelligence unit that attacked the Democratic Nationwide Committee in 2016 was again, in preparation for the 2020 US election.

Whereas there have been no documented circumstances of US election tampering because of cyber assaults, there have been circumstances of profitable election hacks that gained entry to some election infrastructure.

INEC seems to pay attention to this and has devoted a part of its N117 billion election know-how price range to cyber safety programs to stop assaults.

The INEC chairman stated: “We’ve tasked our engineers to do every part potential to completely defend IReV and all our internet sources.”

The Chief Press Secretary to the Chairman of INEC, Rotimi Oyekanmi, added: “All servers anyplace on the planet are weak to assault by stray forces on the lookout for somebody to devour. Due to this fact, hacking makes an attempt should not unique to INEC.

“The fee has and may be very happy with its in-house laptop engineers who designed the Bimodal Voter Accreditation System and the INEC Outcomes Viewing Portal. They didn’t sleep; they know what’s at stake and are at all times prepared.

“Due to this fact, hackers can solely strive. They can not outsmart the committee. In the long run, he’ll solely get a bloody nostril. This was one of many the explanation why the fee launched a bimodal voter accreditation system for the 2023 basic elections.

Regardless of this, the Nigerian Laptop Society lately requested the Unbiased Nationwide Electoral Fee to arrange for cyber assaults through the 2023 elections.

Questions have been raised in regards to the nation’s readiness for digital transmission of outcomes as a result of availability/unavailability of community protection.

President, Cell Software program Answer, Chris Uwaje, a cyber options knowledgeable, argued that it’s unimaginable for anybody to evaluate INEC’s cyber preparedness from the surface.

He stated: “These points have been mentioned randomly. Earlier than truly passing judgment on INEC preparations, there are two issues that have to be explored.

“First, INEC would topic its infrastructure to skilled accreditation to see the compliance of their e-readiness. Each as INEC and naturally as outsiders, INEC can’t be a choose by its personal invitation. Professionals additionally can not emphasize the place of INEC with out entry to INEC infrastructure.”

He defined that within the digital environment there is no such thing as a infrastructure that can’t be hacked. He went on to state that man-made know-how will at all times be hacked as a result of there have to be a human within the center to make sure its performance. In line with him, INEC is a consumer of know-how, not a producer of know-how and should work with professionals.

Uwaje said, “What I’m saying is that the digital integrity of INEC deserves collaboration between the professionals and INEC, which is the consumer and never the producer of their gear.

“The integrity of the structure of the gear itself have to be checked, take a look at the again door that’s implanted or not. To view information streams and extra. That collective teamwork will create a assure that it may be hacked or not.

“In any case, somebody who’s a human being may need to hack INEC. And there can be somebody in protection who would defend this hacking. That is about processes. Whenever you discuss hacking, you discuss strengthening the method. Are the processes in keeping with INEC correctly arrange? Are the machines configured? Are the technical consultants as much as the order of the way it was finished?”

He famous that INEC is an election marketing campaign establishment and never a know-how firm and that it can not boldly say that its servers haven’t been hacked.

He added: “INEC can not beat its chest with out being a technological establishment that its servers can’t be hacked. Ordinarily, INEC needs to be led by those that present it with technological providers. INEC was not formulated to be a know-how firm.

“It’s loaded with all these features. INEC ought to handle the integrity of elections. There needs to be answer suppliers as one other company, which needs to be answerable for the know-how that helps INEC to carry out its features. I feel there have to be a regulation that makes it potential. There have to be one other company, one other fee, which is answerable for moral points in elections.

“INEC will conduct the elections and announce the outcomes. However then it can not do with out know-how. And since they don’t seem to be a know-how firm, they want technical providers as one other authorities physique that may be accountable for offering digital infrastructure to INEC. We’re actually at the place to begin of democratic achievement, from a technological perspective. Our legal guidelines have to be reviewed on how INEC is structured or restructured sooner or later.”

In line with Chief Know-how Officer, NJALO.NG, Chukwuemeka Orjiania, INEC has finished a superb job however ought to open its servers to moral hackers to attempt to expose any vulnerability.

He stated: “INEC ought to have resourced cyber safety consultants by now to attempt to hack the system. They need to enable folks to search out vulnerabilities of their system.

“Within the US, if you could find a vulnerability and switch it over to the FBI, the individual can be financially rewarded. They need to open up the system to permit folks to search out vulnerabilities. They might construct the system and check it themselves, however on the finish of the day hackers from China or Russia may shut down the system.

“Our programs run on outdated software program. How can anybody use a server operating PHP5.4 when even the FBI et al have said that something under PHP7.4 is weak and might be hijacked? We hope INEC has finished the correct factor.”

In line with ICT knowledgeable and Senior Companion of e86 Restricted, Olugbenga Odeyemi, the event of know-how within the nation will proceed to open alternatives for assault. He defined that INEC should put money into skilled manpower.

He stated: “Probably the greatest methods to stop such assaults is to imitate assaults by way of penetration testing and hacking. This can usually reveal holes within the system and permit for fast detection and fixes.

“Organizations should additionally put money into a well-trained and skilled workforce. Coaching and retraining are key elements in mitigating cyber safety dangers.”

A lot depends upon the 2023 basic elections and the flexibility of INEC to conduct honest and free elections. Many hope that the nation’s election choose will defeat any menace to a basic election.

Leave a Comment

Translate »