Working together to promote secure elections
Various Google products and special training programs are helping people in the political arena protect sensitive data. Why working in partnership and sharing knowledge with political organizations also played an important role in Germany’s election year – and how Google experts assess cyber security threats
An official-looking set of emails was sent to the private email addresses of 7 members of the German Bundestag and 31 members of regional parliaments. However, they turned out to be phishing messages that had been sent in order to steal politicians’ passwords, access sensitive information or hack into other accounts. This incident, which was reported by Reuters at the end of March 2021, is by no means the first cyber-attack on elected officials – and it will probably not be the last.
“We’re recording increased levels of threat,” explains Arne Schönbohm, President of the German Federal Office for Information Security Technology (BSI). Arne Schönbohm believes the threat was higher in 2021 – the year of Germany's "super election" – than in any other year. This was in part due to the coronavirus pandemic. “Digitalization is moving at a rapid pace in Germany. And this means we need to raise awareness about data security risks more than ever,” says Arne Schönbohm. Even though this affects all citizens in general, people working in politics are particularly at risk because they are prominent public figures who have access to sensitive information. Mr. Schönbohm explains that the most common threats to politicians are disinformation campaigns, cyberstalking, targeted phishing, hacking and identity theft.
“We’re recording increased levels of threat.”
Arne Schönbohm, President of the German Federal Office for Information Security Technology (BSI)
Camille Stewart agrees with Mr. Schönbohm’s assessment of the situation. Camille was previously responsible for cyber policy and cyber diplomacy at the U.S. Department of Homeland Security during Barack Obama's presidency and is now responsible for global product security strategy at Google. “Politicians, their teams, media professionals and non-governmental organizations all around the world are facing higher levels of threat,” Camille explains. She believes that the resulting dangers extend far beyond individuals in the political establishment. “When malicious operators acquire confidential information, they don’t only violate their victims’ privacy, but endanger national security and democracy as a whole. Cyber security must be a top priority for those who are active in the political arena.”
“Cyber security must be a top priority for those who are active in the political arena.”
Camille Stewart, Global Head of Product Security Strategy at Google
Dr. Michael Littger focuses all his energy on achieving this goal in Germany. He is the Managing Director of the non-profit organization Deutschland sicher im Netz (DsiN), which helps citizens and companies operate safely and confidently in the digital world. DsiN is running an initiative called PolisiN” which aims to support people working in politics at a federal, regional and local level. “Our teams hold training sessions for larger political bodies as well as for individual politicians,” Dr. Littger explains. He and his trainers at DsiN have determined that people working in politics have roughly the same level of knowledge and risk awareness as the general population. He thinks it is particularly important that the PolisiN initiative also reaches local and regional politicians who are usually not as well protected by IT infrastructure as, for example, their counterparts at the Bundestag.
“It’s so important to be able to deal with suspicious emails quickly, especially during the very busy times leading up to elections.”
Dr. Michael Littger, Managing Director of Deutschland sicher im Netz
“We explain how specific behaviors can allow people to use helpful digital technologies more securely,” Dr. Littger explains, referring to the workshops run by the DsiN which focus on very common everyday risks. The course content includes information on protecting user accounts, phishing, encryption, privacy and security settings. Suspicious emails are a particularly big problem, as Dr. Littger explains: “It’s so important to be able to deal with suspicious emails quickly, especially during the very busy times leading up to elections. A number of employees accessing the same social media or user account can also be risky.”
DsiN is supported in its work by a number of organizations, including the Google Safety Engineering Center (GSEC). Google is a member of the association and is involved in the PolisiN initiative. “Collaborations and partnerships like this underpin our commitment to greater online security in Germany,” explains Dr. Marek Jansen, who is a member of Google Germany’s public policy team and responsible for all data protection and data security issues. In addition to the DsiN, the GSEC in Munich runs training courses in partnership with TÜV SÜD and the publishing house Der Tagesspiegel. Google and Der Tagesspiegel have worked together to create a series of cyber safety events called “Digital auf Nummer sicher!” (“Keeping Safe Online”). Google experts also continually share technical information with the German Federal Office for Information Security Technology (Bundesamt für Sicherheit in der Informationstechnik, BSI), including information about new digital threats. BSI President Arne Schönbohm stresses the importance of “sharing information with Google and other platform operators.”
“Collaborations and partnerships like this underpin our commitment to greater online security in Germany.”
Dr. Marek Jansen, Data Governance Manager at Google Germany
“As well as collaborating and sharing information with various organizations and the authorities, we also provided support with our own services throughout Germany’s election year,” Dr. Marek Jansen continues. GSEC has developed specialized online cyber security training courses aimed specifically at politicians and their teams. Among other things, course participants learn how to use two-factor authentication using physical security keys, which comply with the FIDO2 standard. They also learn about Google’s Advanced Protection Program, which protects users from phishing attacks, and how to use Google Search and YouTube more securely during election campaigns. “As in previous elections, we also supported the democratic processes surrounding the 2021 German federal election,” Dr. Jansen explains. “We’ve consolidated our services for voters and provided a wider range of services for politicians and the media on a centralized website at https://wahlen2021.withgoogle.com/."
All Google products are protected using advanced technologies, which are driven by artificial intelligence. Solutions such as safe browsing technology in Chrome and most other browsers are helping prevent more than four billion devices every day from visiting malicious websites or downloading malicious apps. Furthermore, Gmail blocks more than 100 million phishing attempts and more than 15 billion spam messages every day. In addition to these standard safeguards, Google recommends that politicians and other vulnerable groups use two-factor authentication using physical security keys and Google’s Advanced Protection Program. This program automatically activates additional layers to increase protection against targeted attacks and requires the use of a security key. This provides a particularly effective defense against phishing attacks and prevents malicious parties from gaining unauthorized access to accounts and personal data. It also provides additional security against malicious downloads, which are often used to disseminate malware.
“The Advanced Protection Program is one of Google’s most powerful solutions for protecting user accounts,” Camille Stewart explains. “It’s being constantly updated to adapt to new threats.” As a highly experienced security expert, Camille recommends regularly checking security settings and passwords as well as strengthening them and managing them with a secure password manager. Users with a Google account can also use Google Security Checkup and Google Password Manager. The latter is built directly into Chrome, Android and Chrome for iOS. It enables users to create strong passwords, manage them securely and use them automatically.
BSI President Arne Schönbohm believes that cyber-attacks on German politicians could still happen in the time leading up to the Bundestag elections. “We're prepared for it,” he says. However, his agency focuses primarily on prevention by providing educational material and informational events with parliamentary members. “Prevention is cheaper and more efficient than cure when it comes to cyber security.”
Photos: Getty Images, BSI, Google, Constantin Mirbach, Andi Weiland, Simon Nagel, Sima Dehgani