NCSC publishes updated guidance for those running in elections, and political parties with candidates
- Published on: 29 May 2024
- Last updated on: 12 April 2025
Focus is on raising awareness of cyber-threats to democratic processes and institutions, and to help prevent attacks on candidates and the parties they represent.
The 12 months from May 2024 will encompass local elections, European Parliament elections and a general election. In order to assist those who may be running in any of these, and political parties as organising bodies for those running, the National Cyber Security Centre (NCSC) has published an updated guide on cyber-security.
Cyber-attacks that target election candidates or organisations can be very damaging to the candidate themselves, the political party they represent, or to society’s overall trust in the democratic process. This guidance aims to raise awareness of cyber-threats to democratic processes and institutions, and to help prevent attacks on both organisations and individuals.
The advisory takes a high-level view of cyber-security issues which pose a risk to the security of the electoral process, and is not intended as a comprehensive guide for the overall security of an individual candidate, or political parties' data or systems. The publication includes guidance on: identity and access management policies; enhancing website security; prevent digital impersonation; educating constituents about misinformation; and preparing for ransomware and deepfake attacks.
Speaking on the publication on the guidance, the NCSC Director Richard Browne said:
"We work closely on an ongoing basis with the local authorities who have responsibility for the running of the elections, as well as the Electoral Commission, however we are also conscious of the impacts of any potential cyber-attack on the candidates themselves, or the parties they represent. It is vital that we guard against the potential for an attack at any point within the electoral cycle, and that we continue to raise awareness amongst those taking part in elections of the importance of strengthening the security and resilience of the ICT systems and devices they are using."
The guidance is available on the NCSC website.
Notes
National Cyber Security Centre (NCSC)
The National Cyber Security Centre (NCSC) was founded in 2011 and is an operational, cyber-security unit within the Department of the Environment, Climate and Communications.
The NCSC has three main roles. These are to:
- defend the State, including government and critical infrastructure, against cyber-security risks by monitoring, detecting and responding to cyber-security incidents, including large scale cyber security incident response
- build resilience across the State and society by providing guidance and advice to citizens and businesses on major cyber-security incidents, by applying a series of requirements on vendors, critical infrastructure operators and public bodies
- develop and maintain strong international relationships in the global cyber-security community for the purposes of information sharing and incident response coordination