With the regional elections in Catalonia just around the corner, Spain’s security chiefs are well aware that their focus must be on the internet. While the Catalan police force, the Mossos d’Esquadra, will be in charge of ensuring the smooth running of the December 21 vote on the ground, Spanish authorities are very concerned about the possible effects of fake news stories, bots, and hackers, all of which could influence the campaign and the vote itself.
“They could flood the internet with fake news, create alarm, influence the participation, attack websites, try to interfere with the counting center to slow down the vote count...,” explains one of these security chiefs about the possible threats, for which the government has been working on several contingency plans.
If this interfering has taken place in the past, it could be repeated again now
High-ranking state security chief
Spain’s National Cryptology Center (CCN), security firm Internet Incide and the National Center for Infrastructure Protection and Cybersecurity (CNPIC) – which reports to the secretary of state for security – will be the key organisms for prevention, control and reaction in the face of these potential threats. “We are aware that during the entire phase ahead of the [independence] process, in particular on October 1 [the day that the illegal referendum took place], and since then, there has been a series of groups and international collectives with powerful hackers, such as Anonymous and Julian Assange, that have collaborated with the independence process,” explains a high-ranking state security chief. “If this interference has taken place in the past, it could be repeated again now.”
A number of state security chiefs agree that avoiding a cyberattack “is practically impossible,” but that “detecting it, reacting and nimbly repairing the damage, as well as learning how to protect against another one,” is the key priority right now.
A cyberattack against a data center could slow down the vote count and generate doubts about the results
During the October 1 vote in Catalonia – which had been suspended and declared illegal by the Constitutional Court – officers from the Civil Guard worked to dismantle the digital infrastructure that had been put in place by the regional government to support the referendum, but “work to react to or prevent cyberattacks did not take place,” the same sources admit.
Here are the areas in which the authorities are working:
Fake news. Work is being done to create a fast-response system to combat hoaxes being distributed over the internet by bots in an attempt to spread disinformation and destabilize the campaign. “In this respect the media plays a fundamental role by not multiplying their effect,” the experts warn. “They [media outlets] can verify, cross-reference and clarify whether a news story is false so that it is not spread.” Fake news stories have a clear objective and are chosen to cause a specific effect, “such as boosting participation on the pro-independence side or abstention by the pro-Constitution side, or generating confrontation between parties.” It has been verified that “the bots from some of these collectives that have already interfered in the ‘process’ are very powerful and count on complex and very expensive support capable of reaching all of the population that is connected to the internet,” the same sources explain.
False alarms or controversies. Another way of interfering in or altering the campaign is via the creation of conflicts or tensions, “in a way that the entire electoral process is questioned, for example.” This could be by falsifying polls or surveys related to voter intention, for example.
Data center. A cyberattack against a data center could slow down the vote count and generate doubts about the results. The aim will be to protect against this as far as is possible in order to maintain the speed of the count achieved up until now in regional and national elections.
English version by Simon Hunter.