Cyber Threats to Canadian Federal Election: Emerging Threats, Assessment, and Mitigation Strategies

TL;DR

This paper conducts a comprehensive cyber threat assessment for Canada's 2025 federal election, identifying key threats like misinformation, infrastructure attacks, and espionage, and proposes mitigation strategies based on the NIST framework.

Contribution

It provides the first detailed national threat assessment for Canada's upcoming election, integrating emerging threats and mitigation strategies using established cybersecurity frameworks.

Findings

Identified three major threats: MDM campaigns, infrastructure attacks, espionage.

Analyzed threat capabilities, intent, and potential impact.

Proposed a multi-faceted mitigation approach for election security.

Abstract

As Canada prepares for the 2025 federal election, ensuring the integrity and security of the electoral process against cyber threats is crucial. Recent foreign interference in elections globally highlight the increasing sophistication of adversaries in exploiting technical and human vulnerabilities. Such vulnerabilities also exist in Canada's electoral system that relies on a complex network of IT systems, vendors, and personnel. To mitigate these vulnerabilities, a threat assessment is crucial to identify emerging threats, develop incident response capabilities, and build public trust and resilience against cyber threats. Therefore, this paper presents a comprehensive national cyber threat assessment, following the NIST Special Publication 800-30 framework, focusing on identifying and mitigating cybersecurity risks to the upcoming 2025 Canadian federal election. The research identifies three major threats: misinformation, disinformation, and malinformation (MDM) campaigns; attacks on critical infrastructure and election support systems; and espionage by malicious actors. Through detailed analysis, the assessment offers insights into the capabilities, intent, and potential impact of these threats. The paper also discusses emerging technologies and their influence on election security and proposes a multi-faceted approach to risk mitigation ahead of the election.