The 2022 Electoral Act, which set the motion for the digitalisation of Nigeria’s electoral process, is aimed at improving the integrity of elections in the country. However, increased digitalisation makes any process susceptible to cyberattacks.
TEMITAYO JAIYEOLA explores how INEC’s venture into the digital age might open it up to cyberattacks
All eyes are on Nigeria as it heads to the polls next month. The 2023 general elections would be the first time the country would be transmitting election results electronically. Laudable as this idea may be, it comes with an attendant threat- cyberattacks.
The dust on the Ekiti and Osun States’ elections had not settled when the Chairman of the Independent National Electoral Commission, Prof Mahmood Yakubu, revealed that both elections had been subjects of cyberattacks from across the world.
He said, “Another technical concern for us is the repeated attempts to break through our cyber security system for the portal. Our engineers reported several cyberattacks on the portal during the Ekiti and Osun governorship elections, some of them from as far as Asia. I am glad to note that all of them failed.”
While the hackers were not successful, they raised new questions regarding the election process in Nigeria. The country is not alien to questions concerning the credibility of its electioneering process. The country’s electioneering process could be likened to the wild-wild West, characterised by violence, ballot snatching, vote buying, etc.
The worsening security situation and widespread violence give Nigerians reasons to be worried as the February 25 and March 11 dates for the elections draw closer. Nigerians would fear the possibility of many things during the 2023 elections, but the introduction of electronic transmission of eliminates the fear of a random person snatching the ballot box.
Echoing this sentiment, the INEC Administrative Secretary in Kaduna State, Muhammed Mashi, recently said, “With the new electoral reform Nigerians will be surprised and happy to see what will happen in the 2023 election because it will be smooth and transparent, free and fair. Issue of ballot stuffing and snatching will not happen, and no voter can vote twice.”
This is because, in 2022, Nigeria signed its Electoral Act into law, ushering in an era of electronic transmission of results, which is political pundits would engender transparency in the process. The Act is expected to curtail some of the discrepancies associated with the country’s elections.
Commending the passage of the Act, the Deputy Governor of Oyo State, Bayo Lawal, said, “Gone are the days of ballot box snatching, which is quite significant. Sanity is being introduced now because parties must work hard to make sure their candidates win the election as there is no magic. As you get accredited, you vote and your votes will count and that is the hallmark of electoral transparency.”
Expectations are high and many consider the 2023 general elections a litmus test for the 2022 Electoral Act. While the Act has solved some problems with the country’s electioneering process, it has also raised new questions.
The adoption of some form of digitisation for the forthcoming general elections opens the process up for cyberattacks. Cyberattacks have risen tremendously in recent years.
In 2022, the Nigerian Communications Commission tracked many cyber threats and issued advisories through its Centre for Computer Security Incident Response.
According to the NCC, Nigeria loses $500m to cyberattacks yearly.
Recently, the Senior Manager of Cyber Risk Services at Deloitte, Ms Funmilola Odumuboni, said a cyberattack occurs every 39 seconds, and cybercrimes increased by nearly 300 per cent since the onset of the COVID-19 pandemic.
In 2020, Microsoft warned that a Russian military intelligence unit that attacked the Democratic National Committee in 2016 was back, in preparation for the US 2020 elections.
While there have not been any documented cases of election tampering in the US as a result of a cyberattack, there have been documented cases of successful election hacks that gained access to some election infrastructure.
INEC seems to be conscious of this and has devoted part of its N117bn electoral technologies budget to cyber security systems to ward off attacks.
The INEC chairman said, “We have tasked our engineers to do everything possible to fully protect the IReV and all our web resources.”
The Chief Press Secretary to the INEC chairman, Rotimi Oyekanmi, added, “All servers anywhere in the world are susceptible to attacks by errant forces looking for whom to devour. Therefore, hacking attempts are not exclusive to INEC.
“The commission has and is very proud of its in-house computer engineers who designed the Bimodal Voter Accreditation System and the INEC Result Viewing Portal. They have not been sleeping; they know what is at stake and they are always prepared.
“Therefore, hackers can only try. They cannot outsmart the commission. They will only end up getting a bloodied nose. This was one of the reasons why the commission introduced the Bimodal Voter Accreditation System for the 2023 general election.”
Despite this, the Nigeria Computer Society recently asked the Independent National Electoral Commission to prepare for cyberattacks during the 2023 elections.
Questions have been asked about the country’s readiness for the electronic transmission of results due to the availability/unavailability of network coverage.
Chairman, Mobile Software Solution, Chris Uwaje, a cyber solutions expert, claimed it was impossible for anyone to judge INEC’s cyber readiness from the outside.
He said, “These issues have been randomly discussed. Before one can really make a judgment of preparation for INEC, there are two things that have to be explored.
“First, INEC would subject its infrastructure to professional accreditation so that one would see the compliance of their e-readiness. Both as INEC and of course external people, INEC cannot be a judge on its own call. Professionals cannot also be accentuating the position of INEC without having the access to INEC infrastructure.”
He explained there was no infrastructure in the digital atmosphere that is not hackable. He further stated that man-made technology would always be hackable since there must be a man in the middle to ensure its functionality. According to him, INEC is a user of technology not a producer of tech and must collaborate with professionals.
Uwaje stated, “What I am saying is that the digital integrity of INEC deserves a collaboration between professionals and INEC, who is a user and not the manufacturers of their equipment.
“There has to be an integrity check of the equipment architecture itself, look at the back door that has been implanted or not. To look at the data streams, and more. It is this collaborative teamwork that will create an assurance of the guarantee that it is hackable or not.
“At the end of the day, somebody who is a human being might want to hack INEC. And there would also be someone on the defence who would defend this hacking. This is about processes. When you talk about hacking, you talk about the fortification of processes. Are the processes under INEC set right? Are the machines been configured? Are the technical experts up to the sequence of that been done?”
He noted that INEC is an electioneering institution and not a tech company and cannot boldly state its servers were not hackable.
He added, “INEC cannot beat its chest without being a technology institution that its servers cannot be hacked. Ordinarily, INEC should be guided by those who provide the technology service to it. INEC is not formulated to be a tech company.
“It is encumbered with all these functions. INEC is to govern the integrity of elections. There should be solution providers as another agency, that should be in charge of the technology that supports INEC to carry out its functions. I think there has to be an enabling law. There has to be another agency, another commission, that is in charge of ethical issues in elections.
“INEC is to conduct elections and release the results. But then, it cannot do that without technology. And because they are not a tech company, they need tech services as another government organ that would be responsible for digital infrastructure provision to INEC. We are really at the starting point of democratic attainment, from the technological point of view. Our laws have to be revisited on how INEC is structured or restructured in the future.”
According to the Chief Technology Officer, NJALO.NG, Chukwuemeka Orjiani, INEC has done a good job but it should open its servers for ethical hackers to try to expose any vulnerability.
He said, “INEC should by now have resourced cybersecurity experts to try to hack the system. They should let people find vulnerabilities in their system.
“In the US, if you can find a vulnerability and you submit it to the FBI, the person would be rewarded financially. They should open up the system to allow people to find vulnerabilities. They would build a system and test it by themselves, but at the end of the day, hackers from China or Russia might be able to shut down the system.
“Our systems are operating on outdated software. How can anyone be using a server that is using PHP5.4 when even the FBI and co have stated that anything below PHP7.4 is vulnerable and can be hijacked? Hopefully, INEC has done the right thing.”
According to an ICT expert and Senior Partner of e86 Limited, Olugbenga Odeyemi, the growth of technology in the country would continue to open up opportunities for attack. He explained that INEC must invest in experienced manpower.
He said, “One of the best ways to prevent such attacks is to mimic the attacks via penetration testing and white-hat hacking. This will often expose loopholes within the system and allow for quick detection and fixes.
“Organisations must also invest in well-trained and experienced manpower. Training and retraining are key factors in mitigating cybersecurity risks.”
There is a lot riding on the 2023 general elections and INEC’s ability to deliver a fair and free election. Many hope that the country’s election umpire would defeat any threat to the general elections.