IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Tory party delays leadership selection over hacking fears

The Conservatives have also been forced to abandon plans to allow members to change their vote later in the contest

Britain’s Conservative Party has reportedly delayed its leadership selection process after GCHQ warned that hackers might be able to change people’s ballots.

The party is currently choosing the next leader of the country after prime minister Boris Johnson resigned from its leadership last month. After narrowing down the candidates, around 160,000 Conservative Party members, approximately 0.3% of the country’s electorate, are set to elect either Liz Truss or Rishi Sunak as the UK’s prime minister.

The spy agency didn’t include a specific threat from a hostile state, and the advice was more general about the voting process and its vulnerabilities, according to The Telegraph.

Following the concerns, Britain’s ruling party has been forced to abandon plans to allow members to change their vote for the next leader later in the contest.

“Defending UK democratic and electoral processes is a priority for the NCSC and we work closely with all Parliamentary political parties, local authorities, and MPs to provide cyber security guidance and support,” a spokesperson from the National Cyber Security Centre (NCSC), which is part of GCHQ, told IT Pro. “As you would expect from the UK’s national cyber security authority we provided advice to the Conservative Party on security considerations for online leadership voting.”   

Postal ballots are also yet to be issued to party members, which could arrive as late as 11 August and were reportedly meant to be sent out on Monday.

“We have consulted with the NCSC throughout this process and have decided to enhance security around the ballot process. Eligible members will start receiving ballot packs this week," a Conservative Party spokesperson told IT Pro.

Professor Steve Schneider, director of the Surrey Centre for Cyber Security, agrees with the decision to not allow revoting, for cyber security reasons.

“I think a significant concern with the proposal to allow revoting will have been that the voting credentials remain live right up to the end of the election. This exposes the election to a much greater risk of attack than if credentials can only be used once,” Schneider said to IT Pro. “It provides longer for adversaries to obtain (e.g. through hacking) the credentials to be able to cast votes. It also provides adversaries with the ability to use such credentials to switch votes close to the end of the election. “

Schneider added that it also means that if a voter is not planning to vote again then they have to securely dispose of, or shred, their credentials, and there’s a risk that not all voters will recognise this.

“But some may just put them in the rubbish, making it possible for them to be retrieved and reused,” underlined the professor. “Not allowing revoting means that once a vote has been cast then the credentials are “spent” and have no further use. They cannot be reused so secure disposal is not a significant concern.”

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

UK government puts Online Safety Bill 'on ice'
Policy & legislation

UK government puts Online Safety Bill 'on ice'

14 Jul 2022
Oracle to build sovereign cloud regions in the EU for 2023
data governance

Oracle to build sovereign cloud regions in the EU for 2023

12 Jul 2022
Online Safety Bill: Messaging apps 'forced to scan messages' for child abuse content in fresh amendment
Policy & legislation

Online Safety Bill: Messaging apps 'forced to scan messages' for child abuse content in fresh amendment

6 Jul 2022
UK signs first post-Brexit data pact with South Korea
data management

UK signs first post-Brexit data pact with South Korea

6 Jul 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Google is now spending a staggering amount on blockchain
Business strategy

Google is now spending a staggering amount on blockchain

17 Aug 2022
UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022