NUR-SULTAN – The Central Election Commission (CEC) investigation did not find any evidence of possible data leaks in posting on foreign servers, said the Centre for Analysis and Investigation of Cyber Attacks in an Aug. 9 release. The Ministry of Internal Affairs will continue checking.
“The Central Election Commission conducted an official investigation into the facts about the threat of the spread of personal data of citizens-voters in a public field. According to the results of the investigation, attempts of unauthorised access to the servers of the Central Electoral Commission, which could lead to the leak of confidential information, were not detected,” according to the CEC official statement.
Since 2005, CEC subordinate organisation RSE Engineering and Technical Centre has created, administered and operated the commission’s information and communication electoral infrastructure, including a single electronic register of citizens-voters. The unified register is located on the CEC servers, which provide all information protection measures and do not have external connections, including to the Internet. Data leakage from the CEC servers, therefore, is not possible, said the report.
At the same time, the report determined a development server used by CEC’s ITC contracting firm to improve the functionality of the information-analytical system could have served as a data compromise source. The results of the internal investigation, as well as materials relating to the range of activities conducted by the contracting organisation, were transferred to authorised bodies. Active assistance is being provided to recreate all the circumstances of the incident as part of the ministry’s pre-trail investigation.
In addition to commenting on the investigation, the CEC also described earlier measures addressing data security. Comprehensive audits of information systems, external and internal testing, analysis and assessment of risks associated with security threats were conducted in February and June.