close
close
Comelec to prepare for ‘incident’ on Election Day 2025

Comelec to prepare for ‘incident’ on Election Day 2025

In an interview at the height of the Crowdstrike incident, I noted that a number of international and local companies turned to Crowdstrike, an outsourced cybersecurity service, to “stay ahead of today’s adversaries and prevent breaches.” (https://www.crowdstrike.com/about-us/) But according to Crowdstrike, the incident is neither a cybersecurity incident nor a cyberattack.

For a business continuity planner, the Crowdstrike shopping cart was a single point of failure.

At the time of writing, a significant portion of the 8.5 million devices Microsoft says were affected are back online.

The Crowdstrike incident is reminiscent of the seven-hour outage that occurred during the 2019 election. The outage was essentially a data blackout that lasted approximately seven hours as polling stations pushed out election results, which were received by the Transparency Server, the Central Server, and the various Canvassing and Consolidation System (CCS) servers. The Transparency Server was supposed to push the received election results to designated recipients at regular intervals, but nothing was sent.

As in previous elections using the Automated Election System (AES), designated parties and groups received electronic copies of the election results from the transparency server, tallied the election results, and made periodic announcements to the public about the progress of the vote count. The vote count was unofficial, but kept the public informed.



The lack of any action by the Commission on Elections (Comelec) during the seven-hour period raised public concerns, despite assurances that the CCS was functioning uninterruptedly and producing the official vote count.

The saying “If something can go wrong, it will” proves instructive. Because when something does go wrong, organizations are better prepared to respond. Incidents like the Crowdstrike problem and the seven-hour outage highlight the need for a well-thought-out incident response plan.

What happens if an incident occurs on May 12, 2025, Election Day?

Preparation is key. Comelec must identify possible points of failure in the AES that will be used for the 2025 national, local and BARMM elections and be ready with the processes that will be taken to address each type of failure.

As seen in previous elections where the AES was used, Comelec had prepared backup memory cards and vote counting machines, which were deployed in technical hubs. The same will be done for the 2025 elections, but Comelec plans to set up support hubs at the provincial level to respond more quickly to incidents.

However, incident response should not only focus on replacing defective memory cards or machines or resolving problems on the spot. Incident response is a mix of technical and non-technical processes. One of the non-technical processes is communication with affected voters and other parties and groups. The polling station should train the members of the election commissions (ECs) to communicate with the voters, poll observers and observers about the incident. In this regard, it would be good if Comelec could prepare scripts consisting of official statements covering each type of incident or malfunction, which can be issued from time to time by the ECs while they wait for the arrival of the replacement memory card or machine or the resolution of the problem.

The committees of tellers at all levels of counting and consolidation must also be able to respond to incidents should they occur at a counting point.

What if an incident that did occur had an impact on a national scale? What might that incident be? As previously stated, the Crowdstrike basket was the single point of failure in the global blue screen of death incidents. In the case of the 2025 AES, the single point of failure is the Secure Electronic Transmission System (SETS).

The SETS is an integration of the telecommunications services of the telecommunications providers, including satellite providers, into a single transmission network. The critical question that needs to be asked is: How will the SETS provider guarantee the resilience of the transmission network, especially on the day of the election and the days after, when the election results are consulted and consolidated?

At this point in the AES 2025 preparations, a vulnerability assessment of the network and various devices, including automated teller machines, memory cards, canvassing equipment, network devices, and other components, should be performed. The vulnerability assessment will help identify weaknesses and potential points of failure in the AES network.

As mentioned earlier, preparation is essential for a well-planned incident response process, which includes both technical and non-technical processes.

The output of the vulnerability assessment should include a list of system weaknesses and potential points of failure in each part of the network. Measures should be taken to address the system weaknesses to possibly remove them or, if not, devise solutions to harden them. Despite implementing solutions to harden vulnerabilities, failures may still occur during the operation of the network. Both technical and non-technical processes that will address the failure should be established and election staff, including members of the electoral boards and canvassers’ boards, should be trained in the non-technical processes.

The main purpose of the incident response process is not only to resolve technical issues that may arise, but also to keep voters, polling station observers, observers and other stakeholders in the election informed.