A report by the Commons public administration and constitutional affairs committee (PACAC) said MPs were deeply concerned about the allegations of foreign interference in last year’s Brexit vote.
The committee does not identify who may have been responsible, but has noted that both Russia and China use an approach to cyber-attacks based on an understanding of mass psychology and of how to exploit individuals.
The findings follow repeated claims that Russia has been involved in trying to influence the US and French presidential elections.
Ministers were forced to extend the deadline to register to vote in the EU referendum after the collapse of the government’s website on 7 June, 100 minutes before the deadline.
The collapse resulted in concerns that tens of thousands of people could have been disenfranchised.
At the time, the government said it was the result of an unprecedented spike in demand, with more than 500,000 people trying to register on the final day.
The report, published on Wednesday, said there were clues that a distributed denial of service attack (DDOS) using botnets – a network of computers infected with malicious software – was used to overwhelm the site.
“The crash had indications of being a DDOS ‘attack’. We understand that this is very common and easy to do with botnets... The key indicants are timing and relative volume rate,” the committee’s report said.
While the incident had no material effect on the outcome of the referendum, the committee said it was crucial that lessons were learned for future votes that must extend beyond purely technical issues.
The report noted: “The US and UK understanding of ‘cyber’ is predominantly technical and computer network-based.
“For example, Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals.
“The implications of this different understanding of cyber-attack, as purely technical or as reaching beyond the digital to influence public opinion, for the interference in elections and referendums are clear.
“PACAC is deeply concerned about these allegations about foreign interference,” the report concluded.
Britain is being hit by dozens of cyber-attacks a month, including attempts by Russian state-sponsored hackers to steal defence and foreign policy secrets, GCHQ’s new security chief, Ciaran Martin, said in February.
The chancellor, Philip Hammond, said the National Cyber Security Centre, which Martin heads, had blocked 34,550 “potential attacks” on government departments and members of the public in the six months to February – about 200 cases a day.
The committee, which is chaired by the senior backbencher Bernard Jenkin, was also highly critical of the way David Cameron held the referendum to “call the bluff” of his critics and then resigned when he lost.
It said that in future referendums, the prime minister of the day should be prepared to carry on in office and to implement the result, whatever the outcome.
“There was no proper planning for a leave vote so the EU referendum opened up much new controversy and left the prime minister’s credibility destroyed,” it said.
“It should be reasonable to presume that the sitting prime minister and his/her administration will continue in office and take responsibility for the referendum result in either eventuality.”
According to the report, there were many occasions in the run up to the vote when it appeared officials were being drawn into “referendum controversy”, damaging the civil service’s reputation for impartiality.
A Cabinet Office spokeswoman said there was no evidence to support the committee’s claim of possible interference from foreign governments.
“We have been very clear about the cause of the website outage in June 2016. It was due to a spike in users just before the registration deadline. There is no evidence to suggest malign intervention,” she said.
“We conducted a full review into the outage and have applied the lessons learned. We will ensure these are applied for all future polls and online services.”
Author: Rajeev Syal