Disinformation is a Cybersecurity Threat

Context: The frameworks, norms, and tactics created for cybersecurity is the optimum way to meet the threat of disinformation as both cyber and disinformation attacks warrant similar actions.  

Defining Cyber Attacks and Disinformation

• Cyber Attacks: Nefarious actors compromising confidentiality, the integrity and the availability of Information Technology (IT) systems for their benefit. 

Difference between Cyber Attacks and Disinformation

• Disinformation: An attack and compromise of cognitive being.

Threats from disinformation

• Cognitive hacking: With a goal to manipulate the way people perceive reality.
  • Create cognitive dissonance: By exploiting psychological vulnerabilities, perpetuating biases, and compromising logical and critical thinking.
  • Change the target audience’s thoughts and actions:  (either galvanise societies or disrupt harmony)
• Impact on critical infrastructure:
  • E.g. conspiracy theorists burned down 5G towers because they believed it caused the novel coronavirus pandemic.
• Potential to overthrow governments and changing society. e.g. QAnon spread false information claiming that the U.S. 2020 presidential election was fraudulent. 
• Create social engineering threats: disinformation campaigns play on emotions, giving cybercriminals another feasible method for scams.
• Threat to Cyber security: According to Neustar International Security Council (NISC), Cyber security professionals regard disinformation as very significant threats and call for stricter measures.
• Widen the divide between people: Through quality and highly targeted disinformation campaigns using deep fakes.

Way forward: To deal with disinformation attacks.

• Treating disinformation as a cyber security threat can help to find effective countermeasures to cognitive hacking.
• Quick learning and profound investment: e.g. Cyber security experts developed rigorous security frameworks, guidelines, standards, and best practices such as defense-in-depth and threat modelling
  • Defense-in-depth strategy: multiple, redundant defensive measures.
    • 1st step: Check Authenticity and provenance before disinformation gets posted.
    • 2nd step: If the 1st step fails and disinformation still gets detected using humans and artificial intelligence.
• Enhance coordination for responding to disinformation: A mechanism like Information Sharing and Analysis Centres (ISACs)  to share the identity, content, context, actions, and behaviours of actors.
• Provide Education to Public: Media education can make a big difference in understanding context, motivations, and challenging disinformation to reduce damage.
• Balance rights of speech with the dangers of disinformation.
• Enhance stability and security in the information space: By adhering to Paris Call for Trust and Security in Cyberspace.
• Eliminate terrorist and violent extremist content online: As mentioned in Christchurch Call to Action.