The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to critical infrastructure organizations about the threat of foreign influence operations.
Malicious actors use a range of tactics to shape public opinion in targeted countries and undermine trust in critical infrastructure. These tactics can amplify division and sow discord, and typically involve the distribution of misinformation, disinformation, and malinformation (MDM). These actions can have a destabilizing effect and are often combined with cyberattacks, which threaten the security of the targeted countries, foment unrest, and have the potential to disrupt markets.
These tactics are nothing new. Historically, propaganda has been extensively disseminated to achieve these aims, but the evolution of technology, communications, and networked systems has created many new opportunities for malicious actors.
“A single MDM narrative can seem innocuous, but when promoted consistently, to targeted audiences, and reinforced by peers and individuals with influence, it can have compounding effects,” explained CISA. This is especially true when targeting National Critical Functions (NCF) and critical infrastructure.
Tensions between Russia and Ukraine have been building in recent weeks, and now that Russia has invaded Ukrainian territory, Russia will soon face a barrage of sanctions and there are fears that foreign influence operations will be conducted in response. CISA warned that the infrastructure is already set up and can be rapidly put into action to target U.S. organizations and critical infrastructure and undermine U.S. interests and authorities. Foreign actors have previously used influence operations to target U.S. audiences to impact critical functions and services across multiple sectors. When these activities are coupled with cyberattacks, foreign actors can derive content, create confusion, heighten anxieties, and distract from other events.
The guidance document is intended to raise awareness of the risk of foreign influence operations that leverage social media and other online platforms and includes recommendations on the steps that can be taken – internally and externally – to coordinate information sharing and communicate accurate and trusted information to improve resilience.
All organizations should evaluate previous MDM narratives against their respective sectors, learn about how and where stakeholders and customers receive information, map key stakeholders and how best to communicate with them, and consider how communication channels could be used to identify and respond to MDM activity. It is also important to monitor for any changes to online activity related to the organization and sector and to be wary of any sudden increases in tags, followers, searches, or high volumes of inquiries.
Potential vulnerabilities should be identified which could be exploited by foreign actors in MDM campaigns, especially any areas where there is often confusion about the sector and operations. Employees should be taught how to secure their social media accounts and the importance of using multi-factor authentication on all social media accounts and carefully reviewing privacy settings on the platforms. Email accounts are often targeted, so all employees should be vigilant for phishing emails. It is beneficial to provide training on email best practices and how to identify phishing emails.
CISA also recommends establishing clear communication channels with stakeholders and engaging in proactive communication with constituents, stakeholders, and/or the community. It is also important to develop an incident response plan as this will ensure a rapid response is possible in the event of an MDM campaign to limit the harm caused. CISA recommends adopting the TRUST model for incident response: Tell your story, Ready your team, Understand and assess, Strategize your response, and Track the outcomes.