Russia’s extensive use of Facebook and Twitter to sow discord during the 2016 presidential campaign has made clear that both public and private sector cybersecurity programs are poorly equipped to identify foreign influence operations. Government agencies and corporations focus primarily on defending against cyber attacks that target their technical infrastructure, often at the expense of detecting cyber-based influence operations that seek to shape beliefs. By searching for malware that could damage their networks, they are missing malicious messages that damage our nation.
It is imperative that we differentiate between technical attacks targeting cyber infrastructure and influence operations using cyber infrastructure. The former penetrates networks to either steal information or produce malicious effects on a network. The latter employs cyber infrastructure to deliver political or sociological messages to produce a desired effect in the public discourse. By focusing on technical cyber attacks – which hold data at risk and undermine confidence in the ability to conduct business online – the U.S. government, the media, and the public typically miss signs of influence operations.
Influence operations obscure truths, exacerbate rifts in the public discourse, and undermine the ability of public officials to conduct diplomacy and craft policy. To defend against hostile messages as well as technical attacks, this paper will illustrate why both government agencies and private companies must:
- Differentiate between cyber attacks and influence operations;
- Encourage collaboration between information security officials who can see signs of an attack and foreign affairs experts who understand foreign adversaries’ intentions;
- Promote engagement between government, industry, academia, and the media that enhances their collective ability to identify influence operations and to educate the public on their adverse impact; and
- Make use of artificial intelligence and machine learning (AI/ML) to identify malicious messages contained in the bits and bytes that cross an organization’s cyber infrastructure.