4 minute read
THE SIAMESE TWINS OF INFORMATION AND CYBER - VULNERABLE AND ALMOST INSEPARABLE
Cyber infrastructure is in many ways inseparable from its content. Damage to either one may result in the failure of the whole system. The Information domain is in many ways the more vulnerable of the two due to its fuzziness and unclarity. Recent developments have shown that improving preparedness in one area has moved attackers’ attention to the other. National actions are seldom enough when trying to protect our information and cyber spaces.
ELECTIONS AS A CASE
Advertisement
Tactics of grand scale information operations seem to change. This is evident when we analyse what has been happening around election campaigns. Interference has caused problems for democratic processes for a long time. However, it was Russian meddling with the U.S. and French elections that raised this as a concern for Western democracies.
Democratic countries tend to be slow to act, if there is no imminent threat looming. Luckily, election security protection was something that nations prioritised, e.g. Prior to its parliamentary elections, EU announced concrete measures in order to strengthen the resilience of the Union’s democratic systems #2. In Finland, the Ministry of Justice took Finnish parliamentary election security to the Security Committee and following its advice established a cross-government task force. It focused on informing the public, political actors, civil servants and media about the threats. In addition, the group analysed co-operation between different authorities. Based on the final report recommendations, several steps have been taken or are in the making. Finland is only one example, several countries have improved their processes and regulations.
MOVING TARGETS, CHANGING TACTICS
The Increased efforts to protect voting have been successful, judging by election security reports, e.g. the Finnish report boldly says
and further “Major attempts to interfere with the elections were not detected” #3 . We can see how in Western Europe, the public outcry on foreign meddling has quieted down. It is even possible that even the attempts to distort are few and within long intervals. There are couple of explanations why potential troublemakers would change their behaviour. Many of the items in the list below are linked to each other.
Firstly, election interference might be “out of fashion” in the meddling business. Hostile actors create new plots to shake democracies.
Secondly, nations’ efforts to counter interference are actually working and it is more difficult to rig improved systems.
Thirdly, the public attention of the election system has caused amateur hackers to shy away.
Lastly, the risk-reward ratio for adversaries has changed.
When authorities and other stakeholders are alert, the risk of getting caught is higher. And, after Salisbury incident we have seen how public attribution can really have an impact on international relations. Russia felt that open and free societies can synchronise their actions rapidly, when necessary.
All or some of these items listed above have guided hostile actors to change their focus. As physical structures are better guarded, the efforts have moved to new targets. The softest target is human thinking. The purpose of a state actor attacker has remained the same, to weaken the competitor.
In NATO parlance, the information environment has three dimensions: physical, informational and cognitive #4. Hostile information activities can cause havoc by attacking any one of these. The cognitive dimension is an effort to give context to what is happening or has happened. If this sensemaking is disturbed, people feel lost. In an electoral point of view, this could mean complete distrust of elections, news media, authorities, alienation from others and even a lost sense of the purpose of democracy.
According to Jessica Brandt, from Alliance for Securing Democracy, the Russian focus with the U.S. elections is to create division among the electorates by pumping mistrust into to the system,
Similar thinking is echoed in the new U.S. Counter-Intelligence Strategy 2020-2022, “…These campaigns are designed, for example, to sway public opinion against U.S. Government policies or in favour of foreign agendas, influence and deceive key decision makers, alter public perceptions, and amplify conspiracy theories… Our adversaries regard deception or manipulation of the views of U.S. citizens and policymakers to be an effective, inexpensive, and low-risk method for achieving their strategic objectives” #6.
PROTECTING OUR FREE WILL
Democracies are vulnerable to determined attackers. However, election protection has shown that enhanced co-operation is an effective way of supporting societies.
Despite the excellent track record of whole of government/society approaches, these models have shortcomings. They don’t fully grasp the impact of international business.
As there are not enough incentives for international social media companies to protect information space, countries are pushing for more regulation. For smaller media markets, it is important that the work is done jointly, eg. the European Commission is modifying liability rules for platforms, with a proposal due by the end of the year #7.
Currently the emphasis is on heavier regulation, but all actors should feel responsible. Protection of healthy cyber and information environments in one country helps everyone.
text: ANTTI SILLANPÄÄ Erikoistutkija | Senior Researcher Turvallisuuskomitean sihteeristö | Secretariat of the Security Committee
Sources #1 https://vnk.fi/en/article/-/asset_publisher/suomessa-on-maailman-parhaat-vaalit-mieti-miksi- 2 https://ec.europa.eu/commission/presscorner/detail/en/IP_18_5681 3 https://valtioneuvosto.fi/en/article/-/asset_publisher/1410853/eduskuntavaalien-turvallisuutta-tukenut-varautumistyo-oli-onnistunutta 4 https://fas.org/irp/doddir/army/atp3-13-1.pdf 5 https://www.bloomberg.com/news/videos/2020-03-03/-balance-of-power-full-show-03-03-2020-video 6 https://www.dni.gov/files/NCSC/documents/features/20200205-National_CI_Strategy_2020_2022.pdf 7 https://www.bloomberg.com/news/articles/2020-02-12/u-k-to-regulate-internet-in-crackdown-on-social-media-companies
