Disinformation issue in Cyber Space: Issues and Way forward

Disinformation issue in Cyber Space: Issues and Way forward

The development of the internet has produced new ways to spread information, but also entirely new dangers. Security and disinformation are the two forces that are now fighting for supremacy in the cyber world. A conflict which can cause great problems for citizens all around the world. Information, or disinformation, is already creating confusion and undermining trust in society. Especially when it first appears to be authentic news but actually comes from unreliable sources.

Difference between Cyber-attack and disinformation

• Cybersecurity focuses on protecting and defending computer systems, networks, and our digital lives from disruption, while disinformation exploits inherent cognitive biases and logical fallacies.
• Cyber-attacks are executed using viruses, botnets, and social engineering. Disinformation attacks use manipulated information through deep fakes, and cheap fakes.
• Cyber-attacks and disinformation attacks have always been handled individually.  But it is time to accept that disinformation is a cyber-security issue.

Similarities between Cyber-attack and disinformation

There is a lot of similarity in the strategies, tactics and actions between Cyber-attack and disinformation

• Cyberattacks are aimed at computer infrastructure while disinformation exploits our inherent cognitive biases and logical fallacies.
• Cybersecurity attacks are executed using malware, viruses, trojans, botnets, and social engineering.
• Disinformation attacks use manipulated, mis-contextualised, misappropriated information, deep fakes, and cheap fakes. Nefarious actors use both attacks in concert to create more havoc.
• Historically, the industry has treated these attacks independently, deployed different countermeasures, and even have separate teams working in silos to protect and defend against these attacks.

What is Cognitive Hacking?

Cognitive hacking involves attacks against the brain that use psychological, emotional, social and sensory principles to manipulate people into performing actions or divulging confidential information. Cognitive hackers are built on a knowledge of the human element and uses tactics that take advantage of cognitive vulnerabilities of people to achieve a goal.

What is Defense in Depth (DiD)?

Defense in Depth (DiD) is an approach to cyber-security. In it, a set of defensive mechanisms are layered to secure valuable data and information. If one system fails, another steps up immediately to thwart an attack. For example, Firewall is the first layer, antivirus is the 2nd, Regular patching is the 3rd layer.

DDoS and disinformation

A Distributed Denial of Service (DDoS attack) is a very popular cyber-attack that’s used to disrupt services on the Internet. If an attack is successful, it can cause problems for everyone from hospitals to banks, airlines and even government agencies. Similarly, a well-coordinated disinformation campaign floods disinformation to an extent that people start to deny the truth. Disinformation is used as psychological manipulation of people into performing an action on a mass scale.

Countermeasure for disinformation attacks

A strategic cyber-security capability is the primary countermeasure for disinformation attacks. But a strategic cyber-security capability is based on knowledgable decision-makers and officers in the nation and other free societies who understand the high probability of disinformation attacks (as part of an unconventional warfare campaign) and are willing to take the risk before a cyber-attack or disinformation attack occurs.

Disinformation attacks can be counter by analyzing the tactics of disinformation. It helps to understand the identities of malicious actors, their activities, and behaviors from the cyber-security domain.

Layered Security Mechanisms such as Defence-in-Depth can be used to mitigate disinformation threats. A series of proactive filters are required to filter out the fake information.

An Information sharing framework like ISACs is required to collect and exchange information about the identity, content, actions, and behaviors of disinformation actors.