Cybersecurity and Disinformation

Introduction

 In the current situation relating to COVID-19, I thought it is worth reminding about the risks and nature of disinformation and its links to cybersecurity. 

 In parallel to cyber-attacks that impact technological assets, threat actors are now often conducting an increasing number of multi-faceted disinformation operations. Alleged objectives of these attacks are to infiltrate dependable information sources and influence and distract public opinion, (social) media and the press. This is attempted by seeding distrust, undermining widely accepted societal and democratic values, and potentially influencing the outcome of important events such as elections. Such attacks can be perfectly disguised beneath the vast amount of publicly available information (often tailored to individual or group profiles) that people “consume” on a daily basis. This renders those attacks difficult to detect and mitigate.
Disinformation operations are a clear reminder that cyber-space is a term that not only incorporates networks and computing devices but also the human element. This post aims to outlines what is disinformation a campaign and provides an overview of the threat.

Impact of Cyberattacks

Cyber-attacks can have a physical impact, but many of them tend to be more disruptive than destructive. Malware has the potential to take production plants offline, shut down the electric grid and cause power outages, and disrupt operations by compromising safety controllers in industrial control systems. Or perhaps not. Organizations may still be thinking about physical damage or impact, but attackers appear to have moved on to less overt activities that can still sow confusion and cause chaos. The combination of traditional methods and digital attacks lets the attackers still maintain a degree of deniability.

 Along, with a threat to life when companies suffer severe data breaches if that leads to loss of finance of customers and users hardship and suicides may follow. Deaths have also occurred because of online sextortion and swatting attacks. 
Disinformation campaigns have the potential to cause the same degree of chaos that traditional cyber and social engineering attacks can result in. 

Identifying Disinformation

It is vital to distinguish between various types of disinformation as many websites and “Satire and Parody” channels are widely thought of to be legitimate although they seem quirky and bizarrely comical. The most common being:

  • Satire or Parody – Potential to fool but no intention to cause harm.
  • Misleading Content – To frame an issue or individual by using misleading information or half-truths.
  • Imposter Content – Impersonating genuine content.
  • Fabricated Content – False content designed to deceive and do harm in all respect.
  • False Connection – Headlines, visuals or captions do not support the content.
  • False Content – Genuine content shared with false contextual information.
  • Manipulated content – genuine information is manipulated with an intention to deceive.


Spotting Disinformation can be simple. One needs to have an eye for the following:
  • Posting profile - Review the spelling of the source and the “verified” mark as a certificate of authenticity as provided to most legitimate news sources. No Tick – No Trust.
  • Headline – A headline should be descriptive and not deceptive. Most fake news headlines instigate curiosity using exclamation points, capped letters rather than providing an abridged version of the actual factual news.
  • Cross-check – Check post comments, reactions and rely on fact-checking websites before providing your personal information or clicking the link. Also, make sure the post is current and is not a repost of an old fact.



Defending and Mitigating against Disinformation

What should individuals and companies do if they spot fake news? They need to report, report and report! And also educate others when someone posts disinformation. Reporting these to content reviewers on the relevant platform should help content reviewers to quickly block the source and restrict spreading misinformation. 

Also, follow the best cybersecurity practises for individuals and companies with them also  complying to regulations since they often get companies the majority of the way there: GDPR, NIS Directive, Cybersecurity Act, ePrivacy Act and the California Consumer Privacy Act.

Conclusion

Disinformation campaigns and tainted leaks are becoming a serious issue both in the cyber and physical world. Due to their nature, they are difficult both to identify and counter. Societies will have to develop defences against such attacks, particularly the ones that aim to potentially affect democratic processes such as elections, legislative procedures, law enforcement and justice. In the context of cybersecurity, disinformation campaigns should be closely monitored and thoroughly analysed in order to counter similar attacks in the future.

Hopefully, this post has some useful information. Finally, remember always wash your hand with soap and maybe give whatever type of input device you are using to conduct work give that a good clean as well.

Sources

Comments

Post a Comment

Popular posts

Balancing functionality, usability and security in design

Image
Introduction When designing new devices or applications there is a requirement nowadays to consider there functionality, usability and security. While there has been a push through secure-by-design guidelines for security to be built-in from the beginning there are still gaps in implementation and part of these gaps are design considerations of functionality and usability. Part of this that doing security well is hard work, but it should never block useful functionality for the user. Ideally, when security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. Though achieving this balance is admittedly not straightforward. This blog post will aim to look at this triad and how they can be balanced and not compromise each other. Defining the Triad in design A triangle can be used to help explain the relationship between the concepts of security, functionality and ea
Read more

Personal Interest - Unbuilt fleets of the Royal Navy

Image
Introduction Throughout the 20th Century the Royal Navy designed and examined different types of fleets that were never realised either due to budget constraints, arms treaties or the changing nature of war. These are only a few examples of the different types of unbuilt fleets. Some of these had prototypes built and tasted for the Royal Navy which would serve as technological testbeds. Images and info from secret projects forum, shipbucket, popular mechanics/science and naval-matters. Washington Naval Treaty (WNT) The  Washington Naval Treaty  was a treaty signed during 1922 among the major nations that had won  World War I , which agreed to prevent an  arms race  by limiting naval construction. It was negotiated at the  Washington Naval Conference , held in  Washington, D.C. , from November 1921 to February 1922, and it was signed by the governments of the United Kingdom, the United States, France, Italy, and Japan. It limited the construction of  battleships ,  battlecruisers
Read more

Personal Interest - RAF Unbuilt Projects

Image
  Introduction This blog post looks at the different groups of cancelled RAF projects. It will focus on the 50s, 60s, 90s/00s and a brief look at hypersonic research projects. While these projects were often cut or cancelled for budget or austerity reasons, they were also pushed by the changing nature of warfare firstly from conventional style WW2 warfare to the predicated quick, short scale nuclear war which was expected from 1947 to 1989. Later from the 90s and into the 21st Century a change from state on state conflict to facing insurgencies, counter-terrorism and peacekeeping missions again led to a change in how wars are fought. Though the work and research done on these projects would rarely go to waste with it being used and applied in other projects and works even if sometimes it could take another ten or twenty years before anything operational came of that work. There won't be large amounts of text explaining or exploring the designs there are far better sources for th
Read more