CISA Warns Critical Infrastructure Organizations of Foreign Influence Operations
Newly published guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) provides critical infrastructure organizations with instructions on how to prepare for and mitigate foreign influence operations.
Leveraging misinformation, disinformation, and malinformation (MDM), along with other tactics, foreign influence operations are meant to undermine trust in critical infrastructure, disrupt markets, sow discord, and undermine the security of the US and its allies.
When promoted consistently and reinforced by individuals with influence, MDM narratives may have amplified effects, especially when targeting National Critical Functions (NCFs) and critical infrastructure.
Foreign influence operations targeting US audiences in recent years have been paired with cyberattacks to create confusion and anxiety and, in the light of increased tensions between Russia and Ukraine, critical infrastructure organizations are potentially at risk of being targeted in similar operations.
“Recently observed foreign influence operations abroad demonstrate that foreign governments and related actors have the capability to quickly employ sophisticated influence techniques to target U.S. audiences with the goal to disrupt U.S. critical infrastructure and undermine U.S. interests and authorities,” CISA notes.
CISA’s guidance is meant to help critical infrastructure organizations better understand the risks associated with influence operations conducted on social media and other online platforms, and instructs them on the steps they can take internally to improve their resilience.
All organizations, the agency says, should evaluate previously observed MDM narratives targeting their sectors, learn about the sources of information their stakeholders and customers use, map communication channels with key stakeholders, and keep an eye for any change in online activity related to their sectors.
Furthermore, organizations should identify any vulnerabilities that an MDM actor may exploit, and should educate their employees to secure their social media accounts using multi-factor authentication and to practice smart email hygiene.
“Malicious actors can use hacking and other cyber activities as part of influence operations. Hijacking accounts and defacing public facing sites can be used to influence public opinion. Organizations should be aware of cyber risks and take action to reduce the likelihood and impact of a potentially damaging compromise,” CISA notes.
Additionally, the agency recommends that organizations establish clear communication channels with their stakeholders, that they make information available on their websites as clear as possible, and that they review their social media presence and access privileges for social media accounts.
CISA also notes that decision makers should engage in active communication with other entities in their sector to build a trusted network and that they should develop an MDM incident response process to be prepared for mitigating any influence operation that is combined with cyber activities targeting their organization.
“In today’s information environment, critical infrastructure owners and operators must play a proactive role in responding to MDM. While each MDM narrative will differ, the TRUST model for incident response can help reduce risk and protect stakeholders,” CISA says.