In a world increasingly interconnected by technology, democratic governments are grappling with how to defend against and counter information operations targeting their societies. Russia has emerged as the most prolific foreign actor engaging in these operations – targeting at least 37 countries across the transatlantic space since 2000 – but other states, such as China and Iran, are increasingly adopting these tools. Information operations manifest differently depending on specific opportunities and vulnerabilities in the target country, but they employ many common tactics and exhibit similar manipulative behaviors. In many cases, the same “Advanced Persistent Manipulators” execute operations across a range of countries, and continue to operate despite repeated takedowns of accounts associated with these operations. For example, the Russian Internet Research Agency has targeted at least 10 transatlantic countries with information operations. And in the case of online operations, the same platforms are being exploited as conduits for these campaigns in numerous countries. This means that there are common approaches that governments can adopt to defend against and counter this threat, although different government structures and legal frameworks mean that not all practices will be directly transferrable. But just as malign actors are learning from one another’s tactics and operations, democracies need to learn from one another about effective approaches to counter this threat.
This paper explores approaches that democratic countries are adopting to counter these tactics in order to identify common strategies and best practices. Although these approaches are best accompanied by initiatives from the private sector and civil society, this paper focuses specifically on efforts made by democratic governments. These efforts include: creating cross-cutting structures for policy development and analysis of asymmetric threats; engaging and sharing information with technology companies; raising public awareness of the threat; building societal resilience through media literacy programs; constructing and reforming legal frameworks around transparency and election security; deterring malign actors through messaging and cost-raising measures; and finally, facilitating international coordination to identify threats and share best practices.
To adequately counter asymmetric threats to their countries, some democratic governments have established, tasked, or empowered cross-cutting structures and inter-agency bodies. These efforts are intended to facilitate information-sharing and coordination of analysis and policy formulation regarding the threat of foreign interference – including information operations. While several governments have established these types of structures, specific organizational blueprints, authorities, and capabilities vary. Additionally, these bodies include varied levels of interaction and coordination with local and state authorities, as well as with the private sector.
Perhaps the most well-known example of a cross-cutting government structure for countering information operations is the Swedish Civil Contingencies Agency (MSB). The Swedish government first established the MSB in 2009 as an emergency management organization, though its role was expanded to include disinformation in 2015 and the organization was granted an increased budget to analyze foreign influence in 2017. The MSB is the keystone of Sweden’s whole-of-society approach to countering interference, coordinating and convening across government agencies to identify and monitor threats. The MSB also works with local level civil servants and election officials – mostly in an educational capacity – to help improve their ability to identify and counter interference. Ahead of Sweden’s September 2018 elections, the MSB trained over 10,000 civil servants on how to spot foreign influence campaigns.
Another example of a cross-cutting structure is the Canadian government’s Security and Intelligence Threats to Elections (SITE) Task Force. Established in January 2019 as an “integrated inter-agency body,” the SITE brings together elements of the Canadian intelligence community, law enforcement, and foreign policy establishment to coordinate efforts to identify and analyze foreign threats to Canadian elections – including information operations.
A final example comes from Australia, which has faced foreign interference operations from the Chinese Communist Party (CCP). In April 2018, Australia appointed its first National Counter Foreign Interference Coordinator. The Coordinator oversees a team within Australia’s Department of Home Affairs that coordinates across the Australian Security Intelligence Organisation (ASIO), the Australian Federal Police (AFP), the Department of Defence, and the Department of Foreign Affairs and Trade. The Coordinator is intended to provide a “focal point for coordinating policy and program development” regarding countering foreign interference and also leads government engagement with the private sector.
Democratic governments’ attempts to establish cross-cutting structures take a variety of approaches. Some – like Canada’s SITE – focus heavily on analysis, while Australia’s Counter Foreign Interference Coordinator concentrates on policy development and implementation, as well as resiliency-building. Sweden’s MSB emphasizes education and awareness, as well as engagement with local officials, to ensure a whole-of-society response to information operations. While the organization and authority of these bodies depends heavily on domestic context, all of these structures maintain a similar and essential purpose – to prevent interference threats from falling into bureaucratic seams, and to help develop a unified understanding of potential threats. By establishing a central body for coordinating counter-interference efforts, democratic governments help policymakers see the full threat picture for interference and ensure that policy responses draw on all tools at decision makers’ disposal.
Engagement and Information Sharing with the Technology Sector
Given the nature of online information operations, engagement with stakeholders in the tech community is essential for effectively countering foreign interference. Revelations of the Russian Internet Research Agency’s manipulation of social media to target the 2016 U.S. presidential election served as a wake-up call for democratic governments around the world that the online information space is a battleground for malign influence.
Coordination with the tech sector has taken a variety of forms in different countries, but information sharing remains largely ad-hoc. For example, ahead of Germany’s elections in 2017, Facebook – in close cooperation with German authorities – reportedly removed tens of thousands of fake accounts from its platform. The German Federal Office for Information Security (BSI) also maintained a direct channel for communications with the company regarding potential disinformation targeting the elections. The Swedish Civil Contingencies Agency (MSB) has coordinated in a similar fashion with Facebook, establishing a communication channel to facilitate quick responses to fake accounts identified by the Swedish government. Ahead of European Parliament elections in May 2019, Facebook, Twitter, and Google provided monthly reports on their efforts to combat disinformation to the European Commission, although this communication has been primarily one-way.
In the United States, failure to recognize the threat and lack of coordination with social media platforms hindered government attempts to detect foreign interference online ahead of the 2016 election. Following revelations of online foreign interference, the U.S. Department of Justice called for closer cooperation with social media companies to tackle information operations. Since then, Facebook and Google have reportedly worked with U.S. law enforcement on several occasions to take down information operations linked to Russia and Iran. In April 2019, Director of the Federal Bureau of Investigation (FBI) Christopher Wray noted that the back-and-forth communication between U.S. officials and social media platforms “has gotten dramatically better” since 2016. In September 2019, U.S. officials from the FBI, Department of Homeland Security (DHS), and Office of the Director of National Intelligence (ODNI) met with representatives of Facebook, Google, Twitter, and Microsoft to discuss preparations for the upcoming 2020 election. While one U.S. intelligence official claimed the meeting was “collectively viewed as a positive step,” additional reporting revealed that government and tech representatives remain at odds over standards for information sharing.
Although these examples represent important progress in trust-building between governments and the tech community, they remain limited, ad-hoc, and often narrowly focused on elections. Democratic governments need to establish and institutionalize permanent mechanisms for information sharing with technology companies, including protections for privacy, speech, and classified information. Government agencies have the tools to recognize emerging threats and malign foreign actors, while social media companies have a unique view into activity on their platforms. Both sets of knowledge are necessary for effectively identifying and countering hostile information operations. Recent coordination is an important positive step, but stronger communications protocols will help democratic governments – and the tech community – shift from reactive to proactive countermeasures against information operations.
Public Awareness and Exposure
Foreign information operations aim to manipulate a target country’s domestic population by hijacking public discussion to insert and amplify false, misleading, or inflammatory narratives. In this battle, citizens are on the front lines, and it is therefore not enough for government officials alone to recognize the threat. Democratic governments have a strategic imperative to raise public awareness about this threat in order to build resilience against it. Exposing these operations is also important to reduce their effectiveness and potentially deter them.
Democratic governments have sought to raise public awareness and inform citizens in several different ways. In Sweden, the Civil Contingencies Agency (MSB) coordinates directly with mass media outlets to raise awareness of information operations. In the lead-up to 2018 Swedish elections, MSB reportedly shared information regularly with media outlets to help them understand “how to withstand attempts to influence their reporting and counter disinformation.” Outside of the media, Swedish government officials also directly warned the public about the threat of disinformation campaigns.
The Canadian government has taken similar steps to inform and educate its citizens. The Elections Modernization Act, which came into force in June 2019, authorizes Canada’s non-partisan chief election official to share unlimited educational and informational material with the public to help inform them of interference efforts. High-level Canadian officials, including Prime Minister Justin Trudeau, have also warned the public about the threat of foreign interference targeting Canada’s democratic institutions.
In the wake of the poisoning of Sergei and Yuliya Skripal, the UK government took on Russian disinformation directly, setting up a communications team and using its own social media to warn citizens about the tactics that Moscow was using to manipulate their opinions on the incident. Also, in Australia, high-level officials – including former Prime Minister Malcolm Turnbull – have repeatedly warned the public about the “covert, coercive, and corrupting behavior” that characterizes foreign influence efforts.
In the United States, government officials were reluctant to publicly call out foreign interference during the 2016 election. Since then, the Department of Justice and former Deputy Attorney General Rod Rosenstein have articulated the importance of publicly exposing and attributing foreign information operations in order to educate citizens and undermine the effectiveness of malign influence efforts. Unfortunately, intense partisanship and mixed messaging from U.S. leadership have undermined this initiative – politicizing the threat and hindering attempts to address it.
Information operations target citizens directly to polarize societies and inflame tensions. Promoting public awareness is a key first step to countering these operations, and democratic governments should act to help their citizens understand how and why they are being targeted by malign foreign factors.
Democratic governments have also taken steps to support efforts to educate the public on how to safely consume media without being manipulated by malign actors. In several countries, media and digital literacy components have become a large part of efforts to build up long-term resilience to foreign information operations.
In Canada, the government recently established a Digital Citizens Initiative, which aims to support programs that educate citizens on how information operations work and what they can do to “avoid being susceptible to manipulation online.” The program also aims to provide citizens with the skills to critically assess online news and to better understand how algorithms impact their online experience. In a recent white paper, UK policymakers called on the government to construct a similar media literacy strategy to improve education and awareness for citizens of all ages.
In 2014, the Finnish government launched an initiative to educate citizens, students, journalists, and politicians on how to counter disinformation. Finland has also revised its educational curriculum to emphasize critical thinking skills and to instruct students on how to spot false information. In Sweden, the Swedish Media Council – a government agency – launched a similar nationwide curriculum in July 2018 to teach elementary and high school students how to identify false information online. And these efforts are paying off. A recent study by the European Policies Initiative found that, of 35 European countries, Finland ranks first in resilience to the “post-truth phenomenon.” Sweden is ranked fourth.
In the United States, the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security recently launched a viral campaign to help citizens understand how state-backed information operations target divisive issues to distract online discussions and sow chaos. Numerous other government agencies seized on the initiative, promoting the campaign on social media.
Teaching citizens the steps that they can take to protect themselves against foreign manipulation is the best way to inoculate a society against the effects of malign interference. As information operations continue to grow in complexity and scale through emerging technologies like artificial intelligence and deepfakes, it will only become more difficult to tell fact from fiction online. Building an informed, digitally literate populace is a long-term investment in resilience against this threat.
Legal Frameworks for Transparency and Election Integrity
Authoritarian actors exploit vulnerabilities and loopholes within democratic countries to deploy information operations. To close off these vulnerabilities, some democratic governments have sought to reform legal and regulatory frameworks around online transparency and the integrity of election information.
Across the transatlantic space, policymakers have sought to reform laws around online political advertising to increase transparency and reduce the potential for manipulation. In the United States, the proposed Honest Ads Act would expand political disclosure rules for online ads and would require platforms to keep a public record of political ad purchases. The Canadian government recently announced a similar provision which will create ad spending limits, as well as stricter reporting and disclosure requirements for online ads during elections. Additionally, in the EU, the European Commission’s Code of Practice on Disinformation requires signatories to increase transparency for political and issue-based ads and to strengthen efforts to verify advertisers.
The recent U.S. effort to enforce the Foreign Agents Registration Act (FARA) represents another democratic effort to improve transparency. FARA requires individuals and organizations that undertake political activity and are controlled or funded by foreign governments to register with the Department of Justice. The law is aimed at improving public awareness of foreign propaganda targeting U.S. citizens. Following revelations that Russian state-controlled media outlets RT and Sputnik had been used to spread false information ahead of the 2016 elections, the U.S. Department of Justice requested that the outlets – and their affiliated companies – officially register as foreign agents due to their close ties to the Kremlin.
Another tactic for countering information operations has been to create legal frameworks to ensure the integrity of election information online. For example, Canadian law prohibits the publishing of false statements regarding personal information about a candidate or a political leader during an election period. In 2018, the French Parliament passed a similar law to combat “fake news” by allowing courts to decide if articles published during election periods are manipulative and should be taken down.
More recently, the UK government published a white paper outlining a plan to combat harmful content on social media. The paper calls for an independent regulator that would monitor social media platforms and punish them for failing to quickly remove what it calls harmful content – ranging from terrorist propaganda and cyberbullying to disinformation. Australia passed a similar law earlier this year that threatens social media companies with harsh punishments for failing to quickly remove violent content.
While laws like these intend to raise the costs for spreading misinformation and halt its spread, their focus on content is misguided. Lumping information operations into the same broad bucket as terrorist content or hate speech misunderstands the methods of information operations, which are a unique threat and require their own specific solutions. Information operations are a problem of malicious actors engaging in manipulative behavior; in many instances the content spread in these operations is not demonstrably true or false. Focusing on content also ignores many of the tactics that malign actors are using to influence platforms, such as inauthentic personas and manipulation of search results. Additionally, content-centered approaches are inherently reactive, relying on the detection and removal of material after it has already been posted and spread. And finally, policing content poses significant challenges to free speech and could easily play into the hands of authoritarian regimes by restricting expression. Attempts to combat information operations by focusing on content are ineffective at best, and counterproductive at worst.
Focusing instead on the deceptive behavior of malign actors offers a better framework for tackling disinformation and allows governments and private companies to act decisively without worrying about attribution. This approach also allows platforms to detect patterns in manipulative behavior that will make future influence operations easier to identify. As governments begin to ponder legal frameworks for combating information operations – as is happening in the UK and France – they should focus on promoting transparency and targeting malign behavior, not policing content.
Deterrence and Cost-Raising
As with any security threat, defense alone is not enough – deterrence is also an important part of countering information operations. Authoritarian actors have turned to information operations not only for their effectiveness, but also due to their low cost. Deterrent messaging, accompanied by the threat or imposition of consequences, raises the costs of undertaking such interference. Some democratic actors have even taken offensive steps to counter malign foreign information operations.
Ahead of elections in 2017, officials in France and Germany issued strong warnings of consequences for potential interference. High-level officials in France warned publicly that they would not tolerate interference in the upcoming elections, and – in the wake of cyber-attacks against the campaign of now-President Emmanuel Macron – outgoing French President François Hollande directly warned Moscow. Officials in Germany took a similar tack, publicly warning about the consequences of interference ahead of the election, particularly if previously hacked material were released publicly. German Chancellor Angela Merkel even addressed the issue directly with Russian President Vladimir Putin in a face-to-face meeting. Ahead of elections in Sweden, Prime Minister Stefan Löfven also warned that his government would “expose [such operations] without mercy.”
In reaction to Russian interference in the 2016 presidential election, the U.S. Department of Treasury launched several waves of punitive sanctions targeted at the actors responsible for cyber and information operations. The designees included employees, funders, and companies associated with the Internet Research Agency (IRA), as well as Russian military intelligence officers (GRU) who helped spread stolen information online. Public indictments helped impose additional reputational costs on Moscow and exposed the tactics employed by the IRA and GRU to target the U.S. election. In general, European countries have been slower to turn to sanctions as punishment for information operations – though media regulators in the UK and France have acted to shame and punish Russian state-controlled broadcasters for inaccurate reporting.
Ahead of the 2018 midterm elections, the U.S. government took additional preemptive actions to deter interference from the IRA. In the weeks leading up to the elections, the U.S. Cyber Command (CYBERCOM) reportedly targeted individual IRA operatives and Russian intelligence officers with direct messages warning them that they had been identified and that their activity was being tracked. On the day of the midterms, CYBERCOM also reportedly launched cyber-attacks against the IRA to cut off the organization’s Internet access and prevent it from spreading disinformation. Given the long-term nature of information operations – which are ongoing and not limited to election days – the cyber-attacks were far too limited and too late to prevent interference. However, experts and officials have argued that the attacks served as a messaging tool to demonstrate U.S. capability and commitment to protecting its elections.
While it is difficult to assess the direct impact of deterrent measures without delving into counterfactuals, cost-raising, public messaging, and preemptive efforts play an important role in the democratic defense against foreign interference. They serve to punish malign actors, raise the costs of otherwise inexpensive operations, expose and impose reputational damage on foreign governments, and demonstrate resolve and resilience.
Government officials should also articulate a declaratory policy that identifies foreign interference operations as a national security threat that will be met with consequences. Cost-raising efforts are most effective when taken multilaterally, rather than unilaterally. Democratic governments should come together to define principles of unacceptable interference operations that would face punitive responses. The EU’s recent decision to impose quick-reaction EU-wide sanctions for cyber-attacks is a positive step and presents a potential model for a unified deterrent mechanism for information operations. Another model for multilateral and cross-sector messaging is the Paris Call for Trust and Security in Cyberspace, which aims to set international norms for the cyber domain and includes provisions on protecting elections from foreign interference and defending accessibility to the internet. The initiative has been endorsed by more than 50 countries, 90 nonprofits and academic institutions, and 130 private companies and groups – including key tech companies.
A final aspect of the democratic response to malign information operations has been the facilitation of information sharing and exchange of best practices through international mechanisms. Authoritarian-backed information operations target democratic countries around the world – often through similar tools and actors, and occasionally with the same narratives. At times, international organizations are the target of authoritarian interference themselves. As a result, governments have launched several initiatives to facilitate international coordination on countering information operations.
Two examples of international coordination mechanisms are the EU’s Rapid Alert System and the G7’s Rapid Response Mechanism. The EU’s Rapid Alert System connects points of contact from all 28 EU member states to exchange best practices, share analysis, flag disinformation campaigns and coordinate responses to information operations. The system utilizes an online platform that allows for real-time information exchange. However, despite intentions, critics have noted that that Rapid Alert System has been underutilized and ineffective thus far, stating, “It’s not rapid. There are no alerts. And there’s no system.” The G7’s Rapid Response Mechanism aims to achieve similar goals by facilitating information sharing and organizing responses to threats to G7 democracies. The “Coordination Unit” of the mechanism is based in Canada and is tasked as the focal point of information sharing and policy coordination amongst members. Outside of institutional mechanisms, democratic governments have also coordinated responses to information operations on an ad-hoc basis. In the wake of the poisoning of Sergei and Yuliya Skripal by Russian intelligence officers, the UK government worked quickly to rally support from the transatlantic community and to coordinate with allies and partners to identify and debunk disinformation narratives.
While these information-sharing mechanisms are an important step in the right direction, they are limited in their participation and implementation. Another logical venue for a counter-information operations coordinating cell is at NATO. NATO not only brings together a wide range of transatlantic democracies, but is also a frequent target of information operations itself. Creating an international coordinating body within NATO – with engagement from the appropriate levels of member state governments – could allow for a more robust sharing of best practices. Additionally, given the nature of the collective defense organization, NATO could serve as an effective catalyst for mustering powerful, coordinated responses to malign actors.
Overall, international coordination plays an extremely important role in countering information operations. As authoritarian tactics grow more sophisticated and are supercharged by emerging technologies, democracies will need to learn from each other how best to defend against and deter interference. Further, democracies are strongest when they work together, and unified punitive actions send a strong message to malign actors about the costs of trying to undermine democratic institutions.
Democratic governments have employed a wide range of approaches to countering and deterring information operations, ranging from offensive cyber-attacks to domestic education programs. Examining these efforts reveals best practices and strategies for securing democratic institutions while protecting freedoms. These strategies include structural reforms, limited legal and regulatory efforts, resilience-building programs, and strong deterrence and cost-raising measures.
Structural approaches that facilitate a whole-of-society defense against interference are key to a successful counter-disinformation strategy. Democracies must act to ensure that threats posed by information operations do not fall between bureaucratic seams, and must enable information exchange between various levels of government – as well as between government agencies and the private sector – to adequately identify and counter disinformation. Structural reforms will also be key for coordinating information sharing and policy responses on an international and transatlantic scale.
Another key takeaway is the limited room for legal and regulatory approaches to countering information operations. While democratic governments have taken varied steps to address the spread of harmful content online, effective action on this front should focus on increasing transparency and hindering manipulative behavior. Approaches that encourage platforms or government regulators to police content present challenges to free speech and risk undermining the values that are democracies’ greatest strengths – achieving authoritarian actors’ goals for them.
Public awareness and media literacy programs are also essential to building long-term democratic resilience to malign information operations. Exposing the tools and tactics of authoritarian interference is the best way to inoculate citizens against their effects. And investing in educating citizens about how they can safely consume information online will help insulate domestic discussion from future interference. As authoritarian actors adopt and adapt emerging technologies to conduct even more sophisticated disinformation campaigns, maintaining an aware and informed public will be even more important.
A final best practice for countering information operations is strong deterrence coupled with cost-raising measures. Democratic governments have the tools to dissuade malign actors from interfering in their countries and will need to recognize their own asymmetric advantages in order to raise costs on authoritarian actors who target their institutions. Deterrent and punitive measures are more effective when they are taken in concert with allies, and democratic governments should band together to demonstrate to authoritarian actors that they will not tolerate malign information operations targeting their institutions.
This paper was produced as part of the “EXPOSING RUSSIAN INFORMATION OPERATIONS IN FRONTLINE STATES: Automated analysis, monitoring and vulnerability assessment” project implemented by GLOBSEC.