惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cybersecurity and Infrastructure Security Agency CISA
D
Darknet – Hacking Tools, Hacker News & Cyber Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Schneier on Security
L
Lohrmann on Cybersecurity
S
Securelist
P
Palo Alto Networks Blog
SecWiki News
SecWiki News
T
Troy Hunt's Blog
H
Hacker News: Front Page
AWS News Blog
AWS News Blog
Latest news
Latest news
Hacker News - Newest:
Hacker News - Newest: "LLM"
NISL@THU
NISL@THU
The Hacker News
The Hacker News
F
Full Disclosure
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
大猫的无限游戏
大猫的无限游戏
O
OpenAI News
P
Proofpoint News Feed
Know Your Adversary
Know Your Adversary
G
GRAHAM CLULEY
博客园_首页
Attack and Defense Labs
Attack and Defense Labs
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Security Latest
Security Latest
云风的 BLOG
云风的 BLOG
K
Kaspersky official blog
WordPress大学
WordPress大学
www.infosecurity-magazine.com
www.infosecurity-magazine.com
宝玉的分享
宝玉的分享
L
LINUX DO - 热门话题
博客园 - 叶小钗
L
LINUX DO - 最新话题
Martin Fowler
Martin Fowler
N
News | PayPal Newsroom
Project Zero
Project Zero
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
PCI Perspectives
PCI Perspectives
月光博客
月光博客
IT之家
IT之家
Recent Announcements
Recent Announcements
T
The Exploit Database - CXSecurity.com
D
DataBreaches.Net
J
Java Code Geeks
酷 壳 – CoolShell
酷 壳 – CoolShell
Last Week in AI
Last Week in AI
Google Online Security Blog
Google Online Security Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知

MeriTalk

Eliminating Silos in IT/OT Cybersecurity Is a Funding Challenge, Not a Technical One The FedRAMP High Supply Crisis Is a Federal Security Problem – Not a Procurement Footnote How More Tightly Focused Software Development Initiatives Will Unlock Innovation Across Government Transforming Federal Cybersecurity Through Private Sector Innovation Evolving Zero Trust and Embedded AI – Federal Government Cybersecurity Predictions for 2026 Unlocking AI’s Potential in High-Assurance Environments Accelerate Agentic AI in the Federal Government: Top Takeaways Why Congress Must Reauthorize the Technology Modernization Fund Make Cybersecurity a Key Ingredient of Modernization How Spectro Cloud’s PaletteAI Secure helps agencies scale AI securely, compliantly, and confidently Fix the Foundation: How Hybrid Cloud and Trusted Data Enable Government AI New Google Workspace Cost-Saving Offer Available for U.S. Federal Government Reinventing FedRAMP in the Age of AI Balancing Security and Efficiency: The Federal IT Dilemma in the AI Era Meeting Evolving State and Local Cyber Threats AI Is the Solution to Stop AI Data Theft Enhancing U.S. Government Operations with AI and Human-Centered Design How FinOps Can Help Agencies Slash Cloud Costs in 5 Steps Will Quantum Computing Weaken or Strengthen Cybersecurity of Federal Systems? Improving Citizen and Federal Employee Experience with Virtual AI Assistants Strategies for Securing the Federal Supply Chain Reframing the U.S. Government’s Approach to Cybersecurity Oversight Three Steps Agencies Can Take to Meet Government’s AI Requirements The Impact of NIST’s PQC Standardization on the Federal Cybersecurity Ecosystem Generative AI is Revolutionizing Federal Government Operations NIST’s new PQC Algorithms and What They Mean for Federal Agencies Addressing the U.S. Quantum Labor Shortage Before It’s Too Late How a Community Vigil Approach and Secure by Design are Critical to Software Cybersecurity Addressing the Talent Shortage: How Digital Government Improves Satisfaction, Retention Here’s What We Can Learn (and Do) About Cybercrime from FBI’s Latest Internet Crime Report Implementing AI Assurance Safeguards Before OMB’s December Deadline The Next AI Wave: Quantum AI CDM’s Evolution to Non-Traditional Technology: Why Now and How Will it Succeed? Customer Expectations Require Agencies to Raise the Bar on Customer Experience, Report Shows Applying for Government Benefits Shouldn’t Be Difficult When It Comes to Identity Verification Four Federal Software Supply Chain Security Trends to Watch FedRAMP Baseline Transition Points to OSCAL-Native Tools What Zero Trust Means for Modern Government: Best Practices for Key Tenets Four Ways to Handle the IT Funding Crunch Agencies Need to Get Creative to Fill the Cyber Workforce Gap Customer Identity trends report shows control trumps convenience Federal Agencies Making Strides Toward Sustainability and Climate Action Executive Order 14028 | Improving the Nation’s Cybersecurity Depends on Data | All Data is Security Data Applying Geospatial Intelligence, AI/ML to Climate Change Challenge My Cup of IT: Angry at Arthritis, Hunting for Cures How the Federal Government Can Help Combat a Fragmented Internet Accelerating Cybersecurity for US Critical Infrastructure Getting in on the Ground Floor of the ‘New Observability’ Comply-to-Connect is Key to Zero Trust for DoD How Will Upcoming Cryptocurrency Regulations Affect Industry? My Cup of IT: Cup Cake for Kushner? Launching a New Era of Government Cloud Security Managing IT Complexity in Federal Agencies Agencies Must Modernize Zero Trust Approaches to Achieve Optimal Protection Five Essential Metrics for Measuring Federal Government CX Unlocking the Benefits of 5G and Beyond The Federal Factory of the Future: How AI is Transforming Manufacturing The Quantum Impact on Cyber How Next-Gen Computers Will Transform What’s Possible for Federal Government Agencies Must Take an Authentic Approach to Synthetic Data Biometrics and Privacy: Finding the Perfect Middle Ground Two-Way Street: Why Officials and Constituents Are Equally Responsible for Securing the Midterms The “Programmable World” Will Bring the Best of the Virtual World Into the Physical One Cyberattacks are a Common Occurrence and the Costs are Higher Than Ever Increasing Equity Through Data and Customer Experience The AI Edge: Why Edge Computing and AI Strategies Must Be Complementary How Metaverses and Web3 can Reshape Government Four Emerging Technology Trends set to Impact Government Most 5G Enables AI at the Edge Plugging Cyber Holes in Federal Acquisition Resilient Critical Infrastructure Starts with Zero Trust The Evolution of Government Tech Procurement Under CMMC 2.0 Zero Trust Requires Continuous, Tested Security for Federal Agencies How Multi-INT Fusion Accelerates Mission Intelligence for Real-Time Decision Advantage Three Things to Consider for Responsible AI in Government Legislation, White House Orders Show Agencies Opportunity for Hybrid Cloud Creating an Effective Framework for DoD’s Software Factories Realizing Upsides for Digital Security in the Hybrid Workplace A Future With AI and ML: The Power of Workforce Education Five Tips to Begin MFA Integration and Embrace Zero Trust The Vital Intersection Between Equity and Digital Transformation Equity as a Platform: Applying a New Mindset to Scale Innovation Harnessing the Right Data for Evidence-Based Equity From EO to Action: Human Factors of Enabling a Cyber Safety Review Board For Equity in Government Services, It’s Time to Change the Paradigm Critical Questions to Ask When Considering Explainable AI (XAI) for Your Federal Agency The Telework Model for Government: COVID Lessons for Building an Effective Workforce DevSecOps: 4 Steps for Mitigating the Next Cyber Attack in Your Federal IT Environment Better Cyber Hygiene Helps, but Federal Security Needs SASE Lift DoD, Feds Plot Top Cyber, Cloud Priorities for 2022 Cloud-Native Government: How to Transform With Intention DoD and VA Health Networks Face Growing Threat From Medical-Device Vulnerabilities New Federal Cybersecurity Requirements: How Agencies Should Implement a Zero Trust Architecture Protecting Our Nation Through Big Data Analytics Three Ways COVID-19 Altered Federal, State IT Budget Allocations Ransomware is More Than a Cybersecurity Issue From Me to We: Take the Mission Further With Multiparty Systems Anywhere, Everywhere: Integrating Your Virtual Workplace ‘I, Technologist’: Empowering Innovators in the Federal Workforce Mirrored World: Digital Twins Report for Duty Across Government
Federal IT Can’t Ignore Threats Posed by Disinformation
Eric Trexler · 2021-04-09 · via MeriTalk

Disinformation is undoubtedly on more people’s radars – Federal IT pros included – heading into 2021 and beyond. But just because we know more about it doesn’t mean we are better prepared to face the challenge that disinformation is posing.

With a normal cyber attack, the government is often targeted directly. Disinformation is different. Instead of attacking core infrastructure, bad actors or nation states attack the population by attempting to skew their beliefs.

Disinformation, a form of misinformation that is created specifically to manipulate or mislead people, is becoming more prevalent – in part because it’s easy to create and disperse. The tools behind deepfakes and malicious bots have been democratized, creation can now be automated, and disinformation-as-a-service has emerged. The Kremlin-backed Internet Research Agency, often referred to as a “troll farm,” sows disinformation everywhere – as do many nation states and domestic organizations.

From an agency perspective, the threat of disinformation has two key components. Nation states and bad actors are using disinformation to discredit agencies and target government employees. While Federal CIOs cannot tackle this problem alone, they can take some steps to mitigate the risk these threats pose. Let’s take a closer look at each component, and what Federal IT pros can do about it.

Retaining Agency Credibility

Nation states and bad actors can harm an agency without targeting them directly utilizing a cyber attack. They could, for instance, impact the number of coronavirus vaccines administered by the Department of Veteran Affairs by using disinformation to sow distrust about vaccine effectiveness or safety among veterans. While Federal agencies cannot control the media or its message, they can run awareness campaigns to counter the threat of disinformation, while also creating certified FAQs and resource pages for constituents.

DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has already been implementing this strategy, as seen with its disinformation toolkit specific to COVID-19. Along with other approaches, the toolkit highlights the most reliable sources for pandemic-related information. In 2019, CISA also released an evergreen infographic demonstrating how foreign influences stoke division between Americans through information campaigns.

While Federal CIOs alone cannot regain control of information in the internet age, agencies can consistently remind people that they represent a reputable source – and can be diligent in only driving constituents to other reputable sources. Agencies may even look to more traditional efforts, like marketing, in order to disseminate verified information to their constituents. Although this represents just one step of many needed to curb the threat of disinformation, it will help offset bad actors’ attempts to discredit agencies.

Educating and Protecting Employees  

Disinformation can also lead to insider threats. Social media and other sources of inaccurate information can radicalize employees, who may then feel compelled to steal sensitive data or IP. Just as disinformation is now for sale, insider-threat-as-a-service exists as well. While bad actors and nation states formerly attempted to bribe and extort their way to sensitive information, they can now either serve disinformation to existing employees, or ultimately become employees themselves.

To prepare for the former, agencies need to implement more education and disinformation training programs. Just as employees must complete training related to IT and HR, they should be required to take classes on recognizing disinformation. They should understand the techniques and procedures nation states will leverage to skew the public’s common belief system and know how to validate news sources. Employees need to be trained on the use of verifiable information fused with false information to alter narratives and discredit reliable sources. While IT pros may feel like such education is beyond their purview, it relates directly to insider threats. By helping employees validate sources, you’re actually protecting your data in the long run.

Additionally, in order to combat both types of insider threat, Federal agencies must be adept at continuous monitoring of user behavior. By having a baseline of normal user behavior, agencies will be able to determine if a radicalized employee is attempting to hoard data or access restricted information. The same can be said for someone who joined an agency with malicious intent in mind. There is simply no way to completely eliminate the threat of disinformation and malicious insiders. Thus, Federal IT pros must put behavioral analytics in place so they can quickly identify and respond to potentially dangerous user behavior.

Sowing Chaos and Confusion

In addition to the two key components previously mentioned, there is another role for the Federal government that may assist in limiting disinformation efforts. While not applicable to most agencies, a concerted effort to discredit foreign influencers may play a role in limiting their effectiveness.

Often times, nation states leverage third parties such as organized crime in their efforts to sow confusion. If the U.S. government were to respond to disinformation campaigns with equal efforts against the parties launching them, confidence in those parties may raise questions and limit nation states’ confidence in using these resources. In other words, if organized crime is sowing disinformation on behalf of a nation state, then a carefully orchestrated effort discrediting them in the eyes of the sponsoring nation may limit their effectiveness and ability to operate offensively. This would have the effect of lowering incentives to create these campaigns.

The Bottom Line

The tough reality is that, in an age of social media, there is no silver bullet to combat this real and growing threat. Everyone must be diligent about questioning what they see online, as opposed to simply taking it at face value and internalizing it as facts. Still, Federal IT pros should be most concerned about disinformation undermining their own credibility – and potentially turning their own employees against them.

Awareness is crucial to combating disinformation on both fronts, but it should be supplemented by behavioral analytics. Federal IT pros should proceed as if disinformation is already impacting both their employees and constituents – because it is. This is an all-hands-on-deck issue, but there are many ways to begin combating the threat of disinformation today.