The Cybersecurity and Infrastructure Security Agency (CISA) released a new CISA Insight today, Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides critical infrastructure owners and operators with guidance on how to identify and mitigate the risks of influence operations that use mis-, dis-, and malinformation (MDM) narratives.
Recently observed foreign influence operations abroad demonstrate that foreign governments and actors can quickly employ sophisticated influence techniques to target American audiences with the goal of disrupting U.S. critical infrastructure and undermining U.S. interests. This CISA Insight is intended to raise awareness amongst critical infrastructure owners and operators on the risks of such influence operations. The document also outlines steps organizations can take to mitigate the effects of MDM, such as ensuring swift coordination in information sharing and communicating accurate and trusted information to bolster resilience.
“We need to be prepared for the potential of foreign influence operations to negatively impact various aspects of our critical infrastructure with the ongoing Russia-Ukraine geopolitical tensions,” said CISA Director Jen Easterly. “We encourage leaders at every organization to take proactive steps to assess their risks from information manipulation and mitigate the impact of potential foreign influence operations.”
CISA encourages all critical infrastructure owners to identify vulnerabilities, educate staff on proper cyber hygiene, and implement an MDM incident response plan:
- Designate an individual to oversee the MDM incident response process and associated crisis communications.
- Establish roles and responsibilities for MDM response, including but responding to media inquiries, issuing public statements, communicating with your staff, and engaging your stakeholder network.
- Ensure your communication systems are set up to handle incoming questions. Phones, social media accounts, and centralized inboxes should be monitored by multiple people on a rotating schedule to avoid burnout.
- Identify and train staff on reporting procedures to social media companies, government, and/or law enforcement.
- Consider your internal coordination channels and processes for identifying incidents, delineating information sharing and response. Foreign actors can combine influence operations with cyber activities, requiring additional coordination to facilitate a whole-of-organization response.
