The US military's Information Operations (InfoOps) handbook has this to say:
The ability to share information in near real time, anonymously and/or securely, is a capability that is both an asset and a potential vulnerability to us, our allies, and our adversaries
We’re living in a world where we are frequently told that decreasingly-small actors can do big damage to those once considered great hegemonies, and technology is often cited as the cause of this rebalancing of power. I am a skeptic.
In my mind, it is obvious that it will be the existing powers and owners of information who now more than ever will exercise control over the availability, consumption and understanding of information in our every day lives. As societies grow, so does the problem of collective action on any meaningful scale. Organising critical masses in larger groups is simply harder. The same technologies that enable dissent, as in Turkey, also enable even the most basic of actors to respond to dissent. More sophisticated actors may do more than utilise the same communication channels to organise responses to threats, and may actively craft the information environment of their audiences. Take for instance China, where the world according to the internet available there is a very different place.
What do we mean by InfoOps?
InfoOps may take several different forms.
Propagation of disinformation: the spread of intentionally false or misleading information. Good old propaganda.
Restriction of information availability: prevention of access to true or accurate information. Things such as internet censorship, attacks on journalists, restriction of free speech, and Distributed Denial of Service (DDoS) attacks are all examples of how actors might seek to do this.
Subversion of perceived informational legitimacy: casting doubt on the veracity or reliability of true and accurate information. This may be done by attacking individuals and narratives specifically, or a target audience's perception of the media at large.
Information multiplication: making legitimate information less likely to be encountered or discovered by proliferating irrelevant information. Sometimes it may be impractical or impossible to deny access to, or subvert the legitimacy of information. In such cases, actors may drown out damaging information in a sea of innocuous information that distracts from their concern.
In a world of increasingly-frequent and large DDoS attacks we are not really seeing botnets that are bigger, more advanced or more sophisticated than ever before. What we are seeing, however, is that the average compromised device has access to an internet connection that is faster, and supplemented by an order of magnitude more bandwidth, than was previously ever seen. This is a function of the increasing mass-availability of high-speed internet. To simplify massively: greater consumer access to the 'pipes' that connect different parts of the web, without much increase in the quantity or technology of the pipes, has revealed critical vulnerabilities that have always been inherent in our internet infrastructure.
The truth, though, is that greater consumer access to technology is only a tiny part of the story, and not really the actual problem at all. In geopolitics, as in domestic politics, as in business, information warfare is becoming an activity of choice for those seeking outsized impact. The problem is not just technological, but cultural. Individuals' willingness to look past overt and suspected information operations is exposing flaws in our democratic, free-market-driven assumptions that the “truth will out”. Technology is only the accelerant that makes ideas, good or bad, true or false, burn faster and brighter than ever.
Disinformation is not only increasingly being deployed in international relations, but against celebrities and public figures for mostly innocuous ends, too, in the form of fake news, fake nudes, and so on.
The Future of InfoOps
The next phase in the evolution of public InfoOps is more sophisticated actors developing more believable disinformation with meaningful, malicious or specific aims: deploying disinformation alongside other weapons of information warfare (e.g. fake news in conjunction with a DDoS attack against a company's press site and email servers, and spamming their phone line, so that they cannot respond publicly to clarify the situation).
A variety of motivations exist to engage in corporate disinformation. Stock price manipulation will be at the forefront of many regulators' minds, but the likelihood of active InfoOps campaigns seeking commercial or trade secrets should be of concern, too.
If you're interested to find out how your organisation can shield itself against information risks, active and passive, please get in touch.
This article first appeared on the Soho Strategy website.