Cybersecurity Spotlight – Disinformation and Misinformation
What it is:
Disinformation is false or inaccurate information deliberately spread with malicious intent, while misinformation is its unintentional spread. Disinformation and misinformation commonly take the form of inaccurate or false news or social media posts, manipulated or synthesized photo/video, or hacked websites, and can use any method of communication. Disinformation campaigns are engineered for influence, typically seeking to exploit the psychology of victims’ emotions, identities, political affinities, and existing societal rifts.
Both independent threat actors and large nation-state operations are capable of manufacturing malicious information. Threat actors may have hundreds of human attackers on payroll, or choose to conduct operations via automated bots. When users encounter inaccurate information or intentional disinformation they may be unable to differentiate it from genuine information, sharing it and unwittingly influencing an even wider audience as misinformation.
Influencing the political environment through social discourse is a tactic observed in well-funded and complex information attacks, but actors may have competitive, financial or other motivations as well. Disinformation attacks can function by creating continued influence in a system or sector. Attackers may try to popularize perspectives and viewpoints in target demographics that lead to certain policy or political outcomes. Appearing as authentic citizens or a real customer-base on social media, individual disinformation accounts can appeal to users and align with their existing sentiment. Organizations and individuals alike then experience the pressure to act on what is perceived as recurring legitimate messaging but, in reality, is deception.
Why does it matter:
Disinformation has become a widespread tool of malicious actors used to influence elections worldwide. While political targeting of candidates, ideologies, and issues has been reported, there are also disinformation and misinformation concerns in election administration. Both intentional and unintentional distribution of false information about election processes can compromise public trust and disrupt election administration. Election officials may also be impersonated on social media and via SMS messaging, spreading fabricated and untrue guidance.
False information may result in a variety of outcomes, depending on the type of influence operation:
- Reporting of dangerous weather conditions, claims of physical site overcrowding, violent political activism, and inaccurate health advisories may result in:
- Confrontations at polling places, election offices, mail-in drop boxes, and other physical infrastructure.
- Threats of bodily harm made to election staff and voters.
- Overcrowding at polling sites.
- Reduced voter turnout.
- Mixed messaging related to overseas, absentee, early voting, and other mail-in or online voting methods may result in:
- Increased volume of voter requests for information (phone calls, emails, etc.).
- Surges in web traffic to election administration websites.
- Political demonstrations or news media reporting directed toward election officials.
- Voters improperly completing balloting.
- Reduced voter turnout.
- Misinformation claiming that regular election practices are irregular may undermine trust in an election, such as claims that reporting should be completed more rapidly than normal or that common delays are signs of tampering. Additionally, false exit polling and election results may undermine trust in official tallies.
- Politically motivated cyber threat actors may rely on disinformation and misinformation campaigns against particular election processes, such as doubt being sown about a particular jurisdiction’s election administration activities, to choose targets for cyber attacks. This can effectively turn what was false information into an actual event. Common politically motivated cyber activity includes Distributed Denial of Service (DDoS) attacks, SQL injection attempts, and port scanning.
What you can do:
While election officials cannot control what is posted or communicated in public forums, there are steps that can be taken to mitigate the impacts of and counter potential disinformation and misinformation. Election offices are encouraged to consider disinformation and misinformation in their existing cyber-threat incident response plans.
Identifying Disinformation and Misinformation
- The Cybersecurity and Infrastructure Security Agency (CISA) offers an end user guide and additional resources to spot and manage responses to disinformation:
- Recognize the risk of foreign actor operations.
- Question the source of content and question intent.
- Investigate the issue for other reliable sources before sharing.
- Think before you share, disinformation is designed to evoke an emotional response.
- Talk with your circle about the risks of spreading disinformation.
- Review the Harvard Kennedy School’s Belfer Center publication, “The Election Influence Operations Playbook” for a deeper understanding of these issues and response guidance.
Countering Disinformation and Misinformation
- Work closely with social media companies to establish information controls around new or existing social media presences to prevent account impersonation.
- Create and manage official social media accounts for election offices.
- Gain and display ‘verified’ status on all social media platforms with existing official accounts.
- Set up multi-factor authentication to protect social media accounts from compromise.
- Use public forums to actively counter disinformation and misinformation.
- Regularly publish official messaging about the state of your election infrastructure, responding with accurate information as quickly as possible. This rapid response is even more important as an election nears.
- Work with local media to promote official sources of information.
- Be transparent about the type of information not shared out, so as to protect against alarming notifications or posts.
- Establish a mechanism for the public to report disinformation and misinformation to your office, such as an email or phone number (e.g. firstname.lastname@example.org).
Remediating Disinformation and Misinformation
- Collect detailed incident information to escalate issues and share with the EI-ISAC, federal partners and social media companies.
- Election officials can report identified disinformation and misinformation to email@example.com. Include the following information:
- A screenshot of the social media post and, if possible, the URL
- Your name, role, jurisdiction, and official email address
- A description of why this is misinformation. This doesn’t have to be more than a couple sentences, but more detail is better. Citing a law is even better.
- EI-ISAC will forward this information to:
- The Cyber and Infrastructure Security Agency at the Department of Homeland Security who will submit it to the relevant social media platform(s) for review.
- The Election Integrity Partnership who will analyze the report to see if it is part of a larger disinformation effort.
Reports of Elections Infrastructure Misinformation (“Misinformation”) submitted to the EI-ISAC via the email address above will be shared with the following organizations: (1) the applicable social media platform provider in order to address the Misinformation identified in the report; (2) the Cybersecurity & Infrastructure Security Agency and the Election Integrity Partnership, for analysis of the Misinformation, in conjunction with other relevant information, to identify potential threats to election security; (3) with the National Association for Secretaries of State and National Association of State Elections Directors for situational awareness. The Misinformation may also be shared with other federal agencies, as appropriate, for situational awareness or in the context of a law enforcement investigation.
The EI-ISAC Cybersecurity Spotlight is a practical explanation of a common cybersecurity concept, event, or practice and its application to Elections Infrastructure security. It is intended to provide EI-ISAC members with a working understanding of common technical topics in the cybersecurity industry. If you would like to request a specific term or practice that may be of interest to the elections community, please contact firstname.lastname@example.org.