Source – The Hindu
Syllabus – GS 3 – Challenges to internal security through communication networks, role of media and social networking sites in internal security challenges, basics of cybersecurity; money-laundering and its prevention.
Synopsis – Society needs protection from disinformation. The best approach to deal with it, is to take advantage of the mechanisms already developed for cyber-security.
Cyber-attack and disinformation
- Cyber-attacks are aimed at computer infrastructure, while disinformation exploits inherent cognitive biases and logical fallacies.
- Cyber-attacks are executed using viruses, botnets, and social engineering. Disinformation attacks use manipulated information through deep fakes, and cheap fakes.
- Cyber-attacks and disinformation attacks have always been handled individually. But it is time to accept that disinformation is a cyber-security issue.
What is Cognitive Hacking?
Cognitive hacking is an attack that seeks to manipulate the perception of people by taking advantage of their psychological vulnerabilities. The purpose of the attack is behavioural changes, induced through exposure to disinformation.
- Examples of Cognitive hacking- unfounded concern were induced about US 2020 presidential election fraud by disinformation.
How DDoS and disinformation are linked?
- A Distributed Denial-of-Service (DDoS) attacks target websites and online services. The aim is to flood them with more traffic than the server or network can handle. It prevents the completion of legitimate requests and disrupts the services.
- Similarly, a well-coordinated disinformation campaign floods disinformation to an extent that people start to deny the truth.
- Disinformation is used as psychological manipulation of people into performing an action on a mass scale.
Countermeasure for disinformation attacks
The cyber-security experience can be used to develop disinformation defense systems to mitigate disinformation risks.
- First, this can be done by analyzing the tactics of disinformation. It helps to understand the identities of malicious actors, their activities, and behaviors from the cyber-security domain.
- Second, Layered Security- Mechanisms such as Defence-in-Depth can be used to mitigate disinformation threats. A series of proactive filters are required to filter out the fake information.
- Authenticity at the time of login should be the first layer. If the disinformation is still posted, Human and AI can be used for its detection.
|Defense in Depth (DiD) is an approach to cyber-security. In it, a set of defensive mechanisms are layered to secure valuable data and information. If one system fails, another steps up immediately to thwart an attack. For example, Firewall is the first layer, antivirus is the 2nd, Regular patching is the 3rd layer.|
- Third, an Information sharing framework like ISACs is required to collect and exchange information about the identity, content, actions, and behaviors of disinformation actors.
|Information Sharing and Analysis Center (ISAC) – An industry-specific organization that collects and shares information on cyber threats to critical infrastructure.|
- The technology sector, civil society, and the government should collaborate to make consumers aware of cyber-attacks.
- Media should be used for spreading awareness among common people.
- Taking advantage of existing cybersecurity frameworks, norms, and tactics is the optimum way to meet this threat.