SlideShare a Scribd company logo

2022-08-13_cogsec_defcon.pptx

Download as PPTX, PDF
S
SaraJayneTerp

Slideset for DEFCON30 Misinformation Village training on cognitive security

Internet
1 of 56
DISARM Foundation 2022 Cognitive Security in theory and practice SJ Terp, DISARM Foundation https://www.disarm.foundation/ 1
DISARM Foundation 2022 Agenda ● Cognitive security ○ Definitions ● Ecosystem assessment ○ Information landscape ○ Harm components landscape ○ Response landscape ● CTI Activities ○ Disinformation risk assessment ○ Detection and response coordination ● Bonus ○ Real-world example 2
DISARM Foundation 2022 The Disarm Foundation https://www.disarm.foundation/ Created to manage the DISARM family of disinformation management and response frameworks 3
DISARM Foundation 2022 Disarm Foundation: Frameworks and Training https://github.com/DISARMFoundation/DISARMframeworks 4
DISARM Foundation 2022 Work over the past year… Communities ● CogSecCollab ● CTI League disinformation team Collaborations ● DISARM Foundation (inc MITRE, FIU, EU etc) ● Community-level behaviour tagging (UW) ● Disinformation response coordination: European Union (51 countries), UNDP (170 countries), individual countries (3 english-speaking ones), (WHO Europe&Central Asia: 51+ countries) ● Defcon Misinfo Village (inc CredCo / MisinfoCon) ● Atlantic Council / Vanguards Mentoring ● Individuals and organisations ● Book sub-editing ● Machine learning in infosec PhD advisors ● Nonprofit boards (RealityTeam, SocietyLibrary etc) Research ● Risk-based Cognitive Security ○ AMITT model set (DISARM, EU, NATO, etc) ○ AMITT-SPICE model merge (with MITRE, FIU) ○ Extensions to FAIR etc ○ Community disinfo behaviour tagging (UW) ● Machine learning for cognitive security ○ Disinfo OSINT (country) ○ Community-based disinfo response (UN) ○ Extremism tracking (country) ● One-off research ○ Disinformation market models (DARPA) ○ Assessing disinformation training systems (State Dept) ○ Disinformation social ecological models (ARLIS) ○ Etc Teaching (Uni Maryland, FBI, CanSecWest) ● Cognitive Security: defence against disinformation ● Ethical hacking: sociotechnical cybersecurity ● Fundamentals of technology innovation 5
DISARM Foundation 2022 Cognitive security 6 The brains side of information security
DISARM Foundation 2022 Cognitive Security is Information Security applied to disinformation+ “Cognitive security is the application of information security principles, practices, and tools to misinformation, disinformation, and influence operations. It takes a socio-technical lens to high-volume, high-velocity, and high-variety forms of “something is wrong on the internet”. Cognitive security can be seen as a holistic view of disinformation from a security practitioner’s perspective 7
DISARM Foundation 2022 Earlier Definitions: Cognitive Security: both of them “Cognitive Security is the application of artificial intelligence technologies, modeled on human thought processes, to detect security threats.” - XTN MLSec - machine learning in information security ● ML used in attacks on information systems ● ML used to defend information systems ● Attacking ML systems and algorithms ● Adversarial AI “Cognitive Security (COGSEC) refers to practices, methodologies, and efforts made to defend against social engineering attempts‒intentional and unintentional manipulations of and disruptions to cognition and sensemaking” - cogsec.org CogSec - social engineering at scale ● Manipulation of individual beliefs, belonging, etc ● Manipulation of human communities ● Adversarial cognition 8
DISARM Foundation 2022 Earlier Definitions: Social Engineering: both of them “the use of centralized planning in an attempt to manage social change and regulate the future development and behavior of a society.” ● Mass manipulation etc “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.” ● Phishing etc 9
DISARM Foundation 2022 Information Security Layers PHYSICAL SECURITY CYBER SECURITY COGNITIVE SECURITY 10
DISARM Foundation 2022 Cyber Security vs Cognitive Security: Objects Computers Networks Internet Data Actions People Communities Internet Beliefs Actions 11 Image: DISARM Foundation
DISARM Foundation 2022 Things to worry about: Hybrid incidents 12 ● Hybrid: cyber + cognitive + physical ● Cyber supporting cognitive ● Cognitive supporting cyber ● Cyber attack forms adapted to cognitive Image: Verizon DBIR https://www.verizon.com/business/resources/reports/dbir/
DISARM Foundation 2022 Ecosystem assessment 13 Information + harms + response landscapes Image: DISARM Foundation
DISARM Foundation 2022 Risk Controls: Lifecycle Models 14 Images: WHO Europe, https://www.nist.gov/cyberframework/online-learning/components-framework
DISARM Foundation 2022 Ecosystem Assessment Information Landscape • Information seeking • Information sharing • Information sources • Information voids Harms Landscape • Motivations • Sources/ Starting points • Effects • Misinformation Narratives • Hateful speech narratives • Crossovers • Tactics and Techniques • Artifacts Response Landscape • Monitoring organisations • Countering organisations • Coordination • Existing policies • Technologies • etc 15
DISARM Foundation 2022 Information Landscape ● Actors ● Channels ● Influencers ● Groups ● Messaging ● Narratives and memes ● Tools 16 ● Verified information ● Rumours ● Misinformation ● Conspiracies ● Information voids / deserts People and accounts: ● Seeking information - using search, questions, influencers etc ● Sharing information through channels ● Posting information
DISARM Foundation 2022 Harms Component Landscape ● Actors ○ Nationstates, individuals, companies, DAAS companies ● Channels ○ Where people seek, share, post information ○ Where people are encouraged to go ● Influencers ○ Not about followers: might be large influence over smaller groups ● Groups ○ Created to create or spread disinfo. Often real members, fake creators. Lots of themes. Often closed groups. ● Messaging ○ Cognitive bias codex of about 200 biases: each of these is a vulnerability ● Narratives and memes ○ Narratives designed to spread fast / be sticky. Often on a theme, often repeated ● Tools ○ Bots, personas, network analysis, marketing tools, IFTTT etc 17 ● Verified information ● Rumours ● Misinformation ● Conspiracies ● Information voids / deserts People and accounts: ● Seeking information - using search, questions, influencers etc ● Sharing information through channels ● Posting information
DISARM Foundation 2022 Response landscape 18 Image: DISARM Foundation 1000s of response groups. Many more potential groups. Sporadic coordination ● Media view: MDM (mis/dis/mal-information); falseness and intent to harm ● Military view: psyops/MISO ● Communications view: management of trust ● Infosec view: information protection
DISARM Foundation 2022 Communications view: shift to trust management 19 Image: WHO Europe
DISARM Foundation 2022 Tools: desk surveys, collaboration, GAMES Learning game ● fun experience that teaches you something ● Useful for training large numbers of people simultaneously Red team / Purple team ● test an organisation’s defences by thinking like a bad guy ● Useful for finding system vulnerabilities, and predicting future moves Tabletop exercise ● key people responding to a simulated event ● Useful for creating cohesive teams. Often large scale Simulation ● imitation of processes and environment ● Useful for “what if” automated tests 20 ● http://www.theknowledgeguru.com/games-vs-simulations-choosing-right-approach/ ● https://www.edutopia.org/sims-vs-games ● Roozenbeek, van der Linder “Inoculation theory and Misinformation”, NATO report, 2021
DISARM Foundation 2022 Disinformation Risk Assessment 21 (TL;DR adapt all the things) Image: https://www.risklens.com/infographics/fair-model-on-a-page
DISARM Foundation 2022 Disinformation as a risk management problem Manage the risks, not the artifacts ● Risk assessment, reduction, remediation ● Risks: How bad? How big? How likely? Who to? ● Attack surfaces, vulnerabilities, potential losses / outcomes Manage resources ● Mis/disinformation is everywhere ● Detection, mitigation, response ● People, technologies, time, attention ● Connections 22 Image: https://www.risklens.com/infographics/fair-model-on-a-page
DISARM Foundation 2022 FAIR adaptation - sneak peek 23 ● Assets: what are you protecting? ○ E.g. election authority reputation ● Threats: protecting from whom? ○ We know this bit… ● Threat effects: CIA+ ● Losses: what do you stand to lose? ○ What are the harms? ○ How do you estimate them? ● Stakeholders: who should care? ● Vulnerabilities: what increases your likelihood of an event? ○ Unaware population ○ Information voids etc ● Controls: what can you do to reduce risk?
DISARM Foundation 2022 Risk Effect: Parkerian Hexad Confidentiality, integrity, availability ■ Confidentiality: data should only be visible to people who authorized to see it ■ Integrity: data should not be altered in unauthorized ways ■ Availability: data should be available to be used Possession, authenticity, utility ■ Possession: controlling the data media ■ Authenticity: accuracy and truth of the origin of the information ■ Utility: usefulness (e.g. losing the encryption key) 24 Image: Parkerian Hexad, from https://www.sciencedirect.com/topics/computer- science/parkerian-hexad Image: https://www.staffhosteurope.com/blog/2019/03/cybersecurity-and-the-parkerian-hexad
DISARM Foundation 2022 Risk component: Digital harms frameworks Physical harm e.g. bodily injury, damage to physical assets (hardware, infrastructure, etc). Psychological harm e.g. depression, anxiety from cyber bullying, cyber stalking etc Economic harm financial loss, e.g. from data breach, cybercrime etc Reputational harm e.g. Organization: loss of consumers; Individual: disruption of personal life; Country: damaged trade negotiations. Cultural harm increase in social disruption, e.g. misinformation creating real- world violence. Political harm e.g. disruption in political process, government services from e.g. internet shutdown, botnets influencing votes 25 Image: https://dai-global-digital.com/cyber-harm.html) Plus responder harms: psychological damage, security risks
DISARM Foundation 2022 Detection and response coordination 27 Borrowing from ISACs Image: DISARM Foundation
DISARM Foundation 2022 CogSoc info sharing Cognitive ISAO ISAC/ ISAO Infosec SOC Comms Legal COG SOC Trust& Safety Platform ORG Infosec SOC Comms Legal COG Desk Trust& Safety Platform Comms Legal COG Desk Trust& Safety Platform ORG ORG ORG ORG ORG ORG ORG COG SOC 28 Image: DISARM Foundation
DISARM Foundation 2022 Cognitive Security Operations Centers 29 Image: DISARM Foundation
DISARM Foundation 2022 Incidents: layers of detection, layers of response Campaigns Incidents Narratives and behaviours Artifacts 30 Image: DISARM Foundation
DISARM Foundation 2022 COGSEC adaptations to STIX CAMPAIG N INCIDENT NARRATIVE ARTIFAC T 31 Image: https://africacheck.org/fact- checks/reports/anatomy-disinformation-campaign- who-what-and-why-deliberate-falsehoods-twitter Image: DISARM Foundation
DISARM Foundation 2022 DISARM Red: CogSec version of KillChain and ATT&CK 32 Image: DISARM Foundation
DISARM Foundation 2022 DISARM Tactic Stages 33 Phase: PLAN ● TA01: Plan Strategy ● TA02: Plan Objectives ● TA13: Target Audience Analysis Phase: PREPARE ● TA14: Develop Narratives ● TA06: Develop Content ● TA15: Establish Social Assets ● TA16: Establish Legitimacy ● TA05: Microtarget ● TA07: Select Channels and Affordances Phase: EXECUTE ● TA08: Conduct Pump Priming ● TA09: Deliver Content ● TA17: Maximise Exposure ● TA18: Drive Online Harms ● TA10: Drive Offline Activity Phase: ASSESS ● TA11: Persist in the Information Environment ● TA12: Assess Effectiveness
DISARM Foundation 2022 Controls: Countermeasure categories DECEIVE DENY DESTROY DETER DEGRADE DISRUPT DETECT 34
DISARM Foundation 2022 Planning Strategic Planning Objective Planning Preparation Develop People Develop Networks Microtargeting Develop Content Channel Selection Execution Pump Priming Exposure Prebunking Humorous counter narratives Mark content with ridicule / decelerants Expire social media likes/ retweets Influencer disavows misinfo Cut off banking access Dampen emotional reaction Remove / rate limit botnets Social media amber alert Etc Go Physical Persistence Evaluation Measure Effectiveness Have a disinformation response plan Improve stakeholder coordination Make civil society more vibrant Red team disinformation, design mitigations Enhanced privacy regulation for social media Platform regulation Shared fact checking database Repair broken social connections Pre-emptive action against disinformation team infrastructure Etc Media literacy through games Tabletop simulations Make information provenance available Block access to disinformation resources Educate influencers Buy out troll farm employees / offer jobs Legal action against for-profit engagement farms Develop compelling counter narratives Run competing campaigns Etc Find and train influencers Counter-social engineering training Ban incident actors from funding sites Address truth in narratives Marginalise and discredit extremist groups Ensure platforms are taking down accounts Name and shame disinformation influencers Denigrate funding recipient / project Infiltrate in-groups Etc Remove old and unused accounts Unravel Potemkin villages Verify project before posting fund requests Encourage people to leave social media Deplatform message groups and boards Stop offering press credentials to disinformation outlets Free open library sources Social media source removal Infiltrate disinformation platforms Etc Fill information voids Stem flow of advertising money Buy more advertising than disinformation creators Reduce political targeting Co-opt disinformation hashtags Mentorship: elders, youth, credit Hijack content and link to information Honeypot social community Corporate research funding full disclosure Real-time updates to factcheck database Remove non- relevant content from special interest groups Content moderation Prohibit images in political Chanels Add metadata to original content Add warning labels on sharing Etc Rate-limit engagement Redirect searches away from disinfo Honeypot: fake engagement system Bot to engage and distract trolls Strengthen verification methods Verified ids to comment or contribute to poll Revoke whitelist / verified status Microtarget likely targets with counter messages Train journalists to counter influence moves Tool transparency and literacy in followed channels Ask media not to report false info Repurpose images with counter messages Engage payload and debunk Debunk/ defuse fake expert credentials Don’t engage with payloads Hashtag jacking Etc DMCA takedown requests Spam domestic actors with lawsuits Seize and analyse botnet servers Poison monitoring and evaluation data Bomb link shorteners with calls Add random links to network graphs 35 DISARM Blue: Countermeasures Framework Image: DISARM Foundation
DISARM Foundation 2022 Red/Blue teaming: using blue to red links 36 Image: DISARM Foundation
DISARM Foundation 2022 Tools DISARM objects work with all STIX-compatible systems ● MITRE ATT&CK Navigator ● EEAS using DISARM STIX objects in OpenCTI ● Compatible with many other information security tools DISARM objects already embedded in tools ● DISARM already in every MISP instance User-friendly standalone tools ● DISARM Foundation building DISARM Explorer app to make non-technical use of DISARM easier. 37
DISARM Foundation 2022 Disarm Explorer 38 https://disarmframework.he rokuapp.com/ ● Clickable copies of the DISARM frameworks ● Building backend to click button and create/send DISARM format summary as list, CSV, STIX, or MISP message. Image: DISARM Foundation
THANK YOU SJ Terp @bodaceacat https://www.disarm.foundation/ 39
DISARM Foundation 2022 Bonus: Real-world Example 40 How it works in “real”
DISARM Foundation 2022 Example Information Landscape • Traditional Media • Newspapers • Radio - including community radio • TV • Social Media • Facebook • Whatsapp • Twitter • Youtube/ Telegram/ etc • Others • Word of mouth 41
DISARM Foundation 2022 Example Threat Landscape • Motivations • Geopolitics mostly absent • Party politics (internal, inter-party) • Actors • Activities • Manipulate faith communities • discredit election process • Discredit/discourage journalists • Attention (more drama) • Risks / severities • Sources • WhatsApp • Blogs • Facebook pages • Online newspapers • Media • Routes • Hijacked narratives • Whatsapp to blogs, vice versa • Whatsapp forwarding • facebook to whatsapp • Social media to traditional media • Social media to word of mouth 42
DISARM Foundation 2022 Creator Behaviours ● T0007: Create fake Social Media Profiles / Pages / Groups ● T0008: Create fake or imposter news sites ● T0022: Conspiracy narratives ● T0023: Distort facts ● T0052: Tertiary sites amplify news ● T0036: WhatsApp ● T0037: Facebook ● T0038: Twitter 43 Image: DISARM Foundation
DISARM Foundation 2022 Example Response Landscape (Needs / Work / Gaps) Risk Reduction ● Media and influence literacy ● information landscaping ● Other risk reduction Monitoring ● Radio, TV, newspapers ● Social media platforms ● Tips Analysis ● Tier 1 (creates tickets) ● Tier 2 (creates mitigations) ● Tier 3 (creates reports) ● Tier 4 (coordination) Response ● Messaging ○ prebunk ○ debunk ○ counternarratives ○ amplification ● Actions ○ removal ○ other actions ● Reach 44
DISARM Foundation 2022 Responder Behaviours ● C00009: Educate high profile influencers on best practices ● C00008: Create shared fact-checking database ● C00042: Address truth contained in narratives ● C00030: Develop a compelling counter narrative (truth based) ● C00093: Influencer code of conduct ● C00193: promotion of a “higher standard of journalism” ● C00073: Inoculate populations through media literacy training ● C00197: remove suspicious accounts ● C00174: Create a healthier news environment ● C00205: strong dialogue between the federal government and private sector to encourage better reporting ● C00009: Educate high profile influencers on best practices ● C00008: Create shared fact-checking database ● C00042: Address truth contained in narratives ● C00030: Develop a compelling counter narrative (truth based) ● C00093: Influencer code of conduct ● C00193: promotion of a “higher standard of journalism” ● C00073: Inoculate populations through media literacy training ● C00197: remove suspicious accounts ● C00174: Create a healthier news environment ● C00205: strong dialogue between the federal government and private sector to encourage better reporting 45 Image: DISARM Foundation
DISARM Foundation 2022 Practical: Resource Allocation • Tagging needs and groups with AMITT labels • Building collaboration mechanisms to reduce lost tips and repeated collection • Designing for future potential surges • Automating repetitive jobs to reduce load on humans 46 Image: DISARM Foundation
THANK YOU SJ Terp @bodaceacat https://www.disarm.foundation/ 47
DISARM Foundation 2022 DISARM Foundation: where we’ve been Credibility Coalition Misinfosec WG ● Slack ● https://medium.com/@credibilitycoalitio n/misinfosec-framework-99e3bff5935d ● Created AMITT models CogSecCollab ● https://cogsec-collab.org/ ● Maintained AMITT models ● Mentored new organisations ● Ran disinfo & extremism deployments ● Ran CTI League disinformation team ● MITRE branched AM!TT, as SP!CE DISARM Foundation ● https://www.disarm.foundation/ ● https://github.com/disarmfoundation ● remerge AMITT and SPICE ● Maintains DISARM models Misinfosec’s original definition: “deliberate promotion… of false, misleading or mis-attributed information focus on online creation, propagation, consumption of disinformation We are especially interested in disinformation designed to change beliefs or emotions in a large number of people” 48
DISARM Foundation 2022 Cognitive Security course What we’re dealing with 1. Introduction a. disinformation reports, ethics b. researcher risks 2. fundamentals (objects) 3. cogsec risks Human aspects 1. human system vulnerabilities and patches 2. psychology of influence Building better models 1. frameworks 2. relational frameworks 3. building landscapes Investigating incidents 8. setting up an investigation 9. misinformation data analysis 10. disinformation data analysis Improving our responses 8. disinformation responses 9. monitoring and evaluation 10. games, red teaming and simulations Where this is heading 8. cogsec as a business 9. future possibilities 49
DISARM Foundation 2022 Sociotechnical Ethical Hacking course First, do no harm 1. Ethics = risk management 2. Don’t harm others (harms frameworks) 3. Don’t harm yourself (permissions etc) 4. Fix what you break (purple teaming) It’s systems all the way down 1. Infosec = systems (sociotechnical infosec) 2. All systems can be broken (with resources) 3. All systems have back doors (people, hardware, process, tech etc) Psychology is important 1. Reverse engineering = understanding someone else’s thoughts 2. Social engineering = adapting someone else’s thoughts 3. Algorithms think too (adversarial AI) Be curious about everything 1. Curiosity is a hacker’s best friend 2. Computers are everywhere (IoT etc) 3. Help is everywhere (how to search, how to ask) Cognitive security 14. Yourself (systems thinking) 15. Social media (social engineering) 16. Elections (mixed security modes) Physical security 14. Locksports (vulnerabilities) 15. Buildings and physical (don’t harm self) Cyber security 14. Web, networks, PCs 15. Machine learning (adversarial AI) 16. Maps and algorithms (back doors) 17. Assembler (microcontrollers) 18. Hardware (IoT) 19. Radio (AISB etc) Systems that move 14. Cars (canbuses and bypasses) 15. Aerospace (reverse engineering) 16. Satellites (remote commands) 17. Robotics / automation (don’t harm others) 50
DISARM Foundation 2022 Bonus: Purple Team Exercises
DISARM Foundation 2022 Exercise rules ● You’re limited by your own resources: money, people, time, assets ● You’re allowed to outsource ● You’re aware of consequences from your actions ● You may or may not encounter countermeasures ● Any narrative, behaviour, asset you can think of is in bounds ● You *will* be asked to fix what you broke before leaving the exercise 52
DISARM Foundation 2022 Suggested actions Follow the DISARM Red framework ● Set goals ● Gather information ○ Find weaknesses ● Plan activities ● Prepare ○ Decide on materials, narratives, behaviours, channels, influencers etc ● Exploit weaknesses ○ Deploy ● Measure (and adjust as needed) ● Leave ○ what do you leave in place? What do you keep for the next one etc 53
DISARM Foundation 2022 Recap: models and frameworks DISARM Red, DISARM Blue: behaviours FLICC: narrative behaviours 54
DISARM Foundation 2022 Disinformation as a service “Doctor Zhivago’s services were priced very specifically, as seen below: ● $15 for an article up to 1,000 characters ● $8 for social media posts and commentary up to 1,000 characters ● $10 for Russian to English translation up to 1,800 characters ● $25 for other language translation up to 2,000 characters ● $1,500 for SEO services to further promote social media posts and traditional media articles, with a time frame of 10 to 15 days Raskolnikov, on the other hand, had less specific pricing: ● $150 for Facebook and other social media accounts and content ● $200 for LinkedIn accounts and content ● $350–$550 per month for social media marketing ● $45 for an article up to 1,000 characters ● $65 to contact a media source directly to spread material ● $100 per 10 comments for a given article or news story”
DISARM Foundation 2022 Scenario 1: DaaS ● Player: You run a disinformation as a service company ○ It used to be a marketing company, but disinfo pays better ○ You’re based in the Philippines ● Brief: to run a campaign against a US company ○ Your customer is a rival company in Russia ○ They’ve paid you $10,000 for this ○ And expect results within 2 weeks because there’s a regulatory summit then ● Resources: ○ You have 5 people available ○ You have existing assets from other campaigns: Social media accounts, fake news websites ● Plan: Over to you ○ What do you do (narratives, techniques etc)? What resources do you need and use? What are your measures of success?
DISARM Foundation 2022 Scenario 2: Pink Slime Player: you’re a high-profile individual with a network of fake news sites ● You started with one site selling alternative health treatments ● Then discovered that clicks paid you a lot - especially if you game Google’s algorithms to get top slot Brief: adtech exchanges are cracking down on your ad funding ● What else are you going to do to make money? ● How can you maximise this? Resources: ● You have a team of 40 people total. Many of them are managing social media and content on your sites, but you also have web developers, strategists, and access to DaaS companies ● You control 400 fake news sites. 40 of these haven’t been found by factcheckers yet Plan: What do you do (narratives, techniques etc)? What resources do you need and use? What are your measures of success? 57

Recommended

Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)SaraJayneTerp
 
CSW2022_03_threat_environment.pptx.pdf
CSW2022_03_threat_environment.pptx.pdfCSW2022_03_threat_environment.pptx.pdf
CSW2022_03_threat_environment.pptx.pdfSaraJayneTerp
 
CSW2022_06_influence.pptx.pdf
CSW2022_06_influence.pptx.pdfCSW2022_06_influence.pptx.pdf
CSW2022_06_influence.pptx.pdfSaraJayneTerp
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...Sara-Jayne Terp
 
CSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfCSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfSaraJayneTerp
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
CSW2022_05_data collection.pptx.pdf
CSW2022_05_data collection.pptx.pdfCSW2022_05_data collection.pptx.pdf
CSW2022_05_data collection.pptx.pdfSaraJayneTerp
 
CSW2022_08_behaviours.pptx.pdf
CSW2022_08_behaviours.pptx.pdfCSW2022_08_behaviours.pptx.pdf
CSW2022_08_behaviours.pptx.pdfSaraJayneTerp
 

Recommended

Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)SaraJayneTerp
 
CSW2022_03_threat_environment.pptx.pdf
CSW2022_03_threat_environment.pptx.pdfCSW2022_03_threat_environment.pptx.pdf
CSW2022_03_threat_environment.pptx.pdfSaraJayneTerp
 
CSW2022_06_influence.pptx.pdf
CSW2022_06_influence.pptx.pdfCSW2022_06_influence.pptx.pdf
CSW2022_06_influence.pptx.pdfSaraJayneTerp
 
disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...disinformation risk management: leveraging cyber security best practices to s...
disinformation risk management: leveraging cyber security best practices to s...Sara-Jayne Terp
 
CSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfCSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfSaraJayneTerp
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
CSW2022_05_data collection.pptx.pdf
CSW2022_05_data collection.pptx.pdfCSW2022_05_data collection.pptx.pdf
CSW2022_05_data collection.pptx.pdfSaraJayneTerp
 
CSW2022_08_behaviours.pptx.pdf
CSW2022_08_behaviours.pptx.pdfCSW2022_08_behaviours.pptx.pdf
CSW2022_08_behaviours.pptx.pdfSaraJayneTerp
 
2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_secSara-Jayne Terp
 
CSW2022_09_riskassessment.pptx.pdf
CSW2022_09_riskassessment.pptx.pdfCSW2022_09_riskassessment.pptx.pdf
CSW2022_09_riskassessment.pptx.pdfSaraJayneTerp
 
Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other thingsSara-Jayne Terp
 
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE - ATT&CKcon
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiAllanGray11
 
Using AMITT and ATT&CK frameworks
Using AMITT and ATT&CK frameworksUsing AMITT and ATT&CK frameworks
Using AMITT and ATT&CK frameworksSara-Jayne Terp
 
Data platform architecture principles - ieee infrastructure 2020
Data platform architecture principles - ieee infrastructure 2020Data platform architecture principles - ieee infrastructure 2020
Data platform architecture principles - ieee infrastructure 2020Julien Le Dem
 
Modeling Cybersecurity with Neo4j, Based on Real-Life Data Insights
Modeling Cybersecurity with Neo4j, Based on Real-Life Data InsightsModeling Cybersecurity with Neo4j, Based on Real-Life Data Insights
Modeling Cybersecurity with Neo4j, Based on Real-Life Data InsightsNeo4j
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
DoWhy Python library for causal inference: An End-to-End tool
DoWhy Python library for causal inference: An End-to-End toolDoWhy Python library for causal inference: An End-to-End tool
DoWhy Python library for causal inference: An End-to-End toolAmit Sharma
 
Sopra Steria: Intelligent Network Analysis in a Telecommunications Environment
Sopra Steria: Intelligent Network Analysis in a Telecommunications EnvironmentSopra Steria: Intelligent Network Analysis in a Telecommunications Environment
Sopra Steria: Intelligent Network Analysis in a Telecommunications EnvironmentNeo4j
 
Institutional aggression
Institutional aggression Institutional aggression
Institutional aggression G Baptie
 
Graph Gurus Episode 6: Community Detection
Graph Gurus Episode 6: Community DetectionGraph Gurus Episode 6: Community Detection
Graph Gurus Episode 6: Community DetectionTigerGraph
 
Social Network Analysis
Social Network AnalysisSocial Network Analysis
Social Network AnalysisIsmail Fahmi
 
How Data is Driving AI Innovation
How Data is Driving AI InnovationHow Data is Driving AI Innovation
How Data is Driving AI InnovationMatt Turner
 
Causality without headaches
Causality without headachesCausality without headaches
Causality without headachesBenoît Rostykus
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
Graph Neural Networks for Recommendations
Graph Neural Networks for RecommendationsGraph Neural Networks for Recommendations
Graph Neural Networks for RecommendationsWQ Fan
 
Fairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML SystemsFairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML SystemsKrishnaram Kenthapadi
 
Scott Lundberg, Microsoft Research - Explainable Machine Learning with Shaple...
Scott Lundberg, Microsoft Research - Explainable Machine Learning with Shaple...Scott Lundberg, Microsoft Research - Explainable Machine Learning with Shaple...
Scott Lundberg, Microsoft Research - Explainable Machine Learning with Shaple...Sri Ambati
 
CSW2022_02_info_response_environments.pptx.pdf
CSW2022_02_info_response_environments.pptx.pdfCSW2022_02_info_response_environments.pptx.pdf
CSW2022_02_info_response_environments.pptx.pdfSaraJayneTerp
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfSaraJayneTerp
 

More Related Content

What's hot

2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_secSara-Jayne Terp
 
CSW2022_09_riskassessment.pptx.pdf
CSW2022_09_riskassessment.pptx.pdfCSW2022_09_riskassessment.pptx.pdf
CSW2022_09_riskassessment.pptx.pdfSaraJayneTerp
 
Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other thingsSara-Jayne Terp
 
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE - ATT&CKcon
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiAllanGray11
 
Using AMITT and ATT&CK frameworks
Using AMITT and ATT&CK frameworksUsing AMITT and ATT&CK frameworks
Using AMITT and ATT&CK frameworksSara-Jayne Terp
 
Data platform architecture principles - ieee infrastructure 2020
Data platform architecture principles - ieee infrastructure 2020Data platform architecture principles - ieee infrastructure 2020
Data platform architecture principles - ieee infrastructure 2020Julien Le Dem
 
Modeling Cybersecurity with Neo4j, Based on Real-Life Data Insights
Modeling Cybersecurity with Neo4j, Based on Real-Life Data InsightsModeling Cybersecurity with Neo4j, Based on Real-Life Data Insights
Modeling Cybersecurity with Neo4j, Based on Real-Life Data InsightsNeo4j
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
DoWhy Python library for causal inference: An End-to-End tool
DoWhy Python library for causal inference: An End-to-End toolDoWhy Python library for causal inference: An End-to-End tool
DoWhy Python library for causal inference: An End-to-End toolAmit Sharma
 
Sopra Steria: Intelligent Network Analysis in a Telecommunications Environment
Sopra Steria: Intelligent Network Analysis in a Telecommunications EnvironmentSopra Steria: Intelligent Network Analysis in a Telecommunications Environment
Sopra Steria: Intelligent Network Analysis in a Telecommunications EnvironmentNeo4j
 
Institutional aggression
Institutional aggression Institutional aggression
Institutional aggression G Baptie
 
Graph Gurus Episode 6: Community Detection
Graph Gurus Episode 6: Community DetectionGraph Gurus Episode 6: Community Detection
Graph Gurus Episode 6: Community DetectionTigerGraph
 
Social Network Analysis
Social Network AnalysisSocial Network Analysis
Social Network AnalysisIsmail Fahmi
 
How Data is Driving AI Innovation
How Data is Driving AI InnovationHow Data is Driving AI Innovation
How Data is Driving AI InnovationMatt Turner
 
Causality without headaches
Causality without headachesCausality without headaches
Causality without headachesBenoît Rostykus
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
Graph Neural Networks for Recommendations
Graph Neural Networks for RecommendationsGraph Neural Networks for Recommendations
Graph Neural Networks for RecommendationsWQ Fan
 
Fairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML SystemsFairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML SystemsKrishnaram Kenthapadi
 
Scott Lundberg, Microsoft Research - Explainable Machine Learning with Shaple...
Scott Lundberg, Microsoft Research - Explainable Machine Learning with Shaple...Scott Lundberg, Microsoft Research - Explainable Machine Learning with Shaple...
Scott Lundberg, Microsoft Research - Explainable Machine Learning with Shaple...Sri Ambati
 

What's hot (20)

2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec2020 12 nyu-workshop_cog_sec
2020 12 nyu-workshop_cog_sec
 
CSW2022_09_riskassessment.pptx.pdf
CSW2022_09_riskassessment.pptx.pdfCSW2022_09_riskassessment.pptx.pdf
CSW2022_09_riskassessment.pptx.pdf
 
Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other things
 
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
MITRE ATT&CKcon 2.0: AMITT - ATT&CK-based Standards for Misinformation Threat...
 
Continuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash BaraiContinuous Automated Red Teaming (CART) - Bikash Barai
Continuous Automated Red Teaming (CART) - Bikash Barai
 
Using AMITT and ATT&CK frameworks
Using AMITT and ATT&CK frameworksUsing AMITT and ATT&CK frameworks
Using AMITT and ATT&CK frameworks
 
Data platform architecture principles - ieee infrastructure 2020
Data platform architecture principles - ieee infrastructure 2020Data platform architecture principles - ieee infrastructure 2020
Data platform architecture principles - ieee infrastructure 2020
 
Modeling Cybersecurity with Neo4j, Based on Real-Life Data Insights
Modeling Cybersecurity with Neo4j, Based on Real-Life Data InsightsModeling Cybersecurity with Neo4j, Based on Real-Life Data Insights
Modeling Cybersecurity with Neo4j, Based on Real-Life Data Insights
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
DoWhy Python library for causal inference: An End-to-End tool
DoWhy Python library for causal inference: An End-to-End toolDoWhy Python library for causal inference: An End-to-End tool
DoWhy Python library for causal inference: An End-to-End tool
 
Sopra Steria: Intelligent Network Analysis in a Telecommunications Environment
Sopra Steria: Intelligent Network Analysis in a Telecommunications EnvironmentSopra Steria: Intelligent Network Analysis in a Telecommunications Environment
Sopra Steria: Intelligent Network Analysis in a Telecommunications Environment
 
Institutional aggression
Institutional aggression Institutional aggression
Institutional aggression
 
Graph Gurus Episode 6: Community Detection
Graph Gurus Episode 6: Community DetectionGraph Gurus Episode 6: Community Detection
Graph Gurus Episode 6: Community Detection
 
Social Network Analysis
Social Network AnalysisSocial Network Analysis
Social Network Analysis
 
How Data is Driving AI Innovation
How Data is Driving AI InnovationHow Data is Driving AI Innovation
How Data is Driving AI Innovation
 
Causality without headaches
Causality without headachesCausality without headaches
Causality without headaches
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk Assessment
 
Graph Neural Networks for Recommendations
Graph Neural Networks for RecommendationsGraph Neural Networks for Recommendations
Graph Neural Networks for Recommendations
 
Fairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML SystemsFairness and Privacy in AI/ML Systems
Fairness and Privacy in AI/ML Systems
 
Scott Lundberg, Microsoft Research - Explainable Machine Learning with Shaple...
Scott Lundberg, Microsoft Research - Explainable Machine Learning with Shaple...Scott Lundberg, Microsoft Research - Explainable Machine Learning with Shaple...
Scott Lundberg, Microsoft Research - Explainable Machine Learning with Shaple...
 

Similar to 2022-08-13_cogsec_defcon.pptx

CSW2022_02_info_response_environments.pptx.pdf
CSW2022_02_info_response_environments.pptx.pdfCSW2022_02_info_response_environments.pptx.pdf
CSW2022_02_info_response_environments.pptx.pdfSaraJayneTerp
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfSaraJayneTerp
 
CanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfCanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfSaraJayneTerp
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radarSaraJayneTerp
 
CSW2022_10_risk_prioritisation.pptx.pdf
CSW2022_10_risk_prioritisation.pptx.pdfCSW2022_10_risk_prioritisation.pptx.pdf
CSW2022_10_risk_prioritisation.pptx.pdfSaraJayneTerp
 
AMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxAMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxSaraJayneTerp
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umarylandSara-Jayne Terp
 
Drone-based Learning for Project-based Learning (for printing only-real).pptx
Drone-based Learning for Project-based Learning (for printing only-real).pptxDrone-based Learning for Project-based Learning (for printing only-real).pptx
Drone-based Learning for Project-based Learning (for printing only-real).pptxMohd Shahril Nizam Shaharom
 
War Against Terrorism - CIO's Role
War Against Terrorism - CIO's RoleWar Against Terrorism - CIO's Role
War Against Terrorism - CIO's RoleAyodeji Rotibi
 
1427 Women in Cybersecurity-Taking Charge and Protecting the World
1427 Women in Cybersecurity-Taking Charge and Protecting the World1427 Women in Cybersecurity-Taking Charge and Protecting the World
1427 Women in Cybersecurity-Taking Charge and Protecting the WorldCareer Communications Group
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...Aladdin Dandis
 
FORUM 2013 Social media - a risk management challenge
FORUM 2013 Social media - a risk management challengeFORUM 2013 Social media - a risk management challenge
FORUM 2013 Social media - a risk management challengeFERMA
 
The Business(es) of Disinformation
The Business(es) of DisinformationThe Business(es) of Disinformation
The Business(es) of DisinformationSara-Jayne Terp
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Threat Sharing for Human Rights
Threat Sharing for Human RightsThreat Sharing for Human Rights
Threat Sharing for Human RightsMegan DeBlois
 
Social Media Security Risk Slide Share Version
Social Media Security Risk Slide Share VersionSocial Media Security Risk Slide Share Version
Social Media Security Risk Slide Share Versionfamudal
 
Risk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageRisk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageSara-Jayne Terp
 
Managing crisis world vision
Managing crisis world visionManaging crisis world vision
Managing crisis world visionDavid Phillips
 

Similar to 2022-08-13_cogsec_defcon.pptx (20)

CSW2022_02_info_response_environments.pptx.pdf
CSW2022_02_info_response_environments.pptx.pdfCSW2022_02_info_response_environments.pptx.pdf
CSW2022_02_info_response_environments.pptx.pdf
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdf
 
CanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfCanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdf
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radar
 
CSW2022_10_risk_prioritisation.pptx.pdf
CSW2022_10_risk_prioritisation.pptx.pdfCSW2022_10_risk_prioritisation.pptx.pdf
CSW2022_10_risk_prioritisation.pptx.pdf
 
AMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxAMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptx
 
The future of digital
The future of digitalThe future of digital
The future of digital
 
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland2021-05-SJTerp-AMITT_disinfoSoc-umaryland
2021-05-SJTerp-AMITT_disinfoSoc-umaryland
 
Drone-based Learning for Project-based Learning (for printing only-real).pptx
Drone-based Learning for Project-based Learning (for printing only-real).pptxDrone-based Learning for Project-based Learning (for printing only-real).pptx
Drone-based Learning for Project-based Learning (for printing only-real).pptx
 
War Against Terrorism - CIO's Role
War Against Terrorism - CIO's RoleWar Against Terrorism - CIO's Role
War Against Terrorism - CIO's Role
 
1427 Women in Cybersecurity-Taking Charge and Protecting the World
1427 Women in Cybersecurity-Taking Charge and Protecting the World1427 Women in Cybersecurity-Taking Charge and Protecting the World
1427 Women in Cybersecurity-Taking Charge and Protecting the World
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
 
FORUM 2013 Social media - a risk management challenge
FORUM 2013 Social media - a risk management challengeFORUM 2013 Social media - a risk management challenge
FORUM 2013 Social media - a risk management challenge
 
The Business(es) of Disinformation
The Business(es) of DisinformationThe Business(es) of Disinformation
The Business(es) of Disinformation
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Threat Sharing for Human Rights
Threat Sharing for Human RightsThreat Sharing for Human Rights
Threat Sharing for Human Rights
 
Social Media Security Risk Slide Share Version
Social Media Security Risk Slide Share VersionSocial Media Security Risk Slide Share Version
Social Media Security Risk Slide Share Version
 
Risk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of ageRisk, SOCs, and mitigations: cognitive security is coming of age
Risk, SOCs, and mitigations: cognitive security is coming of age
 
Big Crisis Data for ISPC
Big Crisis Data for ISPCBig Crisis Data for ISPC
Big Crisis Data for ISPC
 
Managing crisis world vision
Managing crisis world visionManaging crisis world vision
Managing crisis world vision
 

Recently uploaded

Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneCall girls in Ahmedabad High profile
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our EscortsCall Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escortsindian call girls near you
 

Recently uploaded (20)

Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our EscortsCall Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
Call Girls in East Of Kailash 9711199171 Delhi Enjoy Call Girls With Our Escorts
 

2022-08-13_cogsec_defcon.pptx

  • 1. DISARM Foundation 2022 Cognitive Security in theory and practice SJ Terp, DISARM Foundation https://www.disarm.foundation/ 1
  • 2. DISARM Foundation 2022 Agenda ● Cognitive security ○ Definitions ● Ecosystem assessment ○ Information landscape ○ Harm components landscape ○ Response landscape ● CTI Activities ○ Disinformation risk assessment ○ Detection and response coordination ● Bonus ○ Real-world example 2
  • 3. DISARM Foundation 2022 The Disarm Foundation https://www.disarm.foundation/ Created to manage the DISARM family of disinformation management and response frameworks 3
  • 4. DISARM Foundation 2022 Disarm Foundation: Frameworks and Training https://github.com/DISARMFoundation/DISARMframeworks 4
  • 5. DISARM Foundation 2022 Work over the past year… Communities ● CogSecCollab ● CTI League disinformation team Collaborations ● DISARM Foundation (inc MITRE, FIU, EU etc) ● Community-level behaviour tagging (UW) ● Disinformation response coordination: European Union (51 countries), UNDP (170 countries), individual countries (3 english-speaking ones), (WHO Europe&Central Asia: 51+ countries) ● Defcon Misinfo Village (inc CredCo / MisinfoCon) ● Atlantic Council / Vanguards Mentoring ● Individuals and organisations ● Book sub-editing ● Machine learning in infosec PhD advisors ● Nonprofit boards (RealityTeam, SocietyLibrary etc) Research ● Risk-based Cognitive Security ○ AMITT model set (DISARM, EU, NATO, etc) ○ AMITT-SPICE model merge (with MITRE, FIU) ○ Extensions to FAIR etc ○ Community disinfo behaviour tagging (UW) ● Machine learning for cognitive security ○ Disinfo OSINT (country) ○ Community-based disinfo response (UN) ○ Extremism tracking (country) ● One-off research ○ Disinformation market models (DARPA) ○ Assessing disinformation training systems (State Dept) ○ Disinformation social ecological models (ARLIS) ○ Etc Teaching (Uni Maryland, FBI, CanSecWest) ● Cognitive Security: defence against disinformation ● Ethical hacking: sociotechnical cybersecurity ● Fundamentals of technology innovation 5
  • 7. DISARM Foundation 2022 Cognitive Security is Information Security applied to disinformation+ “Cognitive security is the application of information security principles, practices, and tools to misinformation, disinformation, and influence operations. It takes a socio-technical lens to high-volume, high-velocity, and high-variety forms of “something is wrong on the internet”. Cognitive security can be seen as a holistic view of disinformation from a security practitioner’s perspective 7
  • 8. DISARM Foundation 2022 Earlier Definitions: Cognitive Security: both of them “Cognitive Security is the application of artificial intelligence technologies, modeled on human thought processes, to detect security threats.” - XTN MLSec - machine learning in information security ● ML used in attacks on information systems ● ML used to defend information systems ● Attacking ML systems and algorithms ● Adversarial AI “Cognitive Security (COGSEC) refers to practices, methodologies, and efforts made to defend against social engineering attempts‒intentional and unintentional manipulations of and disruptions to cognition and sensemaking” - cogsec.org CogSec - social engineering at scale ● Manipulation of individual beliefs, belonging, etc ● Manipulation of human communities ● Adversarial cognition 8
  • 9. DISARM Foundation 2022 Earlier Definitions: Social Engineering: both of them “the use of centralized planning in an attempt to manage social change and regulate the future development and behavior of a society.” ● Mass manipulation etc “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.” ● Phishing etc 9
  • 11. DISARM Foundation 2022 Cyber Security vs Cognitive Security: Objects Computers Networks Internet Data Actions People Communities Internet Beliefs Actions 11 Image: DISARM Foundation
  • 12. DISARM Foundation 2022 Things to worry about: Hybrid incidents 12 ● Hybrid: cyber + cognitive + physical ● Cyber supporting cognitive ● Cognitive supporting cyber ● Cyber attack forms adapted to cognitive Image: Verizon DBIR https://www.verizon.com/business/resources/reports/dbir/
  • 13. DISARM Foundation 2022 Ecosystem assessment 13 Information + harms + response landscapes Image: DISARM Foundation
  • 14. DISARM Foundation 2022 Risk Controls: Lifecycle Models 14 Images: WHO Europe, https://www.nist.gov/cyberframework/online-learning/components-framework
  • 15. DISARM Foundation 2022 Ecosystem Assessment Information Landscape • Information seeking • Information sharing • Information sources • Information voids Harms Landscape • Motivations • Sources/ Starting points • Effects • Misinformation Narratives • Hateful speech narratives • Crossovers • Tactics and Techniques • Artifacts Response Landscape • Monitoring organisations • Countering organisations • Coordination • Existing policies • Technologies • etc 15
  • 16. DISARM Foundation 2022 Information Landscape ● Actors ● Channels ● Influencers ● Groups ● Messaging ● Narratives and memes ● Tools 16 ● Verified information ● Rumours ● Misinformation ● Conspiracies ● Information voids / deserts People and accounts: ● Seeking information - using search, questions, influencers etc ● Sharing information through channels ● Posting information
  • 17. DISARM Foundation 2022 Harms Component Landscape ● Actors ○ Nationstates, individuals, companies, DAAS companies ● Channels ○ Where people seek, share, post information ○ Where people are encouraged to go ● Influencers ○ Not about followers: might be large influence over smaller groups ● Groups ○ Created to create or spread disinfo. Often real members, fake creators. Lots of themes. Often closed groups. ● Messaging ○ Cognitive bias codex of about 200 biases: each of these is a vulnerability ● Narratives and memes ○ Narratives designed to spread fast / be sticky. Often on a theme, often repeated ● Tools ○ Bots, personas, network analysis, marketing tools, IFTTT etc 17 ● Verified information ● Rumours ● Misinformation ● Conspiracies ● Information voids / deserts People and accounts: ● Seeking information - using search, questions, influencers etc ● Sharing information through channels ● Posting information
  • 18. DISARM Foundation 2022 Response landscape 18 Image: DISARM Foundation 1000s of response groups. Many more potential groups. Sporadic coordination ● Media view: MDM (mis/dis/mal-information); falseness and intent to harm ● Military view: psyops/MISO ● Communications view: management of trust ● Infosec view: information protection
  • 19. DISARM Foundation 2022 Communications view: shift to trust management 19 Image: WHO Europe
  • 20. DISARM Foundation 2022 Tools: desk surveys, collaboration, GAMES Learning game ● fun experience that teaches you something ● Useful for training large numbers of people simultaneously Red team / Purple team ● test an organisation’s defences by thinking like a bad guy ● Useful for finding system vulnerabilities, and predicting future moves Tabletop exercise ● key people responding to a simulated event ● Useful for creating cohesive teams. Often large scale Simulation ● imitation of processes and environment ● Useful for “what if” automated tests 20 ● http://www.theknowledgeguru.com/games-vs-simulations-choosing-right-approach/ ● https://www.edutopia.org/sims-vs-games ● Roozenbeek, van der Linder “Inoculation theory and Misinformation”, NATO report, 2021
  • 21. DISARM Foundation 2022 Disinformation Risk Assessment 21 (TL;DR adapt all the things) Image: https://www.risklens.com/infographics/fair-model-on-a-page
  • 22. DISARM Foundation 2022 Disinformation as a risk management problem Manage the risks, not the artifacts ● Risk assessment, reduction, remediation ● Risks: How bad? How big? How likely? Who to? ● Attack surfaces, vulnerabilities, potential losses / outcomes Manage resources ● Mis/disinformation is everywhere ● Detection, mitigation, response ● People, technologies, time, attention ● Connections 22 Image: https://www.risklens.com/infographics/fair-model-on-a-page
  • 23. DISARM Foundation 2022 FAIR adaptation - sneak peek 23 ● Assets: what are you protecting? ○ E.g. election authority reputation ● Threats: protecting from whom? ○ We know this bit… ● Threat effects: CIA+ ● Losses: what do you stand to lose? ○ What are the harms? ○ How do you estimate them? ● Stakeholders: who should care? ● Vulnerabilities: what increases your likelihood of an event? ○ Unaware population ○ Information voids etc ● Controls: what can you do to reduce risk?
  • 24. DISARM Foundation 2022 Risk Effect: Parkerian Hexad Confidentiality, integrity, availability ■ Confidentiality: data should only be visible to people who authorized to see it ■ Integrity: data should not be altered in unauthorized ways ■ Availability: data should be available to be used Possession, authenticity, utility ■ Possession: controlling the data media ■ Authenticity: accuracy and truth of the origin of the information ■ Utility: usefulness (e.g. losing the encryption key) 24 Image: Parkerian Hexad, from https://www.sciencedirect.com/topics/computer- science/parkerian-hexad Image: https://www.staffhosteurope.com/blog/2019/03/cybersecurity-and-the-parkerian-hexad
  • 25. DISARM Foundation 2022 Risk component: Digital harms frameworks Physical harm e.g. bodily injury, damage to physical assets (hardware, infrastructure, etc). Psychological harm e.g. depression, anxiety from cyber bullying, cyber stalking etc Economic harm financial loss, e.g. from data breach, cybercrime etc Reputational harm e.g. Organization: loss of consumers; Individual: disruption of personal life; Country: damaged trade negotiations. Cultural harm increase in social disruption, e.g. misinformation creating real- world violence. Political harm e.g. disruption in political process, government services from e.g. internet shutdown, botnets influencing votes 25 Image: https://dai-global-digital.com/cyber-harm.html) Plus responder harms: psychological damage, security risks
  • 27. DISARM Foundation 2022 CogSoc info sharing Cognitive ISAO ISAC/ ISAO Infosec SOC Comms Legal COG SOC Trust& Safety Platform ORG Infosec SOC Comms Legal COG Desk Trust& Safety Platform Comms Legal COG Desk Trust& Safety Platform ORG ORG ORG ORG ORG ORG ORG COG SOC 28 Image: DISARM Foundation
  • 28. DISARM Foundation 2022 Cognitive Security Operations Centers 29 Image: DISARM Foundation
  • 29. DISARM Foundation 2022 Incidents: layers of detection, layers of response Campaigns Incidents Narratives and behaviours Artifacts 30 Image: DISARM Foundation
  • 30. DISARM Foundation 2022 COGSEC adaptations to STIX CAMPAIG N INCIDENT NARRATIVE ARTIFAC T 31 Image: https://africacheck.org/fact- checks/reports/anatomy-disinformation-campaign- who-what-and-why-deliberate-falsehoods-twitter Image: DISARM Foundation
  • 31. DISARM Foundation 2022 DISARM Red: CogSec version of KillChain and ATT&CK 32 Image: DISARM Foundation
  • 32. DISARM Foundation 2022 DISARM Tactic Stages 33 Phase: PLAN ● TA01: Plan Strategy ● TA02: Plan Objectives ● TA13: Target Audience Analysis Phase: PREPARE ● TA14: Develop Narratives ● TA06: Develop Content ● TA15: Establish Social Assets ● TA16: Establish Legitimacy ● TA05: Microtarget ● TA07: Select Channels and Affordances Phase: EXECUTE ● TA08: Conduct Pump Priming ● TA09: Deliver Content ● TA17: Maximise Exposure ● TA18: Drive Online Harms ● TA10: Drive Offline Activity Phase: ASSESS ● TA11: Persist in the Information Environment ● TA12: Assess Effectiveness
  • 34. DISARM Foundation 2022 Planning Strategic Planning Objective Planning Preparation Develop People Develop Networks Microtargeting Develop Content Channel Selection Execution Pump Priming Exposure Prebunking Humorous counter narratives Mark content with ridicule / decelerants Expire social media likes/ retweets Influencer disavows misinfo Cut off banking access Dampen emotional reaction Remove / rate limit botnets Social media amber alert Etc Go Physical Persistence Evaluation Measure Effectiveness Have a disinformation response plan Improve stakeholder coordination Make civil society more vibrant Red team disinformation, design mitigations Enhanced privacy regulation for social media Platform regulation Shared fact checking database Repair broken social connections Pre-emptive action against disinformation team infrastructure Etc Media literacy through games Tabletop simulations Make information provenance available Block access to disinformation resources Educate influencers Buy out troll farm employees / offer jobs Legal action against for-profit engagement farms Develop compelling counter narratives Run competing campaigns Etc Find and train influencers Counter-social engineering training Ban incident actors from funding sites Address truth in narratives Marginalise and discredit extremist groups Ensure platforms are taking down accounts Name and shame disinformation influencers Denigrate funding recipient / project Infiltrate in-groups Etc Remove old and unused accounts Unravel Potemkin villages Verify project before posting fund requests Encourage people to leave social media Deplatform message groups and boards Stop offering press credentials to disinformation outlets Free open library sources Social media source removal Infiltrate disinformation platforms Etc Fill information voids Stem flow of advertising money Buy more advertising than disinformation creators Reduce political targeting Co-opt disinformation hashtags Mentorship: elders, youth, credit Hijack content and link to information Honeypot social community Corporate research funding full disclosure Real-time updates to factcheck database Remove non- relevant content from special interest groups Content moderation Prohibit images in political Chanels Add metadata to original content Add warning labels on sharing Etc Rate-limit engagement Redirect searches away from disinfo Honeypot: fake engagement system Bot to engage and distract trolls Strengthen verification methods Verified ids to comment or contribute to poll Revoke whitelist / verified status Microtarget likely targets with counter messages Train journalists to counter influence moves Tool transparency and literacy in followed channels Ask media not to report false info Repurpose images with counter messages Engage payload and debunk Debunk/ defuse fake expert credentials Don’t engage with payloads Hashtag jacking Etc DMCA takedown requests Spam domestic actors with lawsuits Seize and analyse botnet servers Poison monitoring and evaluation data Bomb link shorteners with calls Add random links to network graphs 35 DISARM Blue: Countermeasures Framework Image: DISARM Foundation
  • 35. DISARM Foundation 2022 Red/Blue teaming: using blue to red links 36 Image: DISARM Foundation
  • 36. DISARM Foundation 2022 Tools DISARM objects work with all STIX-compatible systems ● MITRE ATT&CK Navigator ● EEAS using DISARM STIX objects in OpenCTI ● Compatible with many other information security tools DISARM objects already embedded in tools ● DISARM already in every MISP instance User-friendly standalone tools ● DISARM Foundation building DISARM Explorer app to make non-technical use of DISARM easier. 37
  • 37. DISARM Foundation 2022 Disarm Explorer 38 https://disarmframework.he rokuapp.com/ ● Clickable copies of the DISARM frameworks ● Building backend to click button and create/send DISARM format summary as list, CSV, STIX, or MISP message. Image: DISARM Foundation
  • 38. THANK YOU SJ Terp @bodaceacat https://www.disarm.foundation/ 39
  • 40. DISARM Foundation 2022 Example Information Landscape • Traditional Media • Newspapers • Radio - including community radio • TV • Social Media • Facebook • Whatsapp • Twitter • Youtube/ Telegram/ etc • Others • Word of mouth 41
  • 41. DISARM Foundation 2022 Example Threat Landscape • Motivations • Geopolitics mostly absent • Party politics (internal, inter-party) • Actors • Activities • Manipulate faith communities • discredit election process • Discredit/discourage journalists • Attention (more drama) • Risks / severities • Sources • WhatsApp • Blogs • Facebook pages • Online newspapers • Media • Routes • Hijacked narratives • Whatsapp to blogs, vice versa • Whatsapp forwarding • facebook to whatsapp • Social media to traditional media • Social media to word of mouth 42
  • 42. DISARM Foundation 2022 Creator Behaviours ● T0007: Create fake Social Media Profiles / Pages / Groups ● T0008: Create fake or imposter news sites ● T0022: Conspiracy narratives ● T0023: Distort facts ● T0052: Tertiary sites amplify news ● T0036: WhatsApp ● T0037: Facebook ● T0038: Twitter 43 Image: DISARM Foundation
  • 43. DISARM Foundation 2022 Example Response Landscape (Needs / Work / Gaps) Risk Reduction ● Media and influence literacy ● information landscaping ● Other risk reduction Monitoring ● Radio, TV, newspapers ● Social media platforms ● Tips Analysis ● Tier 1 (creates tickets) ● Tier 2 (creates mitigations) ● Tier 3 (creates reports) ● Tier 4 (coordination) Response ● Messaging ○ prebunk ○ debunk ○ counternarratives ○ amplification ● Actions ○ removal ○ other actions ● Reach 44
  • 44. DISARM Foundation 2022 Responder Behaviours ● C00009: Educate high profile influencers on best practices ● C00008: Create shared fact-checking database ● C00042: Address truth contained in narratives ● C00030: Develop a compelling counter narrative (truth based) ● C00093: Influencer code of conduct ● C00193: promotion of a “higher standard of journalism” ● C00073: Inoculate populations through media literacy training ● C00197: remove suspicious accounts ● C00174: Create a healthier news environment ● C00205: strong dialogue between the federal government and private sector to encourage better reporting ● C00009: Educate high profile influencers on best practices ● C00008: Create shared fact-checking database ● C00042: Address truth contained in narratives ● C00030: Develop a compelling counter narrative (truth based) ● C00093: Influencer code of conduct ● C00193: promotion of a “higher standard of journalism” ● C00073: Inoculate populations through media literacy training ● C00197: remove suspicious accounts ● C00174: Create a healthier news environment ● C00205: strong dialogue between the federal government and private sector to encourage better reporting 45 Image: DISARM Foundation
  • 45. DISARM Foundation 2022 Practical: Resource Allocation • Tagging needs and groups with AMITT labels • Building collaboration mechanisms to reduce lost tips and repeated collection • Designing for future potential surges • Automating repetitive jobs to reduce load on humans 46 Image: DISARM Foundation
  • 46. THANK YOU SJ Terp @bodaceacat https://www.disarm.foundation/ 47
  • 47. DISARM Foundation 2022 DISARM Foundation: where we’ve been Credibility Coalition Misinfosec WG ● Slack ● https://medium.com/@credibilitycoalitio n/misinfosec-framework-99e3bff5935d ● Created AMITT models CogSecCollab ● https://cogsec-collab.org/ ● Maintained AMITT models ● Mentored new organisations ● Ran disinfo & extremism deployments ● Ran CTI League disinformation team ● MITRE branched AM!TT, as SP!CE DISARM Foundation ● https://www.disarm.foundation/ ● https://github.com/disarmfoundation ● remerge AMITT and SPICE ● Maintains DISARM models Misinfosec’s original definition: “deliberate promotion… of false, misleading or mis-attributed information focus on online creation, propagation, consumption of disinformation We are especially interested in disinformation designed to change beliefs or emotions in a large number of people” 48
  • 48. DISARM Foundation 2022 Cognitive Security course What we’re dealing with 1. Introduction a. disinformation reports, ethics b. researcher risks 2. fundamentals (objects) 3. cogsec risks Human aspects 1. human system vulnerabilities and patches 2. psychology of influence Building better models 1. frameworks 2. relational frameworks 3. building landscapes Investigating incidents 8. setting up an investigation 9. misinformation data analysis 10. disinformation data analysis Improving our responses 8. disinformation responses 9. monitoring and evaluation 10. games, red teaming and simulations Where this is heading 8. cogsec as a business 9. future possibilities 49
  • 49. DISARM Foundation 2022 Sociotechnical Ethical Hacking course First, do no harm 1. Ethics = risk management 2. Don’t harm others (harms frameworks) 3. Don’t harm yourself (permissions etc) 4. Fix what you break (purple teaming) It’s systems all the way down 1. Infosec = systems (sociotechnical infosec) 2. All systems can be broken (with resources) 3. All systems have back doors (people, hardware, process, tech etc) Psychology is important 1. Reverse engineering = understanding someone else’s thoughts 2. Social engineering = adapting someone else’s thoughts 3. Algorithms think too (adversarial AI) Be curious about everything 1. Curiosity is a hacker’s best friend 2. Computers are everywhere (IoT etc) 3. Help is everywhere (how to search, how to ask) Cognitive security 14. Yourself (systems thinking) 15. Social media (social engineering) 16. Elections (mixed security modes) Physical security 14. Locksports (vulnerabilities) 15. Buildings and physical (don’t harm self) Cyber security 14. Web, networks, PCs 15. Machine learning (adversarial AI) 16. Maps and algorithms (back doors) 17. Assembler (microcontrollers) 18. Hardware (IoT) 19. Radio (AISB etc) Systems that move 14. Cars (canbuses and bypasses) 15. Aerospace (reverse engineering) 16. Satellites (remote commands) 17. Robotics / automation (don’t harm others) 50
  • 51. DISARM Foundation 2022 Exercise rules ● You’re limited by your own resources: money, people, time, assets ● You’re allowed to outsource ● You’re aware of consequences from your actions ● You may or may not encounter countermeasures ● Any narrative, behaviour, asset you can think of is in bounds ● You *will* be asked to fix what you broke before leaving the exercise 52
  • 52. DISARM Foundation 2022 Suggested actions Follow the DISARM Red framework ● Set goals ● Gather information ○ Find weaknesses ● Plan activities ● Prepare ○ Decide on materials, narratives, behaviours, channels, influencers etc ● Exploit weaknesses ○ Deploy ● Measure (and adjust as needed) ● Leave ○ what do you leave in place? What do you keep for the next one etc 53
  • 53. DISARM Foundation 2022 Recap: models and frameworks DISARM Red, DISARM Blue: behaviours FLICC: narrative behaviours 54
  • 54. DISARM Foundation 2022 Disinformation as a service “Doctor Zhivago’s services were priced very specifically, as seen below: ● $15 for an article up to 1,000 characters ● $8 for social media posts and commentary up to 1,000 characters ● $10 for Russian to English translation up to 1,800 characters ● $25 for other language translation up to 2,000 characters ● $1,500 for SEO services to further promote social media posts and traditional media articles, with a time frame of 10 to 15 days Raskolnikov, on the other hand, had less specific pricing: ● $150 for Facebook and other social media accounts and content ● $200 for LinkedIn accounts and content ● $350–$550 per month for social media marketing ● $45 for an article up to 1,000 characters ● $65 to contact a media source directly to spread material ● $100 per 10 comments for a given article or news story”
  • 55. DISARM Foundation 2022 Scenario 1: DaaS ● Player: You run a disinformation as a service company ○ It used to be a marketing company, but disinfo pays better ○ You’re based in the Philippines ● Brief: to run a campaign against a US company ○ Your customer is a rival company in Russia ○ They’ve paid you $10,000 for this ○ And expect results within 2 weeks because there’s a regulatory summit then ● Resources: ○ You have 5 people available ○ You have existing assets from other campaigns: Social media accounts, fake news websites ● Plan: Over to you ○ What do you do (narratives, techniques etc)? What resources do you need and use? What are your measures of success?
  • 56. DISARM Foundation 2022 Scenario 2: Pink Slime Player: you’re a high-profile individual with a network of fake news sites ● You started with one site selling alternative health treatments ● Then discovered that clicks paid you a lot - especially if you game Google’s algorithms to get top slot Brief: adtech exchanges are cracking down on your ad funding ● What else are you going to do to make money? ● How can you maximise this? Resources: ● You have a team of 40 people total. Many of them are managing social media and content on your sites, but you also have web developers, strategists, and access to DaaS companies ● You control 400 fake news sites. 40 of these haven’t been found by factcheckers yet Plan: What do you do (narratives, techniques etc)? What resources do you need and use? What are your measures of success? 57