CISA offers guidance on dealing with information manipulation

CISA offers guidance on dealing with information manipulation

Malicious actors use influence operations, like spreading false information, to shape public opinion, undermine trust, amplify division, and create dissension. In response, the Cybersecurity & Infrastructure Security Agency (CISA) has released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps organizations can take to assess and mitigate the risks of information manipulation.

The Insights document is designed for critical infrastructure owners and operators, to ensure they are aware of the risks of influence operations leveraging social media and online platforms.

False information

Instead of “false information” CISA uses the term “MDM“, which covers misinformation, disinformation, and malinformation. This deserves some clarification to understand their definitions of these types of misleading information:

  • Misinformationis false, but not created or shared with the intention of causing harm.
  • Disinformationis deliberately created to mislead, harm, or manipulate.
  • Malinformationis based on fact, but used out of context to mislead, harm, or manipulate.

CISA warns that threat actors both inside and outside the USA use MDM campaigns to cause chaos, confusion, and division.

Foreign actors

In its report, CISA focuses on foreign actors that engage in MDM to bias the development of policy and undermine the security of the USA and its allies. By using social media, MDM threat actors have means at their disposal unlike any in history. It warns that while a single MDM narrative can seem innocuous, when narratives are promoted consistently to targeted audiences, and reinforced by peers and social media influencers, it can have compounding effects.

Modern foreign influence operations demonstrate how a strategic and consistent exploitation of divisive issues, and a knowledge of the target audience and who they trust, can increase the potency and impact of an MDM narrative. Furthermore, current social factors, including the USA’s heightened polarization, and the ongoing global pandemic, increase the risk and potency of influence operations to the USA’s critical infrastructure, especially by experienced threat actors.

CISA insights goal

This CISA Insights product is intended to ensure that critical infrastructure owners and operators are aware of the risks of influence operations leveraging social media and online platforms. Organizations can take steps internally and externally to ensure swift coordination in information sharing, as well as the ability to communicate accurate and trusted information in order to bolster resilience.


In the CISA Insights we find some proactive actions that can limit or mitigate the influence of MDM campaigns:

  • Identify your vulnerabilities. CISA urges organizations to ask themselves what narratives or incidents have the potential to negatively affect their critical functions.
  • Secure social media. Hijacked accounts and defaced websites can be used to influence public opinion, so organizations should educate their staff on securing their personal social media accounts.
  • Practice smart email hygiene. Organizations should pracitce smart email hygiene and watch for phishing attacks.
  • Prepare communication channels in advance. CISA suggests that preparing communication channels and establishing contacts before MDM incidents occur allows organizations to respond quickly, and share accurate and verifiable information.
  • Review and update your website. Organizations need to make information as clear, transparent, and accessible as possible.
  • Review and update your social media. Organizations need to stay on top of their social media, and make sure they’re verified on each platform, so they can be identified as official accounts.
  • Anticipate MDM. Clear, consistent, and relevant communications that respond to and anticipate MDM can help organizations maintain security and build public confidence.
  • Review existing communications channels. Organizations should look at how they communicate—such as newsletters, reports, blog posts, events, social media content, podcasts, or other activities—and identify opportunities for improvement.
  • Coordinate with other organizations.Working with other organizations in your sector can amplify and reinforce messaging, and create a strong network of trusted voices.
  • Maintain contact with key outlets. Communications professionals should maintain contact with key communications outlets.

An incident response plan

CISA goes on to provide some more details about what it takes to have an effective incident response plan.

  • Clear internal communications channel. Designate an individual to oversee the MDM incident response process and associated crisis communications.
  • Establish roles and responsibilities for MDM response, including but not limited to responding to media inquiries, issuing public statements, communicating with your staff, engaging your previously identified stakeholder network, and in implementing physical security measures.
  • Ensure your communication systems are set up to handle incoming questions. Phones, social media accounts, and centralized inboxes should be monitored by multiple people on a rotating schedule to avoid burnout.
  • Identify and train staff on reporting procedures to social media companies, government, and/or law enforcement.
  • Consider your internal coordination channels and processes for identifying incidents, delineating information sharing and response. Foreign actors can combine influence operations with cyber activities, requiring additional coordination to facilitate a whole-of-organization response.

Stay safe, everyone and verify your sources!


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.