Cognitive Defense™

 Countering Influence Operations

Our Research and Advisory Service

Malicious Influence Operations

Malicious influence operations are costing billions of dollars per year, and in some cases many millions of dollars per incident. This is nothing new. What is new is the expansion of these operations to more delivery platforms and modalities, and the use of generative AI to increase efficiency and effectiveness.

  • The use of large language models to generate text-based deceptions has enabled threat actors to create and deliver tens of thousands of individualized and focused messages that have the look and feel of personal human communications.

  • The use of realistic voice generation from samples has enabled threat actors to create and deliver realistic voice, and in some case also video messages from executives to workers, ordering them to bypass normal controls based on a non-existent emergency.

  • The exploitation of social media information to detect charactersitics of individuals and their likely susceptibility to elicitation tactics has introduced a scalable facility for threat actors to engage workers on social media and become online "friends" to gather intelligence and create exploitable relationships.

  • Mass messaging through the formation and exploitation of deceptive groups has created large-scale acceptance of deceptions, thus driving groups of like-minded individuals into cliques that amplify the lies and support group-level actions.

Failing countermeasures

Standard training methodologies and attempts to send "good" malicious emails have largely failed to meet the real needs of companies to counter malicious influence operations:

  • Standard training has been ineffective because it does not and can never provide enough clarity about what to do and what not to do in light of the highly adaptive, individualized, and realistic proximity of malicious influence from normal operational methods. How can you or your employee tell if an email containing a wire transfer routing number and account number has been altered en route?

  • Email-based punishment has been ineffective in that, while it may reduce the portion of clicks on malicious links to as little as 20-30%, that means that at best, only 1 in 5 real deceptions will work. Given the volume of influence operations today, this isn't good enough.Trying to trick your workers into doing the wrong thing then punish them for it is a brutal approach. You can act like it's a reward to do the right thing, but lying to workers makes you a liar just like the threat actors you seek to protect against.

No human can ever get near 100% right in deciding what to do under massive influence operations, and even if a few could, that would not solve the problem for everyone else.

    If we could properly train a human to do this, we could also create technology to do the job better faster and more reliably.

The real challenges

There are three major dimensions involved in the challenges we face today.

  • Diverse media and modalities of delivery: Any solution that will work will have to address the full range of media being used by threat actors. This means it has to cover, as a starting point today, social media, email, fused media bundling systems, voice, video, and Web-based delivery.

  • Training that punishes the people we are trying to help: Punsishing workers and becoming the liars you are trying to stop them from listening to reduces trust in the company and makes workers wonder why they should be honest when the company is not.

  • Technology not focused on mitigating the consequences: Focusing excessively on preventing influence operations from getting through is guaranteed to fail. Eventually, if enough attempts are taken, the people and systems which can never be perfect will fail, and the consequences of failure will be as severe as if you had no such defense at all.

The one size fits all approach doesn't work, and a single preventive defense cannot succeed indefinitely.

Our solutions

Horses for courses - so the saying goes. To address the complex needs of successful defense, a risk management approach is required. And that means having a suite of solutions that address the range of issues to allow effective management of the risks.

  • Step 1: Understand the consequences and causes: Our first step is an initial assessment of your situation. This allows us to (1) identify the consequencs to your company of influence operations today and into the future, (2) associate those consequences with threat actions and the attack process available to them, and (3) identify a reasonable and prudent set of protective actions to take.

  • Step 2: Get the consequences to acceptable levels: Each company decides on acceptable levels of consequences they are willing to tolerate, and the cost of protective measures has to be taken into account in this decision. Based on the tolerance for risk and the nature of the consequences, different strategies, tactics, tools, and techniques are used for different aspects of the company and people involved.

  • Step 3: Keep the consequences acceptable and adapt: Don't imagine that this is a problem you will solve one and done. The threat actors, the methods they use, and the situation the company is in all change over time. And so should your protective measures. We support the ongoing program of adaptation necessary to success in today's operational environment.

Our technologies

Technology is required in order to efficiently and effectively deal with the various approaches to countering influence operaitons. Our technology includes a unique combination of decision support, technical safeguards, training by gaming, and other technical methods that augment human and machine performance at countering influence operations and their effects.

  • Our Decision Support platform supports rapid collection of the necessary information about the company to make the key decisions required for implementing and adapting an effective and efficient counter-influence program and updating and tracking progress over time.

  • Our Training by Gaming technology provides a game environment that is separate from the work environment, where workers can learn about and deal with influence operations in a competitive and enjoyable environment. They can improve their skills, have fun with it, and do so without punishment, across multiple delivery media, and without interfering with normal work operations or systems.

  • Our Technical Partnerships provide technologies to mitigate consequences and adapt over time to new circumstances by leveraging the best available techniques from a wide range of providers.

  • Our Special Projects efforts provide top quality special-purpose countermeasures for high consequence situations where off-the-shelf solutions with proper configurtation are not adequate to the task.

Call or Email to counter malicious influence.