What are ‘Misinformation, Disinformation, and Malinformation’ (MDM) incidents?

Days before Russia invaded Ukraine, the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) warned organizations about foreign influence operations that leverage misinformation, disinformation, and malinformation (MDM). The guidance encouraged risk professionals to use the “TRUST model” to identify and respond to MDM incidents.

CISA defines Misinformation Disinformation Malinformation (MDM) incidents as “information activities” conducted by foreign or domestic “threat actors” while clarifying among three types of influence:

• Misinformation: false, but not created or shared with the intention of causing harm.
• Disinformation: deliberately created to mislead, harm, or manipulate a person, social group, organization, or country.
• Malinformation: based on fact, but used out of context to mislead, harm, or manipulate.

How can Risk Management prepare for MDM incidents?

“This will sound familiar to Shared Assessments members who are well-versed in the ‘trust but verify’ third party risk management model,” notes Shared Assessments Senior Advisor Charlie Miller. “Given the events in Ukraine and their ripple effects, it’s important for all companies to ensure that incident response and business continuity plans are current. It’s also important to swiftly resolve any open items concerning control weaknesses in third parties. In fact, it’s a good time to review the overall cyber hygiene of your and your vendors’ Third Party Risk Management programs.”

While the CISA Insights bulletin addresses critical infrastructure organizations, Miller notes that other organizations can also benefit from its guidance on responding to the risks of MDM and similar “influence operations.” In mid-December, CISA released an updated list of the 55 “national critical functions” – including communications networks and technology, medical and emergency services, utilities, transportation, elections infrastructure, financial services, and more — used to designate an organization as critical to the nation’s infrastructure.

CISA Director Jen Easterly’s comment about her agency’s new guidance echoes Miller’s point. “We need to be prepared for the potential of foreign influence operations to negatively impact various aspects of our critical infrastructure with the ongoing Russia-Ukraine geopolitical tensions,” notes Easterly, who is scheduled to speak at Shared Assessments annual Summit May 4-5. “We encourage leaders at every organization to take proactive steps to assess their risks from information manipulation and mitigate the impact of potential foreign influence operations.”

CISA’s three-page guidance document provides an overview of the MDM threat, a five-step game plan for managing the risk, and a sidebar on the TRUST model for MDM incident response that the agency previously detailed in guidance directed to U.S. elections officials:

• Tell your story;
• Ready your team;
• Understand and assess;
• Strategize your response; and
• Track the outcomes.

“A single MDM narrative can seem innocuous, but when promoted consistently, to targeted audiences, and reinforced by peers and individuals with influence, it can have compounding effects,” according to the new CISA Insights. “Modern foreign influence operations demonstrate how a strategic and consistent exploitation of divisive issues, and a knowledge of the target audience and who they trust, can increase the potency and impact of an MDM narrative to National Critical Functions (NCFs) and critical infrastructure.”

The document also emphasizes that the Russia-Ukraine conflict has intensified the risk of foreign influence operations: “Recently observed foreign influence operations abroad demonstrate that foreign governments and related actors have the capability to quickly employ sophisticated influence techniques to target U.S. audiences with the goal to disrupt U.S. critical infrastructure and undermine U.S. interests and authorities.”

When it comes to defending against MDM, CISA encourages NCF organizations to:

• Assess the information environment;
• Identify vulnerabilities;
• Fortify communication channels;
• Engage in proactive communication; and
• Develop an incident response plan.

As Miller points out, seasoned risk professionals are well-schooled in strategies and actions related to risk assessment, vulnerability identification, and incident response. The elevated importance of communications-related activities in preventing and responding to MDM-related disturbances will be new to some third party risk management (TPRM) groups. CISA identifies two communications methods that are particularly helpful:

• Build your network: Risk teams can prepare communication channels and establish important contacts prior to the occurrence of an MDM incident – steps that will accelerate and strengthen the response when an MDM event occurs.
• Deploy communications as a tool: “Using clear, consistent and relevant communications that not only respond but anticipate MDM is an important, effective way to maintain security and build public confidence in your organization.”

While “trust but verify” represents the go-to standard in third party assessments, it holds similar value for critical infrastructure organizations assessing new communications-related risks amid geopolitical disruptions.