POST

What is human-focused information security?

Despite significant scientific and technological progress, there are still a number of threats humanity must face as we push further into the 21st century.

In addition to climate change, nuclear war, and evolving superbugs, serious concerns are urgently being raised in the area of information security.

Although malicious information manipulation is not a new phenomenon, technology, and global interconnectivity provide the ripe conditions for such activity to thrive. In ancient times, information campaigns could spread only as fast as was allowed physically, whereas now, it is instantaneous.

With information exchange being virtually immediate, false narratives and propaganda can spread like wildfire, hindering the ability of private and public authorities to manage. Often, the ability to do anything relies upon the laws of a given country or, in the case of social media, the terms of service. Malicious actors use the concept of free speech to their advantage, leaving it to individuals to discern what information they should trust.

Malicious actors around the world, including rogue governments and criminal organizations, understand that information can be weaponized.

Often, entire countries and societies are targeted, while other times, the attacks are specific in scope. Certain groups of people would be identified as high risk, such as journalists, activists, politicians, civil servants, military personnel, and law enforcement officers.

No matter who you are, in today’s world, you are being bombarded with propaganda from foreign states, information attacks, disinformation campaigns, fake news, and psychological operations.

Malicious information activities are often orchestrated by rogue or fringe governments as a tool to achieve both short and long-term geopolitical, economic, or ideological goals.

In 2013, the Russian Army’s Chief of General Staff, Valery Gerasimov, stated, “The role of nonmilitary means of achieving political and strategic goals has grown, and, in many cases, they have exceeded the power of force of weapons in their effectiveness.

Five years before Gerasimov, General James Mattis was quoted in 2009 saying, Capturing the perceptions of foreign audiences will replace seizing terrain as the new high ground for the future joint force.”

Although some believe that these non-military means will drive the “wars of the future”, current developments in information warfare would suggest that this is already in full swing. The new challenge is how to control such incursions without sacrificing personal freedoms. The answer lies in personal empowerment through knowledge and awareness.

Very often, the term “malicious information activity” is used to refer to cyberspace activity exclusively, without consideration for malicious information activity in the electronic and print media, social networks, TV, radio, religious and educational institutions, and much more. Prevention and protection in recent years has been primarily focused on cyber security measures and software, but this does not account for the human element.

Human-focused information security is designed to counter threats that are not machine-based. Malicious actors rely on human psychology and behavioral elements, often to influence decision making or to evoke an emotional reaction. Both cybersecurity and human-focused security should be addressed, as individuals, along with systems, are focal points of access to information.

Unlike malicious cyber activity, manipulated information operations do not aim to take your password, hack your computer, or gain access to certain information; the goal is to hack your mind and perception. Sometimes this is about persuasion and coercion, but other times the goal can be to confuse and disorientate, often leading to unpredictable consequences.

It is no coincidence that during the Cold War, one of the main targets of the KGB-led "Operation Infection” were countries where American military personnel were stationed. The KGB actively worked in these countries to incite hostility in local populations towards the US military. A famous example of such a campaign was the false narrative about AIDS being created in an American military laboratory.

Today, this “battle of the psychosphere,” as termed by the Russian military, is happening at an even greater scale within the US via the utilization of Internet platforms.

Since the goal of information operations and malicious information activity is to appeal to the “hearts and minds” of people, the main task of human-focused information security is to protect, educate and warn potential victims.

When analyzing the malicious information activity of certain foreign powers, in particular Iran and China, as well as the actions of non-state actors, we can see that their methodology is largely inspired by the methods and techniques of the KGB.

Since the end of the Cold War, Russia, realizing its military and economic weakness relative to the West, has paid special attention to improving and modernizing its methods of conducting information warfare and individual information operations.

Significant progress has been made by Moscow in the area of “reflexive control,” an elaborate and sophisticated technique that aims to mislead a target by influencing the decision-making process. Ultimately, the goal is to confuse and to lead decision-makers to faulty choices or conclusions. Since USSR times, this methodology has been refined and mapped out, providing Russian actors with a blueprint to follow when aiming to cause confusion and chaos.

This has meant a multifold increase in psychological, informational, and operational pressure on American citizens and allies, primarily towards people in the high-risk groups.

Malicious actors conduct information operations against the United States and its allies at the strategic, tactical, and operational levels almost non-stop. They are constantly focused on how to improve their methods and further disguise their activity.

This threat to national security is real and paramount, as many of the individuals in the high-risk groups have access to various types of classified or proprietary data and documents.

Therefore, human-focused information security (HFIS) related issues have acquired a particular importance and urgency.

The task of HFIS is to educate, prepare, and warn people in the risk groups, particularly military personnel and civil servants, to quickly identify the threats and take appropriate countermeasures.

Of course, HFIS does not completely eliminate the threat posed by malicious actors, but it largely complicates their efforts and gives potential victims the tools to understand the risks and threats that they may face. Unfortunately, this field is highly underdeveloped, and governments and companies should be giving priority to ensuring their employees are better prepared for information attacks and manipulation.

HFIS helps to create immunity against malicious information activity, increasing the capability of organizations, personnel, societies, and states to defend themselves. As this field is quickly evolving, it is critical to stay aware and one step ahead of the malicious actors.

Back to Blog