Disinformation: The European External Action Service and the EU Agency for Cybersecurity join forces to analyse the interplay between cybersecurity and Foreign Information Manipulation and Interference
With broader hybrid threats crossing different domains, the European External Action Service (EEAS) and the European Union Agency for Cybersecurity (ENISA) publish today a joint report on the relation between cybersecurity and FIMI to better understand and adapt to the evolving threat landscape. The report puts forward and tests an analytical approach to describe the creation and dissemination behaviours of Foreign Information Manipulation and Interference (FIMI) and disinformation as a way to draw the attention to the activities the EU aims to prevent, deter and respond to. The ambition is to provide an input to the on-going and ever-pressing discussion on the nature and dynamics of information manipulation and interference, including disinformation, and on how to collectively respond to this phenomenon.
Intentional attempts to manipulate the information environment and public discourse by foreign actors is by no means a new phenomenon. Described in the past as “propaganda” or more recently as “disinformation”, activities labelled as such have received a considerable new impetus by technological advancements and the propagation of the internet, in particular social media and private messenger services. These developments have also provided significant possibilities to increase the reach of such activity as well as the combination of new and diverse tactics, techniques and procedures that are used across domains.
“Hack and leak” episodes, establishing legitimacy of specific content by compromising authoritative accounts or sharing alleged authentic material are only some of the examples that illustrate the dependent relationship between cybersecurity and the manipulation of the information environment.
Considering how hybrid threats crossing different domains are expanding, the analytical approach proposed by the report describes FIMI, as well as the underlying cybersecurity elements, by combing practices from both.
Tested on a limited set of events the report draws some preliminary conclusions on the relationship between cybersecurity and FIMI/disinformation, such as:
- the role of cybersecurity in establishing attribution of FIMI/disinformation operations;
- the importance of a structured, interoperable and seamless incident reporting process between the cybersecurity and FIMI/disinformation communities;
- the importance of information sharing and the sharing of best practices between the cybersecurity and counter-FIMI/disinformation communities;
- enhancing and facilitating the cooperation among EU institutions and bodies at policy level;
- raising awareness and support the capacity building of Member States and of international partners.
The report has benefited from the support of the ENISA ad hoc Working Group on Cybersecurity Threat Landscapes.
The report was published to coincide with the fourth edition of the CTI-EU event that brings stakeholders together to promote the dialogue and envision the future of Cyber Threat Intelligence for Europe.
The European Union Agency for Cybersecurity, ENISA, is the Union's agency dedicated to achieving a high common level of cybersecurity across Europe. Established in 2004 and strengthened by the EU Cybersecurity Act, ENISA contributes to EU cyber policy, enhances the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow. Through knowledge sharing, capacity building and awareness raising, the Agency works together with its key stakeholders to strengthen trust in the connected economy, to boost resilience of the Union’s infrastructure, and, ultimately, to keep Europe’s society and citizens digitally secure.
About the EEAS
The European External Action Service (EEAS) is the diplomatic service of the European Union. The EEAS has been carrying out the Common Foreign and Security Policy of the Union since 2011. It is meant to promote peace, prosperity, security and to protect the interests of European citizens across the globe.
The EEAS Strategic Communication Division and its Task Forces (STRAT.2) is placed within the Directorate for Strategic Communication and Foresight of the EEAS. The Division is leading the work on addressing foreign disinformation, information manipulation and interference and has a mandate to analyse the information environment in order to enable EU foreign policy implementation and protect its values and interests. In addressing foreign disinformation, information manipulation and interference, the Division is developing and implementing targeted approaches to communicate and engage with audiences in geographic priority regions, mostly in the EU’s neighbourhood.
The concept of Foreign Information Manipulation and Interference (FIMI) has been proposed by the EEAS, as a response to the call of the European Democracy Action Plan for a further refinement of the definitions around disinformation.
Foreign Information Manipulation Interference (FIMI) and Cybersecurity - Threat Landscape 2022
ENISA Threat Landscape 2022 - Infographic
ENISA Threat Landscape Report 2022
European Democracy Action Plan – European Commission
A Strategic Compass for Security and Defence – EEAS
Foreign Information Manipulation and Interference – European Council