Digital and Disinformation Defense
Democratic countries haven’t even begun to get serious about attacks on their information infrastructure by authoritarian governments: hacking, doxxing, and disinformation. The same two Russian hacking groups have infiltrated the U.S. Congress, the U.S. State and Defense departments, the Democratic National Committee, the German Bundestag and party think tanks, the Danish and Italian foreign ministries, the World Anti-Doping Agency, and many other targets.
In addition, Russia has launched disinformation campaigns to influence elections and referendums—in favor of Brexit; against U.S. presidential candidate Hillary Clinton, French President Emmanuel Macron, German chancellor candidate and now Foreign Minister Annalena Baerbock, and the Dutch vote on the European Union’s association agreement with Ukraine, to take just a few prominent examples. Russian state media organizations and state-linked accounts have inundated social media in Western countries with homophobic, antisemitic, anti-Muslim, anti-immigrant, anti-vaccination, pro-separatist, anti-NATO, anti-fracking, and many other kinds of disinformation. The jury is still out on whether Russian efforts helped tip the scales in the 2016 U.S. presidential election. What’s certain is that a foreign power played a significant role in the election, something a democracy cannot allow.
The problem is that we have not addressed this as a broader threat to democracies, ignoring that the sources of the hacking, doxxing, and disinformation are limited to a small group of autocratic states, primarily Russia, China, and Iran.
In addressing this well-known and by no means new threat, most democracies face two problems: First, a frozen, siloed bureaucracy that lacks interdisciplinary and interagency collaboration and cooperation. Here lies the first urgent need for change. Adversaries use multiple digital attack vectors and easily combine them. Every democracy must recognize this and establish silo-crossing agencies that can address the whole problem and coordinate a rapid response.
Second, what efforts exist remain strictly national, with only halfhearted information-sharing across borders. Clearly, when hacking attacks and disinformation campaigns all trace back to the same few sources, democracies need to cooperate instead of standing alone.
Strategies to cope with cross-border threats require serious cross-border cooperation among democracies. When a hacking attempt or a disinformation campaign is identified, other democracies need to be informed and a common information pool—preferably a common response—forged. Today’s primary multilateral democratic institutions, NATO and the EU, are hampered by a restricted mandate and lack coherent policies. As a result, they only do the bare minimum.
What’s more, a multilateral digital defense must be genuinely values-based. Unlike NATO and the EU, it should come with a strict mechanism whereby countries backsliding from democracy lose their digital security umbrella.
This is the only way we can counter attempts to undermine what we hold so dear.