CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure

Malicious actors use influence operations, including tactics like misinformation, disinformation, and malinformation (MDM), to shape public opinion, undermine trust, amplify division, and sow discord. Foreign actors engage in these actions to bias the development of policy and undermine the security of the U.S. and our allies, disrupt markets, and foment unrest. While influence operations have historical precedent, the evolution of technology, communications, and networked systems have created new vectors for exploitation.

A single MDM narrative can seem innocuous, but when promoted consistently, to targeted audiences, and reinforced by peers and individuals with influence, it can have compounding effects. Modern foreign influence operations demonstrate how a strategic and consistent exploitation of divisive issues, and a knowledge of the target audience and who they trust, can increase the potency and impact of an MDM narrative to National Critical Functions (NCFs) and critical infrastructure. Furthermore, current social factors, including heightened polarization and the ongoing global pandemic, increase the risk and potency of influence operations to U.S. critical infrastructure, especially by knowledgeable threat actors.

In recent years, foreign actors have used influence operations to influence U.S. audiences and impact critical functions and services across multiple sectors. Foreign influence operations have been paired with cyber activity to derive content, create confusion, heighten anxieties, and distract from other events. In light of developing Russia-Ukraine geopolitical tensions, the risk of foreign influence operations affecting domestic audiences has increased. Recently observed foreign influence operations abroad demonstrate that foreign governments and related actors have the capability to quickly employ sophisticated influence techniques to target U.S. audiences with the goal to disrupt U.S. critical infrastructure and undermine U.S. interests and authorities.

This CISA Insights product is intended to ensure that critical infrastructure owners and operators are aware of the risks of influence operations leveraging social media and online platforms. Organizations can take steps internally and externally to ensure swift coordination in information sharing, as well as the ability to communicate accurate and trusted information to bolster resilience. CISA encourages leaders at every organization to take proactive steps to assess their risks from information manipulation, increase resilience, and mitigate the impact of potential foreign influence operations.