Security Experts:

Connect with us

Hi, what are you looking for?



CISA Warns Critical Infrastructure Organizations of Foreign Influence Operations

Newly published guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) provides critical infrastructure organizations with instructions on how to prepare for and mitigate foreign influence operations.

Newly published guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) provides critical infrastructure organizations with instructions on how to prepare for and mitigate foreign influence operations.

Leveraging misinformation, disinformation, and malinformation (MDM), along with other tactics, foreign influence operations are meant to undermine trust in critical infrastructure, disrupt markets, sow discord, and undermine the security of the US and its allies.

When promoted consistently and reinforced by individuals with influence, MDM narratives may have amplified effects, especially when targeting National Critical Functions (NCFs) and critical infrastructure.

Foreign influence operations targeting US audiences in recent years have been paired with cyberattacks to create confusion and anxiety and, in the light of increased tensions between Russia and Ukraine, critical infrastructure organizations are potentially at risk of being targeted in similar operations.

“Recently observed foreign influence operations abroad demonstrate that foreign governments and related actors have the capability to quickly employ sophisticated influence techniques to target U.S. audiences with the goal to disrupt U.S. critical infrastructure and undermine U.S. interests and authorities,” CISA notes.

[READ: Lawmakers Introduce Combined Bill for Strengthening Critical Infrastructure Security]

CISA’s guidance is meant to help critical infrastructure organizations better understand the risks associated with influence operations conducted on social media and other online platforms, and instructs them on the steps they can take internally to improve their resilience.

All organizations, the agency says, should evaluate previously observed MDM narratives targeting their sectors, learn about the sources of information their stakeholders and customers use, map communication channels with key stakeholders, and keep an eye for any change in online activity related to their sectors.

Furthermore, organizations should identify any vulnerabilities that an MDM actor may exploit, and should educate their employees to secure their social media accounts using multi-factor authentication and to practice smart email hygiene.

“Malicious actors can use hacking and other cyber activities as part of influence operations. Hijacking accounts and defacing public facing sites can be used to influence public opinion. Organizations should be aware of cyber risks and take action to reduce the likelihood and impact of a potentially damaging compromise,” CISA notes.

Additionally, the agency recommends that organizations establish clear communication channels with their stakeholders, that they make information available on their websites as clear as possible, and that they review their social media presence and access privileges for social media accounts.

CISA also notes that decision makers should engage in active communication with other entities in their sector to build a trusted network and that they should develop an MDM incident response process to be prepared for mitigating any influence operation that is combined with cyber activities targeting their organization.

“In today’s information environment, critical infrastructure owners and operators must play a proactive role in responding to MDM. While each MDM narrative will differ, the TRUST model for incident response can help reduce risk and protect stakeholders,” CISA says.

Related: FBI Warns of BlackByte Ransomware Attacks on Critical Infrastructure

Related: Ransomware Targeted 14 of 16 U.S. Critical Infrastructure Sectors in 2021

Related: University Project Cataloged 1,100 Ransomware Attacks on Critical Infrastructure

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...