The US government has issued new guidance to help election infrastructure stakeholders increase their resilience against malign influence operations seeking to undermine trust in democratic institutions.
State-sponsored threat actors from China, Russia, and Iran are known for their hostile efforts to influence US policies and have been observed employing various tactics and techniques to accomplish their goals, CISA, the FBI, and the Office of the Director of National Intelligence (ODNI) note in the guidance (PDF).
“These actors employ a variety of methods to conduct foreign malign influence operations, such as using networks of fake online accounts to pose as Americans; enlisting real people to wittingly or unwittingly promote their narratives; and using proxies to launder their influence narratives through an array of overt and covert proxy websites, individuals, and organizations that appear independent,” the three agencies say.
Since 2016, foreign malign influence campaigns have focused on undermining the public confidence in the US election process and in exacerbating partisan tensions, CISA, FBI, and ODNI say.
State-sponsored threat actors have been observed employing both overt and covert methods as part of these campaigns, including the use of fake social media personas to promote inauthentic narratives, engaging with real people to echo influence messages, and the use of AI tools to generate and spread malign influence content.
Threat actors have been portraying “proxy” media entities as trustworthy outlets to use them for the distribution of influence messages, they have been using voice cloning tools to create fake recordings of officials, and have been using cyber-intrusions together with information operations to achieve their goals.
Additionally, state-sponsored threat actors have been observed creating and spreading false evidence of cyber and physical incidents, including fake “hacked” documents and fake reports, paying influential individuals and organizations, and leveraging social media platforms to increase belief in their campaigns.
To prepare for and respond to foreign malign influence operations, election officials and other election infrastructure stakeholders are advised to proactively debunk potential malign influence narratives, direct audiences to official websites and trusted sources of information, train staff to respond to suspected AI-generated media, and establish relations with local media and community leaders.
To secure systems, accounts, and public-facing assets, they should make social media accounts private, harden personal and organizational accounts, use strong cybersecurity protocols, including multi-factor authentication, on all accounts, and should use non-repudiation and authentication techniques to mark their content.
“The elections process is the golden thread of American democracy, which is why our foreign adversaries deliberately target our elections infrastructure with their influence operations. Defending our democratic process is the responsibility of all of us,” CISA senior advisor Cait Conley said.
Related: Five Eyes Agencies Release New AI Security Guidance
Related: US Government Issues New DDoS Mitigation Guidance
Related: US Government Issues Guidance on Securing Water Systems
