Our Research and Advisory Service
Malicious Influence Operations
Malicious influence operations are costing billions of dollars per
year, and in some cases many millions of dollars per incident. This is
nothing new. What is new is the expansion of these operations to more
delivery platforms and modalities, and the use of generative AI to
increase efficiency and effectiveness.
The use of large language models to generate text-based
deceptions has enabled threat actors to create and deliver tens of
thousands of individualized and focused messages that have the look
and feel of personal human communications.
The use of realistic voice generation from samples has enabled
threat actors to create and deliver realistic voice, and in some case
also video messages from executives to workers, ordering them to bypass
normal controls based on a non-existent emergency.
The exploitation of social media information to detect
charactersitics of individuals and their likely susceptibility to
elicitation tactics has introduced a scalable facility for threat
actors to engage workers on social media and become online "friends"
to gather intelligence and create exploitable relationships.
Mass messaging through the formation and exploitation of
deceptive groups has created large-scale acceptance of
deceptions, thus driving groups of like-minded individuals into
cliques that amplify the lies and support group-level actions.
Standard training methodologies and attempts to send "good"
malicious emails have largely failed to meet the real needs of
companies to counter malicious influence operations:
Standard training has been ineffective because it
does not and can never provide enough clarity about what to do and
what not to do in light of the highly adaptive, individualized, and
realistic proximity of malicious influence from normal operational
methods. How can you or your employee tell if an email containing a
wire transfer routing number and account number has been altered en
Email-based punishment has been ineffective in that,
while it may reduce the portion of clicks on malicious links to as
little as 20-30%, that means that at best, only 1 in 5 real deceptions
will work. Given the volume of influence operations today, this isn't
good enough.Trying to trick your workers into doing the wrong thing
then punish them for it is a brutal approach. You can act like it's a
reward to do the right thing, but lying to workers makes you a liar
just like the threat actors you seek to protect against.
No human can ever get near 100% right in deciding what to
do under massive influence operations, and even if a few could, that
would not solve the problem for everyone else.
If we could properly train a human to do this, we could also
create technology to do the job better faster and more reliably.
The real challenges
There are three major dimensions involved in the challenges we face today.
Diverse media and modalities of delivery: Any solution
that will work will have to address the full range of media being used
by threat actors. This means it has to cover, as a starting point
today, social media, email, fused media bundling systems, voice,
video, and Web-based delivery.
Training that punishes the people we are trying to help:
Punsishing workers and becoming the liars you are trying to stop them
from listening to reduces trust in the company and makes workers
wonder why they should be honest when the company is not.
Technology not focused on mitigating the consequences:
Focusing excessively on preventing influence operations from getting
through is guaranteed to fail. Eventually, if enough attempts are
taken, the people and systems which can never be perfect will fail,
and the consequences of failure will be as severe as if you had no
such defense at all.
The one size fits all approach doesn't work, and a single
preventive defense cannot succeed indefinitely.
Horses for courses - so the saying goes. To address the complex
needs of successful defense, a risk management approach is required.
And that means having a suite of solutions that address the range of
issues to allow effective management of the risks.
Step 1: Understand the consequences and causes: Our
first step is an initial assessment of your situation. This allows us
to (1) identify the consequencs to your company of influence operations
today and into the future, (2) associate those consequences with threat
actions and the attack process available to them, and (3) identify a
reasonable and prudent set of protective actions to take.
Step 2: Get the consequences to acceptable levels: Each
company decides on acceptable levels of consequences they are willing
to tolerate, and the cost of protective measures has to be taken into
account in this decision. Based on the tolerance for risk and the
nature of the consequences, different strategies, tactics, tools, and
techniques are used for different aspects of the company and people
Step 3: Keep the consequences acceptable and adapt:
Don't imagine that this is a problem you will solve one and done. The
threat actors, the methods they use, and the situation the company is
in all change over time. And so should your protective measures. We
support the ongoing program of adaptation necessary to success in
today's operational environment.
Technology is required in order to efficiently and effectively
deal with the various approaches to countering influence operaitons.
Our technology includes a unique combination of decision support,
technical safeguards, training by gaming, and other technical methods
that augment human and machine performance at countering influence
operations and their effects.
Our Decision Support platform supports rapid collection
of the necessary information about the company to make the key
decisions required for implementing and adapting an effective and
efficient counter-influence program and updating and tracking progress
Our Training by Gaming technology provides a game
environment that is separate from the work environment, where workers
can learn about and deal with influence operations in a competitive
and enjoyable environment. They can improve their skills, have fun
with it, and do so without punishment, across multiple delivery media,
and without interfering with normal work operations or systems.
Our Technical Partnerships provide technologies to
mitigate consequences and adapt over time to new circumstances by
leveraging the best available techniques from a wide range of
Our Special Projects efforts provide top quality
special-purpose countermeasures for high consequence situations where
off-the-shelf solutions with proper configurtation are not adequate to