Cybersecurity & Foreign Interference in the EU Information Ecosystem

The European External Action Service (EEAS) and the Union Agency for Cybersecurity (ENISA) join forces to analyse the interplay between cybersecurity and Foreign Information Manipulation and Interference.

With broader hybrid threats crossing different domains, the European External Action Service (EEAS) and the European Union Agency for Cybersecurity (ENISA) publish today a joint report on the relation between cybersecurity and FIMI to better understand and adapt to the evolving threat landscape. The report puts forward and tests an analytical approach to describe the creation and dissemination behaviours of Foreign Information Manipulation and Interference (FIMI) and disinformation as a way to draw the attention to the activities the EU aims to prevent, deter and respond to. The ambition is to provide an input to the on-going and ever-pressing discussion on the nature and dynamics of information manipulation and interference, including disinformation, and on how to collectively respond to this phenomenon.

Intentional attempts to manipulate the information environment and public discourse by foreign actors is by no means a new phenomenon. Described in the past as “propaganda” or more recently as “disinformation”, activities labelled as such have received a considerable new impetus by technological advancements and the propagation of the internet, in particular social media and private messenger services. These developments have also provided significant possibilities to increase the reach of such activity as well as the combination of new and diverse tactics, techniques and procedures that are used across domains.

“Hack and leak” episodes, establishing legitimacy of specific content by compromising authoritative accounts or sharing alleged authentic material are only some of the examples that illustrate the dependent relationship between cybersecurity and the manipulation of the information environment.

Considering how hybrid threats crossing different domains are expanding, the analytical approach proposed by the report describes FIMI, as well as the underlying cybersecurity elements, by combing practices from both.

Tested on a limited set of events the report draws some preliminary conclusions on the relationship between cybersecurity and FIMI/disinformation, such as:

• the role of cybersecurity in establishing attribution of FIMI/disinformation operations;
• the importance of a structured, interoperable and seamless incident reporting process between the cybersecurity and FIMI/disinformation communities;
• the importance of information sharing and the sharing of best practices between the cybersecurity and counter-FIMI/disinformation communities;
• enhancing and facilitating the cooperation among EU institutions and bodies at policy level;
• raising awareness and support the capacity building of Member States and of international partners.

The report has benefited from the support of the ENISA ad hoc Working Group on Cybersecurity Threat Landscapes.

The report was published to coincide with the fourth edition of the CTI-EU event that brings stakeholders together to promote the dialogue and envision the future of Cyber Threat Intelligence for Europe.

Foreign Information Manipulation Interference (FIMI) and Cybersecurity – Threat Landscape