In episode 80 of The Cyber5, we are joined by Executive Director of the DISARM Foundation, Jon Brewer.

We discuss the mission of the DISARM Framework, which is a common framework for combating disinformation. Much like how the MITRE ATT&CK framework is used for combating cyber attacks, the DISARM framework is used to identify what Jon calls “cognitive security.” What that means is all the tactics, techniques, and procedures used in crafting disinformation attacks and influencing someone's mind. This includes the narratives, accounts, outlets, and technical signatures used to influence a large population. We chat about what success looks like for the foundation and specific audiences used to help the population in understanding how disinformation actors work.

Three Takeaways:

1. What is the DISARM Framework?

DISARM is the open-source, master framework for fighting disinformation through the coordination of effective action. It was created by cognitive security expert SJ Terp. It is used to help communicators, from whichever discipline or sector, to gain a clear, shared understanding of disinformation incidents and to immediately identify the countermeasure options that are available to them. It is similar to the MITRE ATT&CK framework which provides a list of TTPs that malicious actors conduct cyber attacks.

2. Similarities Between DISARM and MITRE ATT&CK Frameworks: Cognitive Security vs Cyber Security

Cognitive security and the DISARM framework is analogous to cyber security and the MITRE ATT&CK framework. Cognitive security are the TTPs that actors influence minds and cyber security are actors’ ability to steal data from networks. MITRE ATT&CK’s list covers the different TTPs of the cyber kill chain:

1. Reconnaissance
2. Resource Development
3. Initial Access
4. Execution
5. Persistence
6. Privilege Escalation
7. Defense Evasion
8. Credential Access
9. Discovery
10. Lateral Movement
11. Collection
12. Command and Control
13. Exfiltration

DISARM’s list covers different TTPs of the disinformation chain:

1. Plan Strategy
2. Plan Objectives
3. Target Audience Analysis
4. Develop Narratives
5. Develop Content
6. Establish Social Assets
7. Establish Legitimacy
8. Microtarget
9. Select Channels and Affordances
10. Conduct Pump Priming
11. Deliver Content
12. Maximize Exposure
13. Drive Online Harms
14. Drive Offline Activity
15. Persist in Information Environment
16. Assess Effectiveness

3. Disinformation: A Whole of Society Problem

While MITRE ATT&CK is mostly a business to business framework for enterprises to defend against cyber attacks. The DISARM framework is both a B2B framework for companies like technology and journalism, but also more broadly to consumers. This will take much more support from non-profits and public sector organizations like police and education systems.