In this Help Net Security interview, John Cohen, Executive Director, Program for Countering Hybrid Threats at the Center for Internet Security, discusses the four pillars of the National Framework for Action, emphasizing how these measures can combat the exploitation of technology and social media by threat actors.
Cohen argues that a coordinated, whole-of-society approach is essential to empower communities and counter integrated threats to national security.
Can you walk us through the four pillars of the National Framework for Action, specifically focusing on enhancing threat detection and information sharing at the national level?
Foreign and domestic threat actors relentlessly take advantage of the interconnected world, exploiting new technologies and using social media platforms to conduct operations and promote their narratives. Adversaries and criminals rely on our inability to address the increasingly integrated relationship between cyber and physical threats.
We identified four pillars, which provide a framework for law enforcement, government, and nongovernmental organizations to address the combined use of cyber attacks, information operations, and physical operations by criminals, foreign adversaries and domestic threat actors.
To protect our communities and institutions, we must ramp up our ability, as a nation, to detect emerging threats and rapidly share that information with law enforcement, national security professionals and other organizations working to protect their communities. Awareness of the threat is the first step in preventing violence, stopping criminal activity, and thwarting foreign interference in our society.
What are the key components of the whole-of-society approach proposed by the National Framework for Action, and why is nationwide coordination essential in combating these threats?
Digitally-enabled crime, violence, and national security threats harm far too many communities. These threats originate from threat actors across the nation and around the world, potentially impacting with a wide swath of the American public. Given the enormous scope and scale of the threat, individual communities and organizations are ill-equipped to solve the problem alone.
An effective response should involve government, academia, community groups, faith-based organizations, businesses, and other entities, each of which has a key role in preventing acts of violence and other illegal activity. Additionally, a concerted effort addressing the increasing use of advanced computing, such as generative artificial intelligence (GenAI), by foreign and domestic threat actors, as they engage in cyber, physical, and information operations will prepare society to counter these threats now and in the future.
How important are community empowerment and public-private partnerships in addressing threats, and what role can local governments and organizations play?
The connected world is being leveraged by our adversaries and criminal organizations to undermine confidence in key institutions in our society, and it’s having an impact. We see it in our election process. We see it in the way that our societies are polarized, divided and angry. We see it in ransomware attacks on our critical infrastructure. It’s a new day, it’s a new game.
Empowering communities to be aware of and prepared for these types of threats can be a game changer, particularly among populations that are targeted via online information operations. We found that building resilience is most successful when local communities lead the effort, including building digital literacy, expanding critical thinking skills, understanding how social media companies use algorithms to promote certain content, and expanding civic engagement. These strategies have been shown to be most effective when trusted voices, such as veterans, faith leaders, community leaders, and local government officials, implement them.
Establishing a consortium of national security, public safety, democracy building, philanthropic, and local government stakeholders will help bridge the gap between public and private institutions, ensuring that communities have an equal playing field when responding to nationwide threats. To build these public-private partnerships we must identify and support organizations that can credibly engage communities vulnerable to being targeted by threat actors. We must also facilitate these organizations’ efforts to build resilience. For example, implementing programs to facilitate and increase civic participation and delivering tailored threat briefings to ensure specific communities know that threat actors are trying to manipulate them and why.
With AI becoming more accessible, how can law enforcement and cybersecurity professionals keep up with criminal groups that leverage AI tools to enhance their hacking operations?
AI is enabling criminal groups and our adversaries to develop malware rapidly, automate attacks, and enhance effectiveness of social engineering attacks and operations. It is making it easier for less-technically savvy actors to conduct more sophisticated attacks.
The Center for Internet Security recently assessed that threat actors are almost certain to increasingly integrate GenAI into influence operations, as well as cyber and physical attacks. Notably, we have observed state-sponsored threat actors using GenAI to undermine the U.S. democratic process during 2024 November General Election season.
We recommend the establishment of a public-private task force to examine the use of advanced computing capabilities by foreign and domestic threat actors. This will allow federal, state and local governments, private businesses and nongovernment organizations to share the most up-to-date threat information, research and best practices.
How are behavioral threat assessments and multi-disciplinary threat management strategies integrated at the community level to prevent violent acts or illegal activities inspired by online content?
To address the evolving threat environment we must establish a consistent level of capability across the US for local communities to detect, evaluate, and manage the risk of violence or other illegal activity by those individuals who are influenced by malicious online content.
We can do this by supporting local efforts to conduct threat and behavioral risk assessments and deploy multi-disciplinary threat management strategies. This whole-of-society effort will require technical assistance, training, and financial resources to support fostering trusted collaboration between law enforcement, mental health professionals, community leaders, and others.
This collaboration will help mitigate violent and illegal activity inspired, informed, and facilitated by online activity. For example, it should include a national-level consortium comprised of state, local, tribal and territorial mental health and law enforcement organizations along with civil society entities—particularly community-level nonprofits—that meet frequently to discuss best and emerging practices.
It should also include a consistent level of capability across local jurisdictions to conduct behavioral risk and threat assessments and multi-discipline threat management programs, as well as consistent grant guidance from both DHS and U.S. Department of Justice regarding how grants can be used to support threat assessment and mitigation efforts.