NATO’s approach to counter information threats

INTRODUCTION

1. NATO continues to face growing hybrid threats and challenges from state and non-state actors. Strategic competitors test our resilience and seek to exploit the openness, interconnectedness and digitalisation of our nations. They interfere in our democratic processes and institutions, challenge our values and target the security of our citizens through hybrid tactics, both directly and through proxies.
2. Hostile information activities may constitute a national security threat. Information threats describe intentional, harmful, manipulative and coordinated activities by state and non-state actors in the information environment with an actual or potential negative impact on NATO and Allies. This includes, but is not limited to, information operations, information manipulation and interference by foreign actors, and disinformation. Tracking and analysing these activities ensures a comprehensive picture of the behaviour of hostile actors in the information environment. Information threats continue to grow in size and sophistication, requiring a structured and coherent response.
3. Malign actors routinely conduct hostile information operations against NATO, Allies and NATO partners. They develop new tactics, techniques and procedures (TTPs) to manipulate information and public opinion. Such activity ranges from traditional media, including through the use of state-controlled outlets, to social media and online services.
4. Rapid technological developments, particularly in the field of Artificial Intelligence (AI) and Deep Fakes, have the potential to further undermine public trust in communications by amplifying the use and effect of TTPs, create confusion in the information environment, and alter perceptions in subtle but significant ways.
5. Some malign actors use other tactics to distort the information environment. They also exploit gender narratives and promote gendered disinformation to sow division and destabilise our societies. This challenges the Alliance’s security, resilience, interests, values and democratic way of life. 
6. In order to better address these information threats and challenges and to increase internal coherence on information threat taskings, Allied Defence Ministers have agreed NATO’s approach to countering information threats.

AIM AND SCOPE

7. The aim is to establish a well-connected and interoperable approach to identify, prevent and respond effectively to information threats.
8. Driven by NATO’s overall strategic vision, this approach provides overarching guidance to help NATO, Allies and NATO partners be better placed to address information threats. It respects the Alliance’s values of freedom of expression, democracy and the rule of law, and therefore ensures pluralism of opinion. It develops a data-driven, long-term strategy to proactively tackle information threats.
9. It enables coordination among and with relevant stakeholders across the NATO Enterprise responsible for addressing broader hybrid threats to ensure the integration of insights and assessments on information threats with other reporting on hybrid activity in a holistic manner.
10. It provides parameters for relevant stakeholders across the NATO Enterprise to work effectively with Allies, NATO partners and external stakeholders.

STATE OF PLAY

11. NATO recognises the challenge of information threats and considerable work has been undertaken by the Alliance over the past years, with regards to these threats.
12. The Alliance has developed a capability to understand and assess the information environment. NATO’s approach to counter information threats will build on the evolving Information Environment Assessment (IEA) capability. This capability operates across the NATO Enterprise, to deploy a combination of people, process and technology to analyse the information environment and to provide actionable insights to NATO civilian and military leaders.
13. To maintain its technological edge, NATO closely follows and seeks to adopt the latest technologies, including Artificial Intelligence (AI), at the speed of relevance. This covers both the exploitation of AI for IEA, as well as a deep understanding of how malign actors exploit AI to manipulate.
14. Resulting insights inform assurance and deterrence messaging, supports national efforts to enhance societal resilience of Allied citizens, and ultimately improves society’s ability to resist and recover from challenges.
15. NATO benefits from and complements existing Allied capacity-building initiatives and efforts in the field of strategic communications.

KEY AREAS FOR ACTION

METHODOLOGY

16. Identifying, monitoring, analysing and assessing information threats is the basis for informed responses. This provides the necessary insights to understand the TTPs a malign actor uses to manipulate the information environment and influence attitudes and behaviours. A comprehensive understanding of a malign actor’s patterns of behaviour ensures proactive, timely and well-calibrated responses across a variety of options.
17. A holistic approach that captures the complexity of information threats focusses on a comprehensive assessment of an information attack, including cyber-enabled information operations and information operations combined with physical actions like staged-protests and sabotage. 
18. NATO uses a broad variety of data sources to create an integrated picture of hybrid threats and risks faced by the Alliance, of which information threats are a part. AI-enabled tools support the monitoring, analysis and assessment of information threats and audience research adds empirical insights.
19. These data insights support the planning of responses and the assessment of NATO’s own strategic communications. NATO’s common methodology enables effective responses that raise the costs for the threat actor to achieve their goals. It is based on the following key elements:
    1. ABCDE: Monitoring, analysis and assessment of information threats requires a holistic approach, which includes an understanding of the actor, behaviour, content, degree and effect.
    2. Compatibility: NATO and Allies will continue to cooperate with each other, and with all relevant stakeholders to establish a common analytical approach. This will enable faster integration of insights to strengthen a comprehensive picture of the current information threats. 
    3. Interoperability: A shared standard for structured threat information exchange ensures better interoperability across the Alliance and with relevant stakeholders beyond the NATO Enterprise in accordance with the relevant NATO policies and procedures. 
20. Incorporating these elements in NATO’s approach to counter information threats helps to ensure NATO’s continued technological advantage. It ensures cooperation across the Alliance as well as supports efforts in relevant stakeholder networks, as appropriate. Ultimately this makes insights more comprehensive, faster and actionable.
21. The approach will improve NATO’s ability to:
    1. Understand: through monitoring, analysis and assessment of information from internal, Allied and external sources, NATO provides tailored and timely information threat assessment. This supports the Alliance’s situational awareness of information threats following the risk-based approach.
    2. Prevent: through early warning and alerting of relevant stakeholders, NATO and Allies prevent information threats from damaging NATO’s credibility and/or undermining their objectives. Responses include, but are not limited to: proactive communication; raising awareness; building societal resilience and information integrity; building and maintaining expert networks with relevant stakeholders.
    3. Contain and Mitigate: NATO and Allies contain an information incident or campaign and mitigate its effectiveness, through coordinated public statements, corrections, debunking, countering hostile narratives, public attribution, and other measures. 
    4. Recover: through an assessment of the vulnerabilities exploited by malign actors, NATO and Allies are encouraged to determine alternative responses to prevent, contain or mitigate future incidents.

IEA CAPABILITY

22. The NATO IEA capability continues to be strengthened. NATO is investing in a system-environment to process high volumes of open source, publicly and commercially available data that is explicitly designed to ensure that the delivery of IEA reporting is connected effectively with other communities dealing with different hybrid threats. 

COORDINATION

23. NATO HQ and Allies: Close cooperation and coordination between NATO and Allies is ensured through the Committee for Public Diplomacy (CPD). Further coordination is provided by the NATO Rapid Response Group (NRRG) that brings together International Staff (IS) and Allied experts on a voluntary basis.
24. Partnerships and international cooperation: NATO has increased its alert and sharing mechanisms and strengthened its joint responses, in particular in strategic communications. Cooperation between NATO and NATO partners on countering information threats will continue to be strengthened, as appropriate. NATO will intensify collaboration with Ukraine, and aim to improve cooperation with NATO partners, particularly those in the Western Balkans and the Black Sea region, NATO’s Southern Neighbourhood and the Indo-Pacific. NATO and Allies will ensure Contact Point Embassies are engaged and enabled to contribute to these efforts. NATO will provide interested NATO partners, as appropriate, the opportunity to deepen cooperation with the Alliance when developing their Individually Tailored Partnership Programmes (ITPP). NATO also continues to strengthen its engagement, including through information sharing, with relevant organisations to ensure a common understanding of the information threat landscape and the appropriate responses, in accordance with the relevant NATO policies and procedures. NATO continues staff-level engagement with relevant actors, such as the United Nations (UN), the European Union (EU), the G7 Rapid Response Mechanism (G7 RRM) and the Organization for Economic Co-operation and Development (OECD), as appropriate.
25. External cooperation: Considerable expertise and options for responses lie with individuals and entities outside of government and international organisations. Joint initiatives and pro-active engagement between NATO, Allies, industry, civil society and academia, as well as Centres of Excellence, will be deepened in order to tap into relevant expertise and resources to counter information threats, in line with NATO’s established rules and procedures. NATO will continue to engage and support efforts by civil society to address information threats through its grants program, as appropriate.

WAY FORWARD

26. NATO, Allies and NATO partners will aim to increase support to innovative initiatives from civil society and independent media, including engaging with academia, key opinion formers, think tanks, youth organisations and other non-governmental organisations, to counter information threats;
27. NATO will consult with interested NATO partners, including in flexible groupings when relevant, in line with existing policies and procedures, to share and discuss lessons learned about countering information threats;
28. NATO will seek the inclusion of a Public Diplomacy partnership goal in all ITPPs, for NATO and NATO partners to improve collaboration in countering information threats and dispelling misperceptions of NATO;