The Cyber5 Podcast

EP80: The DISARM Framework Helps Bring Focus to the Disinformation Problem

Episode 80 | July 27, 2022

In episode 80 of The Cyber5, we are joined by Executive Director of the DISARM Foundation, Jon Brewer.

Episode 80 | July 27, 2022

In episode 80 of The Cyber5, we are joined by Executive Director of the DISARM Foundation, Jon Brewer.

We discuss the mission of the DISARM Framework, which is a common framework for combating disinformation. Much like how the MITRE ATT&CK framework is used for combating cyber attacks, the DISARM framework is used to identify what Jon calls “cognitive security.” What that means is all the tactics, techniques, and procedures used in crafting disinformation attacks and influencing someone’s mind. This includes the narratives, accounts, outlets, and technical signatures used to influence a large population. We chat about what success looks like for the foundation and specific audiences used to help the population in understanding how disinformation actors work.


Here are the 3 Topics We Cover in This Episode:


1) What is the DISARM Framework?

DISARM is the open-source, master framework for fighting disinformation through the coordination of effective action. It was created by cognitive security expert SJ Terp. It is used to help communicators, from whichever discipline or sector, to gain a clear, shared understanding of disinformation incidents and to immediately identify the countermeasure options that are available to them. It is similar to the MITRE ATT&CK framework which provides a list of TTPs that malicious actors conduct cyber attacks.


2) Similarities Between DISARM and MITRE ATT&CK Frameworks: Cognitive Security vs Cyber Security:

Cognitive security and the DISARM framework is analogous to cyber security and the MITRE ATT&CK framework. Cognitive security are the TTPs that actors influence minds and cyber security are actors’ ability to steal data from networks. MITRE ATT&CK’s list covers the different TTPs of the cyber kill chain:

    1. Reconnaissance
    2. Resource Development
    3. Initial Access
    4. Execution
    5. Persistence
    6. Privilege Escalation
    7. Defense Evasion
    8. Credential Access
    9. Discovery
    10. Lateral Movement
    11. Collection
    12. Command and Control
    13. Exfiltration

DISARM’s list covers different TTPs of the disinformation chain:

    1. Plan Strategy
    2. Plan Objectives
    3. Target Audience Analysis
    4. Develop Narratives
    5. Develop Content
    6. Establish Social Assets
    7. Establish Legitimacy
    8. Microtarget
    9. Select Channels and Affordances
    10. Conduct Pump Priming
    11. Deliver Content
    12. Maximize Exposure
    13. Drive Online Harms
    14. Drive Offline Activity
    15. Persist in Information Environment
    16. Assess Effectiveness


3) Disinformation: A Whole of Society Problem:


While MITRE ATT&CK is mostly a business to business framework for enterprises to defend against cyber attacks. The DISARM framework is both a B2B framework for companies like technology and journalism, but also more broadly to consumers. This will take much more support from non-profits and public sector organizations like police and education systems.


Listen to other podcast episodes