Disinformation influences everything and everyone
Mistrust of vaccines, influencing elections, provoking hatred and manipulating stock markets – these are only a few examples of the negative effects of disinformation, estimated to reach a yearly global cost of 78 billion dollars. In addition, it is alarming that more and more states are developing methods that exploit the weaknesses in modern information societies by conducting different disinformation-based influence operations.
These problems were addressed by Sentinel in the Accelerate Estonia project that aimed to research and develop solutions that would enable Estonia to become the leader in the fight against disinformation. In this blog post, we describe what was achieved, what we learned during the project, and share our ideas on how to proceed in the future.
We started the first phase of the project in July 2020 with the aim to initially map and then involve all relevant national stakeholders to gather their feedback on how to develop a concrete action plan to realise the goal of the project. During this process, we got confirmation on the simple truth that the problem of information warfare and disinformation is complex and multi-faceted, that an effective solution needs to be comprehensive, multidisciplinary, and include different stakeholders on the national and international level, involving the public, private and civil sectors. For example, a high level of media literacy is of fundamental importance – something that can be developed mainly through the education system. At the same time, the fight against disinformation relates to the domains of strategic communications and foreign- and security policy, but also to having suitable information technology solutions that can be mainly developed by the private sector.
Emphasis on the private sector
Development of the “information security business ecosystem” became the main focus of the second phase of the project. As disinformation is inherently a societal problem – with the state having a significant role in solving it -, the emphasis was put toward finding cooperation opportunities between the private and public sector. We took inspiration and saw useful parallels from the success in the field of cybersecurity, as Estonia is known as both having a strong national cybersecurity posture as well as being a forerunner in the domain internationally, with the private sector playing a significant role on both levels.
In October 2020, we supported a hackathon organised by Startup Estonia and Garage48 that was devoted to issues relating to cyber and information security. The results showed that there are interest and fresh ideas to support the development of the domain. Furthermore, we saw that, in addition to Sentinel, other IT companies (e.g. Cybexer) who are focusing their efforts on the problem of disinformation started to emerge. Nevertheless, if we compare the maturity of the market to the cybersecurity domain, it is obvious that companies operating in the area of information security or disinformation are still minimal. Simply put, we do not yet have “mature” enterprises whose core business would be based on a proven business model related to disinformation.
We conceptualised the role of public-private partnership in the domain of information security on both national and international level. On the one hand, the public sector can be a unique source for defining specific problems and needs, and the private sector, in turn, can respond accordingly as the developer and provider of suitable solutions. On the other hand – based on Estonia’s positive image in digital affairs and cybersecurity – we assumed that close national public-private cooperation could also enable the export of solutions to Estonian allies. This is especially relevant in the traditionally “closed” domain of national security and defence. The above-described benefits were also the reasoning behind Sentinel’s (business) decision to participate in the Accelerate Estonia programme and push for the development of national cooperation in the area.
As we liaised with different public sector organisations, we experienced both the strengths and weaknesses of Estonia. Our relative advantages over other nations tend to be the positive international image in all things digital, openness to innovative solutions by government officials, the general flexibility of the system with an ability to adapt fast to change and achieve quick decision-making. Then again we cannot underestimate the fact that Estonia still is a small state with very limited resources, constantly needing to prioritise investments. As the main activities of the project were conducted in the second half of 2020, the coronavirus crisis as a top national priority had its effect (including in the area of strategic communications).
Despite the complications created by the coronavirus, we nonetheless identified several practical steps that can be taken to facilitate public-private cooperation to support the fight against disinformation. As an example, the Government Office – the main body managing and coordinating strategic communications in Estonia who actively helped us to map the needs of the public sector – can act as an important partner for entrepreneurs that have ambitions to develop solutions or services in the area of information security. At the same time, partnerships need to be based on the nature of the services or solutions – depending on the focus, suitable partners might be in other government agencies (e.g. relating to education, internal affairs and defence).
In addition to establishing direct partnerships with suitable institutions, we saw that practical first steps can be achieved by combining disinformation-related initiatives with the existing cybersecurity “ecosystem”. As mentioned, we collaborated with the CyberTech program of StartUp Estonia that could incorporate disinformation-related activities into its future initiatives as well. We also concluded that since the “business ecosystem” in the field of disinformation is still in a nascent stage, it is not reasonable to create a separate industry association that would gather and facilitate cooperation between different relevant stakeholders in the field. Instead, an option to support better cooperation in Estonia would be to involve companies such as Sentinel with the Estonian Information Security Association (EISA). We also identified opportunities to integrate activities relating to the issue of disinformation to different initiatives of the NATO Cooperative Cyber Defence Centre of Excellence. For example, this year’s cyber defence exercise Locked Shields featured a track devoted to strategic communications and information operations. In the area of training and exercises, the Estonian Cyber Security Exercises and Training Centre (CR14) also showed readiness to include activities relating to disinformation in its projects.
From strategic agreements to action: the need for central coordination and investments
Readiness to deal with the issue of disinformation by both the public and private sector in Estonia was evident and promising. However, to develop national capabilities in a sustainable manner, the above-described practical steps and mere supportive attitudes are not sufficient. For Estonia to truly take a leap forward in this area, it is necessary to reach a national strategic agreement that would allow for a range of domain-specific investments and the creation of a centrally coordinated development plan.
An important breakthrough in the context of political priorities came in January 2021 with the new governance agreement that featured the following promise: “We will be leaders in the European Union in the fight against disinformation and the manipulation of the public information space”. The statement was accompanied by concrete tasks in the government’s action plan that foresees activities concerning foreign relations, education and entrepreneurship: formation of EU priorities, developing academic competencies (including the creation of an international Master’s programme) and organising an EU-wide hackathon related to “information disorder”.
We believe that together with our partners and as a result of the activities conducted in the project, we manage to create a “fertile ground” for the domain to develop further and that the initially set long-term goal for Estonia to become a leader in the fight against information warfare is achievable. The project showed us that the need, readiness and necessary will to raise the level of information security is there for the relevant stakeholders. So that new and strong initiatives would grow from this fertile ground, the domain of information security needs to be developed systematically. This means that the process has to be centrally coordinated, but also that the different stakeholders – both public institutions and enterprises – contribute to solving the issue proactively and consistently as coherence of and trust in society is in the interest of all.