Critical domains of foreign interference

By Nad'a Kovalcikova, PhD.

In today’s security landscape, foreign interference has become a pervasive threat. Hostile actors are infiltrating everything from social media to government websites, targeting trade secrets, and posing an increasing risk to critical infrastructure systems. This requires heightened vigilance and concerted efforts to detect, expose and counter these malign activities. The impact of intentional and harmful interference operations is amplified when wielded simultaneously across diverse societal sectors. Therefore, it is crucial to devise cross-sectoral frameworks, tools and responses and examine specific incidents of foreign interference, in order to address critical threat vectors.

In April this year, with the US presidential elections looming on the horizon and Russia’s war against Ukraine having entered its third year, yet another episode of foreign interference was detected. The viral clip, containing false claims about a Kyiv troll farm attempting to interfere in the US elections, aimed to discredit the Ukrainian authorities. This incident was part of a larger campaign conducted by a group of disinformation experts connected to Russia’s Internet Research Agency. These hostile actors are deploying increasingly sophisticated technology to disrupt Western democracies and their allies, and fabricating and spreading manipulated audio-video content online. A few months earlier, on 7 December 2023, the United Kingdom accused Russia’s Security Service, the FSB, of orchestrating a ‘sustained cyber-hacking campaign’ targeting politicians and other public representatives for a number of years, including during critical election periods. Immediately afterwards, the EU High Representative for Foreign Affairs and Security Policy (HR/VP), Josep Borrell, stated that ‘[a]ctivities that seek to threaten our integrity and security, democratic values and principles and the core functioning of democracies are unacceptable.’ He also underlined the need to protect the European parliamentary elections ‘from malign foreign actors who want Europe to fail’. Only a week after the United Kingdom made similar declarations in relation to foreign (digital) interference, on 15 December 2023, the Financial Times published an alarming story about Chinese spies recruiting a European politician as part of an operation aimed at dividing the West. These incidents, however, represent only a small part of the ongoing malicious activities being conducted by a broad range of actors. This includes, for example, the large-scale and sustained Russia-based DoppelG?nger influence cooperation targeting Western countries and their media outlets since 2022.

The surge in foreign interference against democracies demonstrates the rising importance and urgency of countering these hostile activities. This requires a heightened focus given their potential to critically impact national, European and transnational security. Moreover, cyberattacks and information manipulation are becoming increasingly intertwined, with growing evidence that foreign actors are generating or contributing to evolving security challenges. Their goal is to undermine their adversaries’ core values and institutions and either exploit existing vulnerabilities or create new ones.

This Chaillot Paper examines foreign interference across a broad range of sectors (6). It analyses how foreign information manipulation and interference (FIMI), and cyber threats are interconnected within a broader toolkit, highlighting both their points of convergence and divergence. Specific chapters dissect interference across a particular domain, exploring emerging policy approaches. Each case study follows a clear structure, identifying an incident, its effects, and the response measures taken, and outlining possible implications or policy recommendations to consider.

The volume explores in particular the cyber-FIMI nexus across five key areas: the political, social, economic, digital, and international security domains.

1. The political domain: Interference operations in this domain are among the most insidious as they are often known only to few people and are rarely exposed by those directly involved. In chapter 1 Ivana Karásková analyses various influence tactics, objectives and connections between China’s information manipulation and the coercion of political representatives. A thorough understanding of these efforts is critical to prevent China’s interference tactics from disrupting the political dynamics of targeted states, but also from undermining the EU’s democratic processes and international standing. The author highlights the interconnectedness of the online and offline domains and draws attention to the vulnerabilities of European polities to foreign interference. She further emphasises the need for the EU and its Member States to consider developing a ‘counter-coercion toolbox’.
2. The social domain: In chapter 2 Rumena Filipova, Ph.D. , focusing on the case study of Bulgaria, examines how the interplay of internal and external factors can exacerbate foreign interference in a domestic societal context. She shows how, since Russia’s invasion of Ukraine, a confluence of factors – increased information manipulation, the growing influence of pro-Russian media, political infiltration and cyberattacks – has made citizens more receptive to anti-Western and pro-Russian narratives aiming to fracture Bulgarian society and undermine the country’s commitment to EU and NATO. The author emphasises the importance of exposing the subversive activities of domestic pro-Russian actors operating within opaque networks. She stresses the need to bolster defences against foreign authoritarian influence and formulate a consistent strategy against Russian interference across various domains, including in the economic, media and political spheres.
3. The economic domain: In chapter 3 Bart Hogeveen analyses foreign state-sponsored cyber-enabled espionage and in particular, intellectual property theft. While individual incidents can seriously harm companies’ commercial interests, the issue becomes more consequential when certain industries become targets of sophisticated and sustained digital operations that attempt to extract confidential business information. The author investigates the links between this form of cyber operations and foreign interference in the context of geostrategic and technological competition and considers the palette of responses available to states to strengthen their defences.
4. The digital domain: In chapter 4 Andrea Salvi, Ph.D. delves into the increasingly sophisticated world of deepfakes, exploring their evolving features, various categories and impact. These are frequently deployed as part of targeted information manipulation efforts in electoral contexts, and beyond, feeding into broader disruptive interference operations. As artificial intelligence (AI) advances, the line between reality and fabrication is becoming increasingly blurred. After examining specific incidents, their impact and consequences, the author proposes solutions based on a collaborative approach. These solutions combine regulatory measures with initiatives to build societal resilience and public trust, empowering citizens to critically evaluate information. Such a collaborative effort is crucial to combat the misuse of deepfake technology by malicious actors who seek to shape and distort public perceptions and deepen divisions within society.
5. The international security domain: In chapter 5, Patryk Pawlak explores the link between FIMI and cyberattacks targeting critical infrastructure. Focusing on a set of concrete examples, he argues for a combined approach to FIMI and cybersecurity, as the information and cyber realms are inextricably interlinked. He also calls for a more rigorous approach to designating ‘critical information environment infrastructure’ and inclusion of the information environment as a key component in the discussion about critical infrastructure protection. The chapter examines the different categories of cyber incidents and the factors influencing attack methods. A key focus is the role of political decision-making, in particular when it comes to designating cyber incidents as foreign interference. This is especially important when state-backed perpetrators target a country’s critical infrastructure with the intent to influence its foreign policy. To address risks and threats along the cyber-information continuum, critical infrastructure protection strategies should clearly define and protect their critical information environment. Since political and technical criteria for such designations can differ, the ability to distinguish between attack types is crucial for effectively assessing their impact on critical infrastructure.

This Chaillot Paper presents a comprehensive analysis of foreign interference tactics and their effects through the five distinct case studies outlined above. Exploring a diverse range of effects and responses, in the concluding chapter it identifies recurring patterns and exposes the interconnectedness of these interference toolboxes. The analysis not only highlights key differences as well as similarities in tactics and strategies, but also pinpoints areas where EU policies can be strengthened through integration. By offering targeted recommendations in each chapter and broader more comprehensive recommendations in the conclusion, this volume aims to equip policymakers with an effective, tailored and actionable strategy to counter these increasingly intertwined threats.

?? Read the full analysis on our website: https://www.iss.europa.eu/content/hacking-minds-and-machines