CSO Perspectives (Pro) 7.5.21
Ep 5554 | 7.5.21

Bonus: Cybersecurity Canon Hall of Fame interview with Peter Singer and Emerson Brooking.


Rick Howard: The CSO Perspectives podcast finished its fifth season a couple of weeks ago, and we are working hard on season six that will begin on 19 July. But don't feel sad. We have a special treat for you instead. The Cybersecurity Canon Project announced the author selectees for the 2021 Hall of Fame awards back in May.

Rick Howard: And you all know that I'm a huge advocate for reading in general, but specifically we all need to read more good cybersecurity books. And I emphasize the good there because there are a lot of published, bad cybersecurity books out there. 

Rick Howard: And the reason that I'm excited today is that I get to interview the authors for one of the 2021 Hall of Fame awardees Peter Singer and Emerson Brooking, the authors of "LikeWar: The Weaponization of Social Media."

Rick Howard: My name is Rick Howard. You are listening to CSO Perspectives, my podcast about the ideas, strategies, and technologies that senior security executives wrestle with on a daily basis.

Rick Howard: The Cybersecurity Canon Committee selected five books for inclusion into the hall of fame this year: "Transformational Security Awareness" by Perry Carpenter, "Code Girls" by Liza Mundy "Zero Trust" by Doug Barth and Evan Gilman, "Sandworm" by Andy Greenberg, and "LikeWar" by Peter Singer and Emerson Brooking. 

Rick Howard: Peter is a strategist at the New America think tank based in Washington, DC. He is also a professor at Arizona State University teaching cybersecurity, and he is a principal partner of Useful Fiction, a company that helps organizations with forecasting, communication, and narrative. 

Rick Howard: Emerson is a Resident Senior Fellow at the Digital Forensic Research Lab of the Atlantic Council that focuses on social media manipulation and securing elections around the world. I started by asking Emerson about why theywrote the book.

Emerson Brooking: Because we saw something coming down the pipeline. We had our first conversation about what would become "LikeWar" in the summer of 2013. Back when everyone in DC was talking about a terrorist group called Al-Shabab out of Kenya, and they were particularly famous for using Twitter and using it very effectively. But even then, we saw that it wasn't just going to be Shabab. It wasn't just going to be limited to Africa. There are going to be other terrorist groups that are going to use this tool, and that maybe over time, there would be more national militaries to be using this as an instrument of warfare as well.

Emerson Brooking: But when we had these initial framing conversations, I don't think we even anticipated that it would be the Russians. It would be these clandestine information campaigns targeting the United States. That there'd be a rise of, you know, white extremism and white nationalism also fomented by social media, and that soon it would consume our politics to the extent that it has.

Rick Howard: Military influence operations have been around since the world was young, but so has media influence operations. In the book, the authors cite the Spanish American War, where the St. Paul Globe newspaper changed its motto in 1894 to live news, latest news, reliable news, but no fake war news. So it's not that this is a new phenomenon. I asked Peter to explain why it seems so overwhelming today.

Peter Singer:  It's all been put on steroids. It's been driven viral when it's pushed through social media. When people were talking about social media, it was this assumption that it was going to aid the forces of democracy. It was only going to be for the good, and of course, what we found very early on was that it was a weapon and it was a weapon that was being used by terrorist groups, criminal groups, Russian information warriors. But to use that example of the Russians, it was taking the kind of operations that they had done back in the Cold War, but making them move faster and with orders of magnitude greater effect than they'd ever had before. 

Peter Singer: Campaigns it in the past were taking them years to influence a couple thousand people, it was taking them seconds to reach millions of people. The very same thing was playing out in celebrity. But the larger effect that we saw was a little bit of a riff off of the field of cybersecurity. We had become consumed with the idea of someone trying to hack the network. And yet what we were seeing was in some cases, even greater effect from people hacking the people on the network by driving ideas viral.

Rick Howard: Reading the book, I learned a new word, homophily, that helps characterize why things get viral on social media platforms. Here's Emerson to explain.

Emerson Brooking: It's called homophily and it means love of the same. It's an idea that, when people in your social network tell you things, you're more likely to believe it. And it's not a vulnerability. It's what enables us to create human societies. You have to have a degree of trust if you want to build things together. And that kind of predilection worked out really well for us for centuries. But the problem is online, you have that same sensation of trust when you're in a network of thousands of people. You might share a common interest, but you don't actually know the other folks who are in this network. And so when they share information, you're much more liable to believe it even though you don't know the person and that person will face no real consequences for spreading that lie. And so over time is you're part of these networks of interest and as you see certain information shared and you grow to believe it, you are detached a little bit further from a shared reality. And in the case of QAnon or extremist ideologies, that can be extraordinarily destructive.

Rick Howard: But it's also about the way the platform owners have designed the systems to incentivize virality. 

Peter Singer: It's also the design of the network itself. You are on a system that is created and run by for-profit companies that designed it around the idea of, virality. That's how it was designed. That's what is rewarded. You then look at the attributes of what's more likely to go viral. It's the packets of information that provoke a response or as Emerson said, they reinforce the way you already see the world. It's both our human nature, but it's also the very platform design.

Rick Howard: And the United States is particularly vulnerable to malicious use of "LikeWar" activities, and our leadership, both in government and the commercial sector, has been slow to respond. 

Emerson Brooking: The country in the world that has I think the greatest protection against like blocked against information conflict is North Korea because they have an internet of about 30 carefully controlled websites. And there are maybe a few thousand internet users total. The fact is that here in the U.S., in the birthplace of the internet, we're the most vulnerable because we've always tolerated the free flow of ideas. And, for decades, that's been the strength of Western democracies, but it really turns into a vulnerability here.

Peter Singer: This strange but horrible irony about the United States, we're the nation that invented the internet, but we're arguably the democracy least well-equipped to deal with it.  When we get to, what are we to do about it? And you break it out into, everything from you need a good government response. You need a corporate sector that takes responsibility. You need digital literacy among the citizens. Well, guess what? We for the last several years have not had any of those in place. It's this almost perfect storm of rewarding, the, the malactors of "LikeWar.".

Rick Howard: At the Hash Table, I asserted that all Western democracies are in the same boat, but Peter was adamant. Not all Western governments are like the United States.

Peter Singer: I'd argue back against you. It's not Western democracy writ large. There are certain Western democracies that do really well at this. Take the example of Estonia. Estonia is far more resilient to these information threats, not because they broke up Facebook. They didn't. Not because they've got some kind of massive budget. Not because they took away tolerance for free speech. They're far more resilient against it because they built up government strategy. They shifted how they do their intelligence collection. They shifted how they share information about incoming threats, conspiracy theories being pushed by foreign actors. Importantly, they shifted their digital literacy education in their schools. 

Peter Singer: In the United States, it's a sad truth that our Department of Education leadership spent more time talking about the threat of bears to our schools, than the Russian Bear to our democracy. But again, don't just think about the information threats as being political in nature. 

Peter Singer: These other democracies, the Estonias, the Finlands, they've also built up resilience against conspiracy theory, whether it's the QAnons of the world on the political side, anti-vaxxer conspiracy theory the public health impact that we've seen of the infodemic, to just kids being equipped to conduct research online better when they're assigned who built the pyramids. They go onto YouTube and going back to that design issue, within a couple of hops are being steered to, well, It's actually aliens who built the pyramids. We all need those skillsets, and yet we don't teach that for the most part in our schools and certainly don't teach them well.

Rick Howard: When I was the CSO with Palo Alto networks, the public facing threat intelligence team, Unit 42 worked for me. The summer that the news came out that Russians had successfully compromised the Democratic National Committee and Secretary Clinton's networks, I had a couple of interns in the office working for Unit 42. As an intel exercise, I asked them to forecast the probability that the Russians successfully changed the outcome of the 2016 U.S. Presidential race with their influence operations. In other words, what are the chances that they flipped the election results from Secretary Clinton to the then Presidential candidate, Donald Trump? I told them the answer to that question was probably the most important intelligence question in the last 20 years. They ultimately concluded that the probability was low, but that was way before we had any real data. Here we are five years later, I asked Emerson if he thought the Russians swayed the 2016 Presidential election. 

Emerson Brooking: That is always been million dollar question. It's difficult even now to look back to 2017 and, something about these information campaigns, which parallels traditional cyber attacks. One of their greatest damage they do is reducing confidence insistence, because you don't know if they've been further breached, you don't know how extensive the damage is. And I remember back in early 2017, we have this first revelations of Russian activities and, accusations would fly on Twitter that anyone was a Russian bot, right. Even for a while it was tough to contextualize just how big the Russian effort have been. We have a much better sense now. And the fact is that the false stories being produced by the Internet Research Agency and the, the fake Twitter accounts and sock puppets, they did reach a lot of Americans. But it seems unlikely that they themselves shifted many votes, but there's another Russian effort that often gets conflated in here that was WikiLeaks. That was the cyber intrusions into the Democratic National Committee and then, the personal email of John Podesta and other Clinton aides, and the selective leaking of that material through WikiLeaks. And there's a strong argument that's made by Kathleen Hall Jamieson, a long time  professor of political communication at the University of Pennsylvania, and she makes a very compelling case that Hillary Clinton's trustworthiness, which is typically a predictor of success in a presidential election, that her trustworthiness nosedived between the second and third Presidential Debates in late October, around the time of the first WikiLeaks disclosures. And nothing else explains that drastic drop except for like WikiLeaks. And what was in those hacked emails? Nothing actually particularly damaging, but most people didn't read them. Instead they became a big question mark. Their secret material that no one wants you to know about and it hung over and redefined the presidential race. In fact, the WikiLeaks disclosures came out the same day that the U.S. announced it publicly for the first time that Russia was interfering in the race. It also came out the same day is the Access Hollywood tape where President Trump was caught on tape making lewd remarks about women. In any previous presidential cycle, that would have been fatal. But all those things coming out at once, it was WikiLeaks that predominated and that really shifted the race. So I think today you can make an argument that it, that hacking attack laundered through the sort of information methods we're talking about, that hacking attack did sway the 2016 election.

Peter Singer: I think so. We did this article on that moment in October, that one day. We described it as, that was the day that Donald Trump lost and then won the election. Access Hollywood comes out and literally it's not just, generic voter, it's the entire leadership of the Republican party is having discussions about everything from, should they pull him off from being nominee? Vice President Pence nominee goes into hiding for multiple days. The leadership of the party, the then majority leader, basically tells the rest of them you do what you want, I'm just going to focus on Congress. And so it looks like he's done, and however by the raw data of what people end up talking about for the weeks later, not of Access Hollywood, not of the Cubs winning the World Series. The only thing that beat out discussion of the WikiLeaks phenomenon, uh Hilary's uh, you know, all the issues surrounding that, the only thing that beat it out was Halloween, was basically people on Facebook posting images of their kids costumes and the like. 

Peter Singer: So one was this pace of events, but it's not just about what people are talking about. If you do interviews with the people within the campaigns, campaigns have strategies, they have plans. I did an interview with a Hillary Clinton campaign official, and they described it as from the very start of this, it was like putting out a dumpster fire every single week because it was not just you'll recall one dump of information. It was staggered out. All their strategies were tossed to the side. They tried to dump that earlier through you'll recall the DC leaks site. It didn't hit, it didn't work. It was an unsuccessful operation. It was only when they got to the  virality aspect of it, of pushing it out via social media, the bots and the like, that it achieves effect. Now, so we definitely know it altered the shape of the election itself, what people are talking about, what the media was thinking about, et cetera. That's that's inarguable. The only what if is the, what if of, you know, how does it alter individual voters? And as you know, you know, only takes a small micro amount. There was an interesting study looked at by Ohio State University professors that looked at not overall voters, which is not the key here, but rather they looked at the key number of Obama voters who didn't turn out to vote for Hillary. So this subset and of that, if I recall the data from the OSU study and it was not just looking at Ohio, it was looking at multiple swing states, if they were exposed to misinformation online, they were four times less likely to turn out than they had been in the 2012 election.

Rick Howard: Peter and Emerson started working on this book back in 2013. They published it in 2018. During that time, they condensed the research into four big takeaways. 

Peter Singer: There were effectively four rules of "LikeWar" of this weaponization of social media that we found in our research looking at everything from ISIS, the ice bucket challenge, Taylor Swift to Donald Trump. One is the idea that the truth is out there. That you have now this incredible wealth of information that was of a scale not out there in the past. And so, pretty much everything, is seen, observed, talked about now, and that can be used for good or bad. 

Peter Singer: The second rule was, hey, the truth may be out there, but it can be buried underneath a sea of lies. And that's the essence of everything from Russian information warfare, to how we've seen it hit our politics, to even the discourse around the pandemic.

Peter Singer: The third rule was the notion of virality trumping veracity. The idea that the key aspect of information's power is not whether it's true or not, it's how viral it goes. How many people are reading it, seeing it, the rapid spread. 

Peter Singer: And then the final is this opens up a world of new powers and new possibilities. And it's not just, new possibilities of new kinds of presidents emerging, or new kinds of celebrities, or new kinds of terrorist groups, but there's also powers behind the throne. There are a handful of tech company executives who are not battling back and forth, but they determine the rules of the game. Mark Zuckerberg decides whether a Russian information warfare operation is going to be allowed to hit a democracy or not. They decide what is allowed to be said online about everything from in an election to about coronavirus to a genocide in Myanmar that's going after 600,000 people. And so that power is something that is a reality now, but everyone is uncomfortable with that power. The tech platforms are obviously enough uncomfortable and in many ways ill-equipped with it, but it also is something that the body politic is, for very good reason, uncomfortable with. And that question about, how do we deal with that power? I think it's going to be a core issue in our politics, certainly for the next couple of decades. 

Emerson Brooking: Mark Zuckerberg, in 2017, he journeyed to all 50 states and people thought that he was setting up to run for the presidency. But, other folks observed that he didn't need to run for the presidency, that he was president already. What he was doing was meeting his constituents. He took all these pictures, like he'd be looking at cattle in Montana, or just in a baker shop in Louisiana. And he was meeting the people who use his platform. People who were more, in so many cases, more intimately tied to him in his services then to the U.S. Government. And this level of power in private individuals, and this level of political power is really unprecedented, and the control that they have over our speech and our ways of expression.

Rick Howard: The book is not all gloom and doom. Peter and Emerson provide a way forward that perhaps doesn't completely solve the problem of "LikeWar," but helps us all build a resilience to it so that it won't be as impactful.

Peter Singer: The overall issue is to recognize the threat, but also recognize that there is no silver bullet solution to it. There's no one single thing that you do instead, again parallel to cybersecurity or public health, there's a role for government. There's a role for private sector. There's a role for the individual. In cybersecurity, no one would say, well, you know, they've created, Cyber Command, I guess my mom doesn't need two-factor on our Gmail. Right. But we have that kind of strange discussion on the social media side. So U.S. Government, we still lack a strategy for this space. We have a variety of activities, but they're not brought all together,  with a new administration, we have a little more alignment. In the past, you had, for example, a Russia working group that was looking at, Russian intelligence threats in this space, but then simultaneously, you'd have the lead White House official and the loudest voice on the internet elevating those very same activities. You had sort of a disconnect there. 

Peter Singer: Everything from bringing together a shift in how you look at the intelligence side, to the eye on the military, it's everything from organization to altering professional military education to deal with these new kinds of threats, just like you did for cybersecurity. Don't just think about this within a threat environment. Also think about the role of diplomacy. 

Peter Singer: If since the U S 2016 election, 35 other democracies were also hit in the same way, we should have been building an international coalition of all these democracies to counter it and share lessons learned. 

Peter Singer: As I referenced the education side of it, there are 139,000 schools in the United States. Many of them don't have digital literacy skills training. Of the ones that do, the resources are limited and not shared in a good way. Right now teachers, if they want to teach digital literacy in their classes, there's no one-stop place for them to go. Ironically enough, they literally Google for digital literacy tools. It's not the way it should be. So we're building a portal, that's going to bring it all together so, you know, a fourth grade teacher can find fourth grade appropriate activities versus a 12th grade journalism teacher can find what they need. 

Peter Singer: Okay. Everything I just talked about is governmental. Then you get to the role of the companies. They need to shift their mentality from recognizing they are no longer running technology companies. I hate to tell them they are running media companies. They're running the most powerful media companies in all of human history. And that brings a very different set of responsibilities to it. 

Peter Singer: But then finally, just like in cybersecurity, just like in public health, it's about the individual. It's about the target. We have agency in this and just like in public health, we need a Center for Disease Control, but it is irrelevant if you're not washing your hands, if you're not wearing that mask, if you're not getting that vaccine shot individually, and that's not just about awareness, it's about ethic. Why do you wear that mask? You wear it, not merely to protect yourself. You wear it to protect everyone else around you. It's the same thing when it comes to understanding these threats, it's not just about what you're reading or not. It's about what you're sharing or not. Are you infecting your friends and family through your Twitter, Facebook, LinkedIn, instagram, whatever it is? So you need all of those at play to build up resilience to these threats. 

Rick Howard: As I said, the book came out in 2018. It's three years later. So I asked Peter and Emerson what they would have included in the book if it had come out today.

Peter Singer: One is how the pandemic illustrated all of the lessons learned of the work and everything from it was out in the open, what was happening, and all the data was there, to the impact of the disinformation side of it. We would weave the pandemic through it. 

Peter Singer: I think this, the second is that, we would probably alter our discussion of its power to create movements. We would add or shift to probably a discussion of Black Lives Matter and/or Me Too. And, here again, a phenomena which, social media is wrapped up within that story. These movements do not happen without the power of social media. 

Peter Singer: And then the third would be, the storytelling symmetry of a book that begins with Donald Trump's very first tweet. As a writer, I think we probably would have brought it full circle to the end to the events of January six, an insurrection that was driven by social media. From the motivations, the conspiracy theory and misinformation that was the cause, to how it was coordinated and planned, all played out on social media was all in the open. 

Peter Singer: So I think that's how we would update it. And then you get to the issues of, okay, what have we learned? What should we do about this? And since the book came out, it hits this combined need for government strategy, more corporate responsibility, but finally the crucial importance of individual digital literacy, but just literacy in its traditional sense or, hygiene. There's a role for the education system, but there's also a role for the citizen. There's a role for the parents. That's the only way that we build resilience against these threats because they're not going away.

Emerson Brooking: My team was monitoring social media activity and livestreams leading up to January six. We briefed and warned DC police that this was a possibility. But on January six after the Capitol had been breached, there really wasn't much more we could do in terms of evidence collection right then. So I actually, I just went yeah, down, not all the way to the Capitol, but within a few blocks until there the sea of people was so much that you couldn't go any further. And I just listened for a while. 

Emerson Brooking: And in "LikeWar" we talk about how social media manipulation changes reality because it changes perception. I understood all this stuff intuitively, but actually being there and just listening to people who were checking their phones every few seconds for a possible Twitter update from the President. Thousands of people who earnestly believed that Donald Trump was going to be reinaugurated like within minutes. That was an extraordinarily affecting moment. It really brought home as we've kept saying that this issue is not going anywhere.

Rick Howard: The book is called "LikeWar: The Weaponization of Social Media." The authors are Peter Singer and Emerson Brooking, and they are the newest addition to the Cybersecurity Canon Hall of Fame. And if you are interested in the collection of Cybersecurity Canon Hall of Fame books, plus all the candidate books, and even the best novels with a cybersecurity theme, check out the Cybersecurity Canon website, sponsored by Ohio State University at ICDT dot OSU dot EDU slash cybercanon, all one word and with one "n" for canon of literature, not two "n's" for machines that blow things up, and if all that's too hard, go to your preferred search engine and type Cybersecurity Canon and Ohio State University, and congratulations to Peter Singer and Emerson Brooking for their induction into the Cybersecurity Canon Hall of Fame.

Rick Howard: And that's a wrap. Next week, the CSO Perspectives podcast is still on break preparing for season six, which starts on 19 July. While we're away, we'll keep running my long interviews with the 2021 author inductees into the Cybersecurity Canon Hall of Fame. Next week is Andy Greenberg, author of "Sandworm." you don't want to miss that.

Rick Howard: The CyberWire's CSO Perspectives edited by John Petrik and executive produced by Peter Kilpe. Our theme song is by Blue Dot Sessions, remixed by the insanely talented Elliott Peltzman who also does the show's mixing, sound design, and original score. Really? Why do they need me at all? And I'm Rick Howard. Thanks for listening.