InfoSec Seminar: Meta-Issues in Information Security: fake news as a security incident

Speaker: Tristan Caulfield

Date/Time: 25-Jan-2018, 16:00 UTC

Venue: Main Quad Pop-Up 102

Details

Abstract

The purpose of this talk is a problem statement followed by a discussion. This is a broad topic that will require multidisciplinary inputs. We aim to discuss along the following problem statement:

Consider the following as a security policy: Elections in our country should be free from foreign influence. This fits with IETF RFC 4949's definition of a security policy statement, as long as we consider elections to be a "sensitive and critical system resource." In a modern democracy, this seems an easy argument.

For our purposes, we consider fake news to be a media item that is a type of disinformation operation characterized by effective use of online media to target and take advantage of human cognitive biases. To be of interest, we also require that the item purport to be about facts of the world (as opposed to opinion pieces) and that some population believes the item to be true. Fake news becomes a security incident when it violates our security policy. Specifically, the item needs to involve foreign influence over an election.

One recurrent solution for fake news is user education. We have learned from other areas of security that this solution, if it works at all, is at best partial and requires decades. We need something more.

The questions we plan to discuss include: What are the other systemic changes we could recommend to respond to this incident? Who is responsible for the response? What exactly are the resources we need to defend? How do we recover from an incident once its detected? What are the costs incurred by the adversary, and how can we increase these to be prohibitively expensive?

Add to Calendar

This page was last modified on 27 Mar 2014.