Misinformation on Internet

Introduction

When a tragedy strikes, moments are fragile, people are vulnerable, emotions run high, and every second is important. In such critical situations, information becomes as crucial as food, water, shelter, and medication. As soon as any information is received, it often leads to stampedes and chaos. Alongside the tragedy, whether natural or man-made, emerges another threat: misinformation. People, desperate for answers, cling to whatever they can find.

Tragedies can take many forms. These may include natural disasters, mass accidents, terrorist activities, or other emergencies. During the 2023 earthquakes in Turkey, misinformation spread on social media claiming that the Yarseli Dam had cracked and was about to burst. People believed it and began migrating from the area. Panic followed, and search and rescue teams stopped operations in that zone. Precious hours were lost. Later, it was confirmed to be a rumour. By then, the damage was already done.

Similarly, after the recent plane crash in Ahmedabad, India, numerous rumours and WhatsApp messages spread rapidly. One message claimed to contain the investigation report on the crash of Air India flight AI-171. It was later called out by PIB and declared fake.

These examples show how misinformation can take control of already painful moments. During emergencies, when emotions are intense and fear is widespread, false information spreads faster and hits harder. Some people share it unknowingly, while others do so to gain attention or push a certain agenda. But for those already in distress, the effect is often the same. It brings ore confusion, heightens anxiety, and adds to their suffering.

‍

Understanding Disasters and the Role of Media in Crisis

Disaster can be defined as a natural or human-caused situation that causes a transformation from a usual life of society into a crisis that is far beyond its existing response capacity. It can have minimal or maximum effects, from mere disruption in daily life practices to as adverse as inability to meet basic requirements of life like food, water and shelter. Hence, the disaster is not just a sudden event. It becomes a disaster when it overwhelms a community’s ability to cope with it. 

To cope with such situations, there is an organised approach called Disaster Management.  It includes preventive measures, minimising damages and helping communities recover. Earlier, public institutions like governments used to be the main actors in disaster management, but today, with every small entity having a role, academic institutions, media outlets and even ordinary people are involved. 

Communication is an important element in disaster management. It saves lives when done correctly. People who are vulnerable need to know what’s happening, what they should do and where to seek help.  It involves risk in today’s instantaneous communication. 

Research shows that the media often fails to focus on disaster preparedness. For example, studies found that during the 2019 Istanbul earthquake, the media focused more on dramatic scenes than on educating people. Similar trends were seen during the 2023 Turkey earthquakes. Rather than helping people prepare or stay calm, much of the media coverage amplified fear and sensationalised suffering. This shows a shift from preventive, helpful reporting to reactive, emotional storytelling. In doing so, the media sometimes fails in its duty to support resilience and worse, can become a channel for spreading misinformation during already traumatic events. However, fighting misinformation is not just someone’s liability. It is penalised in the official disaster management strategy. Section 54 of the Disaster Management Act, 2005 mentions that "Whoever makes or circulates a false alarm or warning as to disaster or its severity or magnitude, leading to panic, shall, on conviction, be punishable with imprisonment which may extend to one year or with a fine."

‍

AI as a Tool in Countering Misinformation 

AI has emerged as a powerful mechanism to fight against misinformation. AI technologies like Natural Language Processing (NLP) and Machine Learning (ML) are effective in spotting and classifying misinformation with up to 97% accuracy. AI flags unverified content, leading to a 24% decrease in shares and 7% drop in likes on platforms like TikTok.  Up to 95% fewer people view content on Facebook when fact-checking labels are used. Facebook AI also eliminates 86% of graphic violence, 96% of adult nudity, 98.5% of fake accounts and 99.5% of content related to terrorism. These tools help rebuild public trust in addition to limiting the dissemination of harmful content. In 2023, support for tech companies acting to combat misinformation rose to 65%, indicating a positive change in public expectations and awareness.

‍

How to Counter Misinformation

Experts should step up in such situations. Social media has allowed many so-called experts to spread fake information without any real knowledge, research, or qualification. In such conditions, real experts such as authorities, doctors, scientists, public health officials, researchers, etc., need to take charge. They can directly address the myths and false claims and stop misinformation before it spreads further and reduce confusion. 

Responsible journalism is crucial during crises. In times of panic, people look at the media for guidance. Hence, it is important to fact-check every detail before publishing. Reporting that is based on unclear tips, social media posts, or rumours can cause major harm by inciting mistrust, fear, or even dangerous behaviour. Cross-checking information, depending on reliable sources and promptly fixing errors are all components of responsible journalism. Protecting the public is more important than merely disseminating the news.

Focus on accuracy rather than speed. News spreads in a blink in today's world. Media outlets and influencers often come under pressure to publish it first.  But in tragic situations like natural disasters and disease outbreaks, rushing to come first is not as important as accuracy is, as a single piece of misinformation can spark mass-scale panic and can slow down emergency efforts and lead people to make rash decisions. Taking a little more time to check the facts ensures that the information being shared is helpful, not harmful. Accuracy may save numerous lives during tragedies. 

Misinformation spreads quickly it can only be prevented if people learn to critically evaluate what they hear and see. This entails being able to spot biased or deceptive headlines, cross-check claims and identify reliable sources.  Digital literacy is of utmost importance; it makes people less susceptible to fear-based rumours, conspiracy theories and hoaxes. 

Disaster preparedness programs should include awareness about the risks of spreading unverified information. Communities, schools and media platforms must educate people on how to respond responsibly during emergencies by staying calm, checking facts and sharing only credible updates. Spreading fake alerts or panic-inducing messages during a crisis is not only dangerous, but it can also have legal consequences. Public communication must focus on promoting trust, calm and clarity. When people understand the weight their words can carry during a crisis, they become part of the solution, not the problem.

References: 

1. https://dergipark.org.tr/en/download/article-file/3556152 
2. https://www.dhs.gov/sites/default/files/publications/SMWG_Countering-False-Info-Social-Media-Disasters-Emergencies_Mar2018-508.pdf 
3. https://english.mathrubhumi.com/news/india/fake-whatsapp-message-air-india-crash-pib-fact-check-fcwmvuyc ‍
4. https://www.dhs.gov/sites/default/files/publications/SMWG_Countering-False-Info-Social-Media-Disasters-Emergencies_Mar2018-508.pdf

Introduction

Data Breaches have taken over cyberspace as one of the rising issues, these data breaches result in personal data making its way toward cybercriminals who use this data for no good. As netizens, it's our digital responsibility to be cognizant of our data and the data of one's organization. The increase in internet and technology penetration has made people move to cyberspace at a rapid pace, however, awareness regarding the same needs to be inculcated to maximise the data safety of netizens. The recent AIIMS cyber breach has got many organisations worried about their cyber safety and security. According to the HIPPA Journal, 66% of healthcare organizations reported ransomware attacks on them. Data management and security is the prime aspect of clients all across the industry and is now growing into a concern for many. The data is primarily classified into three broad terms-

• Personal Identified Information (PII) - Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
• Non-Public Information (NPI) - The personal information of an individual that is not and should not be available to the public. This includes Social Security Numbers, bank information, other personal identifiable financial information, and certain transactions with financial institutions.
• Material Non-Public Information (MNPI) - Data relating to a company that has not been made public but could have an impact on its share price. It is against the law for holders of nonpublic material information to use the information to their advantage in trading stocks.

This classification of data allows the industry to manage and secure data effectively and efficiently and at the same time, this allows the user to understand the uses of their data and its intensity in case of breach of data. Organisations process data that is a combination of the above-mentioned classifications and hence in instances of data breach this becomes a critical aspect. Coming back to the AIIMS data breach, it is a known fact that AIIMS is also an educational and research institution. So, one might assume that the reason for any attack on AIIMS could be either to exfiltrate patient data or could be to obtain hands-on the R & D data including research-related intellectual properties. If we postulate the latter, we could also imagine that other educational institutes of higher learning such as IITs, IISc, ISI, IISERs, IIITs, NITs, and some of the significant state universities could also be targeted. In 2021, the Ministry of Home Affairs through the Ministry of Education sent a directive to IITs and many other institutes to take certain steps related to cyber security measures and to create SoPs to establish efficient data management practices. The following sectors are critical in terms of data protection-

• Health sector
• Financial sector
• Education sector
• Automobile sector

These sectors are generally targeted by bad actors and often data breach from these sectors result in cyber crimes as the data is soon made available on Darkweb. These institutions need to practice compliance like any other corporate house as the end user here is the netizen and his/her data is of utmost importance in terms of protection.Organisations in today's time need to be in coherence to the advancement in cyberspace to find out keen shortcomings and vulnerabilities they may face and subsequently create safeguards for the same. The AIIMS breach is an example to learn from so that we can protect other organisations from such cyber attacks. To showcase strong and impenetrable cyber security every organisation should be able to answer these questions-

• Do you have a centralized cyber asset inventory?
• Do you have human resources that are trained to model possible cyber threats and cyber risk assessment?
• Have you ever undertaken a business continuity and resilience study of your institutional digitalized business processes?
• Do you have a formal vulnerability management system that enumerates vulnerabilities in your cyber assets and a patch management system that patches freshly discovered vulnerabilities?
• Do you have a formal configuration assessment and management system that checks the configuration of all your cyber assets and security tools (firewalls, antivirus management, proxy services) regularly to ensure they are most securely configured?
• Do have a segmented network such that your most critical assets (servers, databases, HPC resources, etc.) are in a separate network that is access-controlled and only people with proper permission can access?
• Do you have a cyber security policy that spells out the policies regarding the usage of cyber assets, protection of cyber assets, monitoring of cyber assets, authentication and access control policies, and asset lifecycle management strategies?
• Do you have a business continuity and cyber crisis management plan in place which is regularly exercised like fire drills so that in cases of exigencies such plans can easily be followed, and all stakeholders are properly trained to do their part during such emergencies?
• Do you have multi-factor authentication for all users implemented?
• Do you have a supply chain security policy for applications that are supplied by vendors? Do you have a vendor access policy that disallows providing network access to vendors for configuration, updates, etc?
• Do you have regular penetration testing of the cyberinfrastructure of the organization with proper red-teaming?
• Do you have a bug-bounty program for students who could report vulnerabilities they discover in your cyber infrastructure and get rewarded?
• Do you have an endpoint security monitoring tool mandatory for all critical endpoints such as database servers, application servers, and other important cyber assets?
• Do have a continuous network monitoring and alert generation tool installed?
• Do you have a comprehensive cyber security strategy that is reflected in your cyber security policy document?
• Do you regularly receive cyber security incidents (including small, medium, or high severity incidents, network scanning, etc) updates from your cyber security team in order to ensure that top management is aware of the situation on the ground?
• Do you have regular cyber security skills training for your cyber security team and your IT/OT engineers and employees?
• Do your top management show adequate support, and hold the cyber security team accountable on a regular basis?
• Do you have a proper and vetted backup and restoration policy and practice?

If any organisation has definite answers to these questions, it is safe to say that they have strong cyber security, these questions should not be taken as a comparison but as a checklist by various organisations to be up to date in regard to the technical measures and policies related to cyber security. Having a strong cyber security posture does not drive the cyber security risk to zero but it helps to reduce the risk and improves the fighting chance. Further, if a proper risk assessment is regularly carried out and high-risk cyber assets are properly protected, then the damages resulting from cyber attacks can be contained to a large extent.

On March 02, 2023, the Biden-Harris Administration unveiled the National Cybersecurity Plan to ensure that all Americans can enjoy the advantages of a secure digital environment. In this pivotal decade, the United States will reimagine cyberspace as a tool to achieve our goals in a way that is consistent with our values. These values include a commitment to economic security and prosperity, respect for human rights and fundamental freedoms, faith in our democracy and its institutions, and a commitment to creating a fair and diverse society. This goal cannot be achieved without a dramatic reorganisation of the United States’ cyberspace responsibilities, roles, and resources.

VISION- AIM

A more planned, organised, and well-resourced strategy to cyber protection is necessary for today’s rapidly developing world. State and non-state actors alike are launching creative new initiatives to challenge the United States. New avenues for innovation are opening up as next-generation technologies attain maturity and digital interdependencies are expanding. Thus, this Plan lays forth a plan to counter these dangers and protect the digital future. Putting it into effect can safeguard spending on things like infrastructure, clean energy, and the re-shoring of American industry.

The USA will create its digital environment by:

• Defensible if the cyber defence is comparatively easier, more effective, cheaper
• Resilient, where the impacts of cyberattacks and operator mistakes are lasting and little widespread.
• Values-aligned, where our most cherished values shape—and are in turn reinforced by— our digital world.

Already, the National Security Strategy, Executive Order 14028 (Improving the Nation’s Cybersecurity), National Security Memorandum 5 (Improving Cybersecurity for Critical Infrastructure Control Systems), M-22-09 (Moving the U.S. Government Toward Zero-Trust Cybersecurity Principles), and National Security Memorandum 10 (Improving Cybersecurity for Federal Information Systems) have all been issued to help secure cyberspace and our digital ecosystem (Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems). The Strategy builds upon previous efforts by acknowledging that the Internet serves not as an end in itself but as a means to a goal—the achievement of our highest ideals.

There are five key points that constitute the National Cybersecurity Strategy:

1. Defend Critical Infrastructure –

Defend critical infrastructure by, among other things: i) enacting cybersecurity regulations to secure essential infrastructure; (ii) boosting public-private sector collaboration; (iii) integrating federal cybersecurity centres; (iv) updating federal incident response plans and processes; and (v) modernising federal systems in accordance with zero trust principles.

2. Disrupt and Dismantle Threat Actors

Disrupt and dismantle threat actors, including by i) integrating military, diplomatic, information, financial, intelligence, and law enforcement competence, (ii) strengthening public-private sector collaborations, (iii) increasing the speed and scale of intelligence sharing and victim information, (iv) preventing the abuse of U.S.-based infrastructure, and (v) increasing disruption campaigns and other endeavours against ransomware operators;

3. Shape Market Forces to Drive Security and Resilience

The federal government can help shape market forces that drive security and resilience by doing the following: i) supporting legislative efforts to limit organisations’ ability to collect, use, transfer, and maintain personal information and providing strong protections for sensitive data (such as geolocation and health data), (ii) boosting IoT device security via federal research, development, sourcing, risk management efforts, and IoT security labelling programs, and (iii) instituting legislation establishing standards for the security of IoT devices. (iv) strengthening cybersecurity contract standards with government suppliers, (v) studying a federal cyber insurance framework, and (vi) using federal grants and other incentives to invest in efforts to secure critical infrastructure.

4. Invest in a Resilient Future

Invest in a resilient future by doing things like i) securing the Internet’s underlying infrastructure, (ii) funding federal cybersecurity R&D in areas like artificial intelligence, cloud computing, telecommunications, and data analytics used in critical infrastructure, (iii) migrating vulnerable public networks and systems to quantum-resistant cryptography-based environments, and (iv) investing hardware and software systems that strengthen the resiliency, safety, and security of these areas, (v) enhancing and expanding the nation’s cyber workforce; and (vi) investing in verifiable, strong digital identity solutions that promote security, interoperability, and accessibility.

5. Forge International Partnerships to Pursue Shared Goals

The United States should work with other countries to advance common interests, such as i) forming international coalitions to counter threats to the digital ecosystem; (ii) increasing the scope of U.S. assistance to allies and partners in strengthening cybersecurity; (iii) forming international coalitions to reinforce global norms of responsible state behaviour; and (v) securing global supply chains for information, communications, and operational technologies.

Conclusion:

The Strategy results from months of work by the Office of the National Cyber Director (“ONCD”), the primary cybersecurity policy and strategy advisor to President Biden and coordinates cybersecurity engagement with business and international partners. The National Security Council will oversee the Strategy’s implementation through ONCD and the Office of Management and Budget.

In conclusion, we can say that the National Cybersecurity Plan of the Biden administration lays out an ambitious goal for American cybersecurity that is to be accomplished by the end of the decade. The administration aims to shift tasks and responsibilities to those organisations in the best position to safeguard systems and software and to encourage incentives for long-term investment in cybersecurity to build a more cyber-secure future.

It is impossible to assess the cyber strategy in a vacuum. It’s critical to consider the previous efforts and acknowledge the ones that still need to be made. The implementation specifics for several aspects of the approach are left up to a yet-to-be-written plan.

Given these difficulties, it would be simple to voice some pessimism at this stage regarding the next effort that will be required. Yet, the Biden administration has established a vision for cybersecurity oriented towards the future, with novel projects that could fundamentally alter how the United States handles and maintains cybersecurity. The Biden administration raised the bar for cybersecurity by outlining this robust plan, which will be challenging for succeeding administrations to let go. Also, it has alerted Congress to areas where it will need to act.

References:

• https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/
• https://www.huntonprivacyblog.com/2023/03/02/white-house-releases-national-cybersecurity-strategy/
• https://www.lawfareblog.com/biden-harris-administration-releases-new-national-cybersecurity-strategy