Titled "Responding to Cognitive Security Challenges" it contains several different strands, and is described as "a collection of different efforts, united by a common goal: to identify some of the most critical security challenges in online environment and what can be done to counter them, and to determine the role of governments and state institutions in countering them."
Perhaps the interesting section is an examination by Sebastian Bay and Nora Biteniece of the risks posed to serving military personnel by social media and other cyber elements.
Our latest report “Responding to Cognitive Security Challenges” identifies most critical security challenges in online environment and determines the role of governments in countering them. Link to the study: https://t.co/IID9dnsv9Q
— STRATCOMCOE (@STRATCOMCOE) February 18, 2019
"A number of highly publicised cases during the last year have shown how an actor can collect and use this information in a malicious way to the detriment of users, the armed forces, and societies in general. We explore these risks by studying the foundations of the problem, and by conducting an experiment where we demonstrate how data can be collected and exploited within the context of a military exercise," says the introduction.
"The results of an experiment conducted by a NATO StratCom COE research team suggest that in the current digital arena an adversary would be able to collect enough personal data on soldiers to create targeted messages with precision, successfully influencing their chosen target audience to carry out desired behaviors," the report says.
Setting up fake online groups and using targeted messages during a military exercise, researchers said:
"Overall, we identified a significant amount of people taking part in the exercise and managed to identify all members of certain units, pinpoint the exact locations of several battalions, gain knowledge of troop movements to and from exercises, and discover the dates of the active phases of the exercise. The level of personal information we found was very detailed and enabled us to instill undesirable behavior during the exercise."
Interestingly, Instagram was particularly popular among soldiers during the exercise, Facebook was "a good starting point for identifying individuals and for mapping their links to other members of the armed forces" whereas "Twitter was rarely used during the exercise, and gave no useful information."
One particular vulnerability identified by the researchers is the "suggested friend" feature in social media accounts.
"As it stands now, this feature made it extremely easy for us to map out entire units and battalions by identifying only a single member of a unit," they conclude.
