Speech/statement | Date: 13/02/2020 | Ministry of Foreign Affairs
By State Secretary Audun Halvorsen (Oslo, 13 February)
State Secretary Audun Halvorsen's statement at the seminar "Hacking Democracy: Influence Operations in the Digital Age" by the Norwegian Atlantic Committee and the Norwegian Defence Research Establishment.
Ladies and Gentlemen,
Thank you to the Norwegian Atlantic Committee (DNAK) and to the Norwegian Defence Research Establishment (FFI) for the invitation to speak here today.
“Set the stage”
Malign influence operations by foreign actors are hard to detect in a technological and globalized society. They are also contentious political issues, as we have seen in several Western countries over the past few years.
Earlier this week, the Norwegian Intelligence Service released its annual unclassified threat assessment with a whole, separate chapter (15 pages) dedicated to the topic of influence operations and threats in the digital domain.
Although foreign influence operations in our assessment have had limited impact in Norway so far, we are monitoring the issue very closely and should remain vigilant.
The government has taken a number of measures to build national awareness, resilience and international partnerships to prevent and combat malign and unwanted influence operations. I will return to this later, but first: What are we actually talking about? The nature of the beast, so to say.
“What are we talking about”
Conceptually, it makes sense to categorize “influence operations” as a part of what we call hybrid threats. It is hard to find a commonly agreed definition of hybrid threats, especially as this has trown into the buzzword of the last six years, but certain elements are central in key descriptions/definitions:
- Hybrid threats are a mix of different instruments/means: Diplomatic, military, economic, judicial, intelligence or information-related. Consequently, there is a wide range of possible scenarios and incidents that could be included in the concept.
- Both state and non-state actors employ hybrid means or tactics. The blurred distinction between state and non-state activity, adds to the challenge.
- Hybrid activities are specifically designed to be difficult to detect and attribute. They are tailored to remain below response thresholds. They cross sectors and borders.
- They seek to create confusion, doubt and chaos. The aim is to influence public opinion, hamper effective decision-making and undermine public trust and political unity.
- At worst, hybrid activities can challenge states’ fundamental security and political integrity.
Hybrid activities – not a new phenomenon
Hybrid activities and influence operations are not a new phenomenon. Far from it. It has deep roots in military strategy and tactics.
Just read the ancient Chinese military strategist Sun Tzu, The Art of War.
Or take a look at modern, western history.
For instance, there is a story from the early days of the Second World War, where the Nazis managed to get U.S. newspapers to publish a fake document, allegedly from Polish’ archives, claiming that U.S. president Roosevelt had encouraged Poland to attack Germany. The intention was to portray Roosevelt as a “warmonger” and to derail Roosevelt’s hopes of reelection. This influence operation did not succeed. As we all know, Roosevelt got reelected.
What is new and different in the digital age is the technology. News are spreading much faster and further than before. Social media plays a crucial role in this. In addition, “big data” and advanced algorithms, allow news to be tailored to reach and affect specific audiences. (Ahead of the last presidential elections in the U.S., Cambridge Analytica claimed to have more than 5000 data points on each of tens of millions of voters).
People tend to seek news outlets that confirm their established views. Fake news and alternative truths are even more effective in echo chambers. All of these trends make digital influence operations a potentially potent weapon.
What do we do?
So, how do we meet these challenges? What should be our strategy?
These are complicated questions. In the interest of time, let me focus on a few key elements in our strategy, namely awareness, resilience and partnerships.
First, on awareness.
The individual tools and methods of hybrid threats are well known. Their combined and overall effect is much harder to detect and assess. Their long-term effects can be particularly hard to predict.
We need to increase our knowledge and understanding of the combined use of tools and tactics. We need to build situational awareness that connects the dots across sectors – both in a short and long-term perspective.
And we need to increase the awareness at all levels in our society – from ordinary citizens to private businesses and politicians.
Cross-sectoral communication is crucial to connect the dots and be aware of malicious activities. The Norwegian Government has implemented inter-ministerial plans and put in place structures and networks that address these issues. The structures also include private businesses, organizations and local actors. Norway’s awareness has increased as a result.
Second, we need to strengthen our own resilience.
This is particularly important before, during and after political events such as elections. Last fall, a number of ministries, the Directorate of Elections, Directorate for Civil Protection and Emergency Planning, the Norwegian Intelligence Service, the Norwegian Police Security Service, the Norwegian National Security Authority and the the Norwegian Media Authority, all worked together in a cross-sectorial awareness campaign. The aim was to counter any undue interference during the execution of our municipal and county council elections. We will continue that effort in preparation for next year’s parliamentary elections.
Making our society more resilient to hybrid-threats is an important priority for the government. Not only do we monitor developments and trends. We take concrete measures that strengthen our resilience.
- In 2019, we launched a new national strategy for digital security. The aim is to have a common basis for handling digital security challenges, across sectors and with extensive public and private cooperation.
- One of the measures of the strategy is the establishment of the National Cyber Security Center. The center will help protect basic national functions, public administration and private business from digital attacks.
- The government has also established a National Cybercrime Centre. The center has an important role in preventing, combating and investigating crime online.
- The establishment of these centers – one for the security authorities and one for the police – is a major national boost for the work in handling digital security challenges.
Hybrid activities are designed to exploit our national vulnerabilities. We might not be able to stop all of the threats, but we can improve our own ability to detect, identify and handle them. And bolster the resilience of our population, infrastructure and institutions.
Public-private cooperation matters. Not only because private companies can be targets of hybrid threats, but because they are central in detecting, identifying and responding to such threats. Action taken by the tech and social media industry to spot and close fake accounts, is a case in point.
Our open and trust-based societies may be exploited.
Our dependency on technology can make us vulnerable.
However, these qualities are also at the core of resilience. A well-informed population, living in a vibrant democracy, is also less receptive of disinformation We have to build resilience without compromising on the principles and institutions on which our societies are built.
Third, as the security landscape is becoming more challenging, it is even more important to work together in partnership with our closest friends and allies.
Hybrid threats cross not only sectorial divisions, but also national borders. Methods and tools tested in one country may easily and quickly be employed in other countries when the actor using them sees new opportunities or needs.
We have to meet such challenges with broad international cooperation.
We have to share information and exchange views on each other’s threat perception.
And we have to learn from each other’s experiences.
Allies may be the target of similar and simultaneous attacks. Established routines and networks for early warning and a rapid ability to consider common response, are crucial.
Norway therefore cooperates closely with our allies and partners in Nato and the EU. We support Nato-EU cooperation within this field. We participate in the “Centre of Excellence for Countering Hybrid Threats” in Helsinki, and a number of other international groups and networks where we can share experiences and information among allies.
We may not be able to stop all of the threats, but together we can make them more difficult and costly to employ, as well as less effective.
In sum, the complexity of the challenges at hand requires constant work. We can never cease to develop and refine our analyses, strategies and tools. And we need to continue our pursuit for multifaceted responses and deeper coordination – nationally, regionally and internationally.
I am certain this conference will be a valuable contribution. Thank you.