| NOTAS: | "The EU Agency for Cybersecurity (ENISA) and the European External Action Service (EEAS) have joined forces to study and analyse the threat landscape concerning Foreign Information Manipulation and Interference (FIMI) and disinformation. A dedicated analytical framework is put forward, consistent with the ENISA Threat Landscape (ETL) methodology, with the aim of analysing both FIMI and cybersecurity aspects of disinformation. The concept of Foreign Information Manipulation and Interference (FIMI) has been proposed by the EEAS, as a response to the call of the European Democracy Action Plan for a further refinement of the definitions around disinformation. Although disinformation is a prominent part of FIMI, FIMI puts emphasis on manipulative behaviour, as opposed to the truthfulness of the content being delivered. Several strategic documents, such as the Strategic Compass for Security and Defence and the July 2022 Council Conclusions on FIMI, refer to the importance of countering FIMI as well as hybrid and cyber threats. Accordingly, in light of broader hybrid threats that cross different domains, one of the main motivations behind this report is to identify ways to bring the cybersecurity and counter-FIMI communities closer together. The ambition is to provide an input to the on-going and ever-pressing discussion on the nature and dynamics of information manipulation and interference, including disinformation, and on how to collectively respond to this phenomenon. The report proposes and tests an analytical approach describing FIMI and manipulation of information, as well as the underlying cybersecurity elements, by combing practices from both domains: - For cybersecurity: The open methodological framework used by ENISA’s annual report on the state of the cybersecurity threat landscape, the ENISA Threat Landscape Reports3 - For FIMI: The open-source DISARM framework used to capture FIMI/disinformation By testing the framework on a limited set of events, the report serves as a proof of concept for the interoperability of the frameworks." |
