About ADAC.io
Based on the concept of Foreign Information Manipulation & Interference (FIMI) as elaborated by the EU EEAS, the purpose of ADAC.io is to protect democracy in the EU by strengthening the ability to deny the intended effects of FIMI on society.
ADAC.io aims to significantly develop upon current knowledge of how FIMI can be detected, categorised, analysed, shared, and countered.
This will be achieved through a series of coordinated contributions to the DISARM Framework, the NATO-Hybrid COE Attribution Framework, STIX 2.1, OpenCTI, ABCDE, and the FIMI countermeasures toolbox.
This approach acknowledges the importance of TTPs and common data handling standards to the ability to attribute FIMI actors and further positions TTPs within the broader analytical processes that are necessary to develop countermeasures.
In addition to establishing improved technical standards and operating procedures, ADAC.io will generate research knowledge that can support better decision-making about FIMI countermeasures.
For example, the project will conduct research on the public impact of attribution, research methods for linguistic and visual analysis, develop an understanding of how cross-platform manipulation evades traditional analysis methods, as well as establish a dataset of previous FIMI interventions.
ADAC.io includes a specific component on gendered disinformation designed to better integrate gender into the technical formats.
Finally, the project will work closely with a community of practice that includes the EU EEAS, representatives of member states, civil society, and journalists/European Digital Media Observatory (EDMO).
Aims of the project
The ADAC.io project aims to protect democracy in the EU by strengthening the ability to deny the intended effects of Foreign Information Manipulation & Interference (FIMI) on society.
The consortium partners work to achieve this by:
1. Advancing Detection, Analysis, and Attribution of FIMI
2. Contributing to International Frameworks and Standards (including the DISARM Framework, the NATO-Hybrid COE Attribution Framework, STIX 2.1, OpenCTI, ABCDE, and the FIMI countermeasures toolbox.)
3. Conducting Research to Support Decision-Making about FIMI countermeasures
Terminology
FIMI
(Foreign) Information manipulation and interference describes a mostly non-illegal pattern of behaviour that threatens or has the potential to negatively impact values, procedures and political processes. Such activity is manipulative in character, conducted in an intentional and coordinated manner, by state or non-state actors, including their proxies inside and outside of their own territory.
TTP’s
In the context of FIMI, “Tactics, Techniques, and Procedures” are patterns of behaviour used by threat actors to manipulate the information environment with the intention to deceive. Tactics describe operational goals that threat actors are trying to accomplish. Techniques are actions describing how they try to accomplish it.
Procedures are the specific combination of techniques across multiple tactics (or stages of an attack) that indicate intent and may be unique for different threat actors.
DISARM Framework
Disinformation Analysis and Risk Management is an open-source framework designed for describing and understanding the behavioural parts of FIMI/disinformation. It sets out best practices for fighting disinformation through sharing data & analysis, and can inform effective action. The Framework has been developed, drawing on global cybersecurity best practices.
OpenCTI
Open Cyber Threat Intelligence Platform is a platform meant for processing and sharing knowledge for cyber threat intelligence purposes. It has been developed by the French national cybersecurity agency (ANSSI) along with the CERT-EU (Computer Emergency Response Team of the European Union).
STIX 2.1
Structured Threat Information Expression (STIXTM) is a data format used to encode and exchange cyber threat intelligence (CTI). It can also be used to share insights on FIMI incidents.