Overview and Objectives
The DISARM Framework, supported by the EU-funded ADAC.io project, is a tool for identifying and mitigating Foreign Information Manipulation and Interference (FIMI). This review assesses its effectiveness, with input from user feedback, and evaluates its compatibility with frameworks like ABCDE and STIX to ensure its relevance for diverse stakeholders.
Key Findings
1. Stakeholder Use and Challenges
DISARM serves a wide user base, from analysts to civil society. While technical users value detailed techniques, others need simplicity for broader communication. Usability challenges include resource-intensive tagging, ambiguous technique descriptions, and inconsistent application due to differing interpretations of technique descriptions and the evidence required to apply them.
2. Framework Structure and Functionality
Some users prefer observable techniques over inferred ones, but they want clearer guidance and definitions of techniques. The current “Kill Chain” structure is seen as too rigid for influence operations, where early-stage disruptions are more effective than sequential modelling and individual techniques do not consistently map to the same kill chain stage.
3. Toolset Review
DISARM tools include Explorer, Navigator, and a Word Plug-In. While Explorer is widely used, Navigator and the Plug-In suffer from limited awareness and compatibility. Users seek multi-platform tools and automation to reduce the burden of manual tagging.
4. Compatibility and Integration with Other Frameworks
DISARM is often paired with frameworks like ABCDE and the Kill Chain. Technical users recommend integrating with platforms like OpenCTI and STIX to enhance structured data sharing and collaborative analysis.
Development Roadmap
A. Framework Enhancements
The roadmap proposes a flexible, modular structure to replace the “Kill Chain” model. Observable techniques will be separated from inferred assessments, and descriptions will include real-world examples and clearer taxonomy to reduce overlap.
B. Tools and Automation
Plans include multi-platform compatibility for the Word Plug-In and browser-based tools. Automation, including AI-driven tagging, will streamline bulk data analysis, while redesigned interfaces will improve usability for all users.
C. Interoperability
DISARM will expand integration with STIX via OASIS, facilitating seamless analysis of FIMI and cybersecurity threats. Simpler tools will also be developed for non-technical users.
Strategic Features and Recommendations
1. Narrative Codification
A narrative categorisation system will help analysts understand the cultural and contextual dynamics of FIMI campaigns.
2. Training and Support
Expanded training and clearer documentation will enable users at all skill levels to effectively use the framework and tools.
3. Global Adoption and Inclusivity
Efforts will focus on simplifying language and improving accessibility for non-English-speaking users to ensure global adoption.
4. Countermeasures (Blue Framework Development)
The upcoming Blue Framework will address countermeasures for overlapping threats like cybercrime, terrorism, and misinformation.
Concluding Remarks
DISARM has the potential to be a critical tool against FIMI. However, balancing technical sophistication with accessibility is key. Modular updates, informed by user feedback, will enhance its adaptability and effectiveness in meeting the needs of its diverse stakeholders.