Cybersecurity Disinformation Technology & Innovation

Issue Brief

May 10, 2021

What would Winston do? Cooperative approaches toward securing the Five Eyes information environment

By Daniel Dobrowolski, David V. Gioe, and Trey Herr

Table of contents

Executive summary

Language is an important carrier wave for information and disinformation alike. Given the global prevalence of English, the countries comprising the Five Eyes intelligence alliance should build upon existing proven frameworks to cooperate to secure their shared information environment. Working in real-time across these states to create a common picture of the threat environment and harmonized security and regulatory approaches would benefit defensive information space security efforts, as well as make the private sector a more effective and accountable security partner in the information space. Echoing the impassioned foresight of Winston Churchill, whose invocation to common cause shaped a political balance of power for three generations, this paper argues that the contemporary Five Eyes community would see fundamental benefits in uniting against a modern scourge of disinformation along the lines of classified information exchange models dating back nearly a century. This issue brief recommends steps toward a common regulatory environment for information platforms, greater civic defense, individual education, rapid liaison information exchange, adoption of existing best practices, and greater resources toward international research to support and refine electoral laws against evolving threats. 


The hostile manipulation of the digital information environment has been a quietly gathering storm for years, but the blitzkrieg of brazen Russian influence operations in 2016 during the US presidential election and Brexit referendum were finally heard “like a fire bell in the night,” to borrow Thomas Jefferson’s prescient characterization of the admission of Missouri as a slave state in 1820, more than forty years in advance of the US Civil War. Moscow’s clever disinformation efforts awakened many in the West, from tech companies to academics and politicians. But, there is far more work to be done to shore up Western defenses, especially as threat actors proliferate in the disinformation space and seem to outpace existing efforts to counter disinformation.

To date, US defenses against information operations have been conceptualized mostly at the national level. While there have been promising cooperative efforts across domestic silos, such as between the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA, a part of the Department of Homeland Security), there has been radically insufficient appreciation of the potential value, and near-term operational demands, of working with close allies at a more granular and specific level. National coordination is necessary, but hardly sufficient, to achieve an optimal posture to counter information-based threats.

Perhaps no one has made more of the common cause of the transatlantic English-speaking peoples across the Americas and Europe than Winston Churchill. As British prime minister during World War II, Churchill led his country to confront and defeat the biggest threat to Britain since Napoleon Bonaparte or the Spanish Armada. In the 1930s, it was Churchill who most loudly warned of the threat posed by Adolf Hitler’s Germany, and it was he who demanded “Action this day!” in October 1941, when his codebreakers at Bletchley Park were in dire need of resources to crack the German Enigma during the perilous Battle of the Atlantic. And, once the Americans joined the war as allies later that year, Sir Winston, famously interested in the work of his intelligence community, authorized sharing the most secret British national security programs with representatives from Washington. This practice of institutionalized transatlantic intelligence sharing was to be one of Churchill’s most consequential legacies.

The nascent partnerships at the codebreaking centers of Bletchley Park and Arlington Hall led to the wartime “BRUSA” agreement in 1943, and the post-war “UKUSA” intelligence-sharing agreement formalized Anglo-American burden sharing and nearly seemless interoperability in signals-intelligence collection and cryptanalysis. After the war, it was Churchill again who foresaw the coming ideological battle of the Cold War, noting its future contours during his “Iron Curtain” speech in 1946 while touring the United States. While Josef Stalin’s scientists were congratulating themselves on the mushroom cloud over their successful nuclear test in 1949, the UKUSA agreement mushroomed into what would become the Five Eyes intelligence alliance, comprising the United States, the United Kingdom (UK), Canada, Australia, and New Zealand. Today, this five-state partnership comprises the closest and most durable network of intelligence liaison relationships in history.

The West is now confronting a threat with a more public face, through which adversaries can reach out to citizens directly over social media.”

It may, therefore, be suitable to recall Churchill’s keen eye toward consequential global developments and his appreciation of intelligence sharing, and to emulate his dedication to confronting looming threats by linking the Five Eyes in joint accord against contemporary hostile manipulation of the English-speaking information environment. For more than seventy five years, the Five Eyes intelligence exchange and coordination have happened in the classified sphere, under a thick blanket of state secrecy. But, the West is now confronting a threat with a more public face, through which adversaries can reach out to citizens directly over social media. The response requires more public engagement, something intelligence agencies are not well suited to do, and a task they should not necessarily take on.

This requires a reimagining and reordering of how governments engage with their constituents, likely through new agencies with a public-facing mandate. Thus far, the British have led the way with the UK National Cybersecurity Centre (NCSC), widely seen as a public-facing body that harnesses some of Government Communications Headquarters’ (GCHQ’s) sensitive collection and analysis for public consumption. The support that the National Security Agency (NSA) and Cyber Command give to CISA is another model for how governments can assess and share cybersecurity and warnings about information operations with the public. If this vertical process can take top-secret intelligence and make it usable for the public, can a lateral process across Five Eyes civil societies do even better?

National Security Agency headquarters, Fort Meade, Maryland
Source: National Security Agency

Five Eyes liaison provides a proven model for the way ahead

Indeed, like the threat of Nazi Germany in Churchill’s era, the threat obviously and urgently transcends national boundaries. So should the response. While such hostile activity across social media is known by many names—including information warfare, political warfare, narrative control, or influence operations—it is not great hyperbole to claim that how those in the Five Eyes alliance countries identify, conceptualize, and address these efforts could endanger democratic governance as much as any conventional or military threat. Recent reports reveal the alarming extent to which Russian influence has penetrated US, British, and Canadian politics. This is the tip of the disinformation iceberg. The integrity and legitimacy of electoral practices, and even the very social fabric in Five Eyes countries, is under more strain now than ever, particularly as foreign interference works in parallel and in supplement to the arguably much larger threat of domestic-driven disinformation and anti-democratic action.

While inter-allied intelligence sharing can be fraught in matters concerning domestic actors, it remains greatly advantageous when it comes to campaigns of a foreign origin. Crucially, however, beyond the intelligence sphere, coordination, information sharing, and policy harmonization across the Five Eyes are critical first steps toward internationalization of a common response to adversarial influence operations, which can be based on the model of long-standing and intimate intelligence partnerships. In fact, the groundwork for such coordination and sharing already exists, as exemplified by the Five Eyes network. The political will and interallied trust, the foundational ingredients, have been developed and strengthened since the beginning of World War II. Since the earliest days of Bletchley Park, there have been Signals intelligence liaison officers embedded in Five Eyes partner Sigint agencies, negotiating division of labor, ensuring timely intelligence exchange, and working against common targets.

The scope of the problem and the fraught policy responses seem even more daunting given how countries have struggled to confront Russian disinformation on a national basis. Yet, much can be done together, since most of the disinformation or propaganda content that the Russians (and other states) put out is in English. And, increasingly, English is the lingua franca for global commerce and cultural exchange, meaning that content put out in English has the highest probability of maximum digital engagement across the Internet and social media. This is why Russian propaganda bullhorns—the ostensible news networks RT (formerly Russia Today) and Sputnik—both have robust presences in English. And, the Russian Internet Research Agency (IRA, the troll farm) has put out primarily English-language content.

Cooperative solutions

The manipulation of the information environment is something to which too many politicians and citizens have paid scant attention, excepting, of course, those consciously involved in the practice themselves. But, this has begun to change, and the increased attention that social media influence operations have gained since 2016 must not be left to wane.

While the Russians have adjusted their tactics, their strategy endures. According to FBI Director Christopher Wray, as in 2016, Russia was seeking to influence the outcome of the 2020 US election. But, it is not just Russia that policymakers must worry about—nor, for that matter, foreign states alone. While the Russian IRA is admittedly the most talented organization in this area, the silver- and bronze-medal winners (China and Iran) pose Olympic-caliber digital threats as well. Beyond the usual suspects, a proliferation of state and non-state actors exists in the social media sphere, using a continually evolving range of techniques to pollute, manipulate, and distort the flow of information in pursuit of a variety of strategic interests.

Five Eyes governments around the world have, belatedly, begun to wake up to the reality of a new era of subversive influence—with lines between foreign and domestic manipulation perhaps hardest to draw.”

Five Eyes governments around the world have, belatedly, begun to wake up to the reality of a new era of subversive influence—with lines between foreign and domestic manipulation perhaps hardest to draw. In the United Kingdom, for example, the recent and long-awaited Russia Report detailed the pervasiveness of the power of individuals with links to the Russian state within the British political system. Likewise, a recent Canadian government memo warns, “Foreign adversaries and competitors are increasingly targeting Canada in order to advance their own economic and national security interests.” Further, Canada “is a target of foreign state efforts to interfere with or damage our democratic processes (cyber and non cyber).” While the Canadian government did not call out Russia like the British report did, there is little doubt that Russia is at the head of a group of actors that has Canadian officials worried.

Seeking to place Russia alongside other digital threat actors, the majority of the authors’ recent paper published in the Royal United Services Institute Journal examined two recent threats to the British information environment, including its manipulation during the British referendum on the European Union and within the context of Gulf Cooperation Council politics. The findings are clear that myriad actors contribute to online political discourse, but, as the paper suggests, sunlight is the best disinfectant when enabled by specific policies. The authors argued that the health of the information environment surrounding democratic processes is best safeguarded via three main policy approaches.

First, regulation for the purpose of moderating social media content is warranted, but should be used cautiously. Tech companies do bear responsibility for enforcing standards across their platforms, as this paper will explore below, but the authors urge judicious and restrained regulatory efforts when it comes to content moderation in particular, so that reasonable moderation does not morph into general prescriptions for firms to police online speech. Second, civic education is a critical but neglected tool for helping the public cope in an information environment under siege, especially by improving standards in digital media literacy. Finally, using ongoing research to enforce and inform electoral laws is essential to ensuring that domestic political actors ameliorate, rather than exacerbate, the proliferation of disinformation.

Operational collaboration with technology firms

It can be tempting to react to foreign influence operations by regulating the public’s access to, or engagement with, information. Doing so, however, is a slippery slope that can lead to Western governments becoming much more like their autocratic adversaries than intended.

Detecting, removing, and countering misinformation on social media at speed and scale is no easy task. It is even more difficult to do so without infringing on freedom of speech. Drawing the line between legitimate and illegitimate speech online requires extensive human involvement beyond algorithms developed to identify violations. Given the difficulties involved with drawing that line, the responsibility should not be thrust upon tech companies alone. Users do not forfeit their civic or moral obligation to engage critically with their sources of information, no matter the platform.

Major technology companies bear responsibility as well, especially in their speed of response to fraudulent accounts, transparency in response to governmental oversight requests, commercial usage of user data, and a dizzying array of content promotion, filtering, and presentation algorithms that distort the shape of online discourse. Here, consistency in expectations and clarity of regulatory intent can help Five Eyes countries a great deal. Even firms like Facebook and Google, whose existence surely registers on some interplanetary capitalist Richter scale, suffer from the costs and confusion of playing tug of war with five different states and myriad regulators all at once. The constituent members of the Five Eyes alliance can aid their cause to facilitate more rapid responses to misinformation, more holistic changes to counter these poisonous narratives, and better resilience to the information environment by working effectively with the largest information-platform providers. The best way to accomplish this would be to do the following.

  1. Create a mechanism of information policy reciprocity between the five states, similar to reciprocal mechanisms in cooperative export-control vehicles. It must be emphasized that content specifically relating to individual citizens, which may be subject to differing privacy regulations between states, is not the sort of information the authors have in mind. Rather, large-scale networks of threat activity, such as that identified in the aforementioned paper, are useful for monitoring manipulation of the information environment as it occurs.
  2. Deliver on the vision of an information-sharing clearing center or ‘hothouse’, where states and companies alike can flag new threats and campaigns in real time. This could well start as working groups adjacent to an existing policy coordination/deliberation body, and may well spend years developing into an increasingly robust network, rather than a single new institution and the associated startup challenges.
  3. States must better understand what communities within this anglosphere they recognize as most vulnerable vs. most active and malicious. Tied to this question of audience segmentation, states and firms must work together to specify the behaviors of these two communities, as they vary between specific products. TikTok, YouTube, and Instagram all share the capacity for video content, but they encourage, and are designed and used toward, different behaviors. All stakeholders must work to better understand their battlespaces.

Harmonizing regulations for platforms, which organize along similar jurisdictional and linguistic lines, would create clear expectations for companies. These changes would also help states and companies alike to respond more quickly, and with greater coherence of action, to these evolving threats. For states as well, this Five Eyes cooperative would provide a measure of confidence that the informational flanks are covered. Total harmonization is admittedly a gargantuan task given the incongruity between US regulations, in particular, and those of other Five Eyes nations, but that does not mean that segmentary steps to establish norms and precedents are not without value. This proposal is a step toward greater policy harmonization, while recognizing the end state should be closer to effective complementarity than to universality. 

Civilian defense and education

Individuals play the most important role to use critical thinking to distinguish between authentic and “fake” news; with the right efforts at civic education and media literacy, this can be greatly improved. Governments of democratic states should not seek to silence domestic actors in a one-size-fits-all approach. Rather, they have a responsibility to provide for the media literacy of their citizens beginning in elementary education.

A lack of critical thinking makes influencers and voters across all social strata highly susceptible to manipulation of the information environment. In fact, research suggests that the rapid flow of information associated with social media discourages rational thinking in favor of emotional and heuristic reasoning. Digital media literacy, therefore, should be an important aspect of the education system. Canada leads the way in the English-speaking world with its Centre for Digital and Media Literacy offering resources for young children, teachers, and parents, and the timely return of the beloved House Hippo offering techniques for digital literacy. As two of the authors have argued in the Journal of Cyber Policy, “patching of the social layer” is an integral, but often overlooked, aspect of information security, and the fact that previous attempts at disinformation “inoculation” have proved successful suggests that it is a worthwhile endeavor and ought to feature prominently in civic education. Tailoring resources to those communities most targeted by misinformation and disinformation, often minority or vulnerable groups, might also be considered. The authors emphasize, however, that an engaged and critical population requires a foundation of trust, meaning the funding of fact-checking organizations and educational campaigns must be complemented by higher standards of integrity for media and political organizations, both online and offline.

While the Five Eyes alliance often confronts threats in the context of an intelligence alliance, it can learn much from other Western democracies in terms of sharing best practices. The Swedish Civil Contingencies Agency (MSB), which is responsible for civil defense and acts to educate the public and private sectors on digital threats, is a useful model here. For instance, in 2016, the MSB produced an assessment of the Swedish media landscape to identify and advise on potential vulnerabilities—a strong initial step providing the more comprehensive information environment mapping that the authors recommend for the transatlantic anglosphere.

Neighboring Finland, for example, leads the world in digital media education, and scores among the very highest of countries in indices relating to the strength of its democracy and the digital literacy of its population. In the age of relentless disinformation that seeks to exploit social fissures, social cohesion is a national security imperative. Finland’s emphasis on media literacy thus provides leadership and an invaluable source of inspiration to democratic governments elsewhere. But, this must be caveated with the fact that Finland has a much smaller and more ethnically homogenous population than many Western countries and a language that is not commonly spoken beyond its borders, making it more difficult to target. Thus, while Finland does not face the scale of the threat that the anglophone world does, the effort at civic competency in media literacy should be emulated and understood in the context of national defense.

Confronting disinformation presents an opportunity—particularly for those NATO members struggling to meet the 2-percent-of-gross-domestic-product spending commitment—to: invest in mapping the information environment; develop the information-environment equivalent of storm tracking and pollution monitoring; identify early-warning indicators to proactively find and address adversarial campaigns targeting citizens; and translate this awareness into broader education campaigns that train the population to cope in an information age. The authors also aver that, in the same way that Five Eyes liaison officers are posted to allied capitals, this process should be replicated with dedicated liaison officers between the public-facing bodies. For instance, an exchange of representatives between the British NCSC and US CISA would be well positioned to be the central locus for harmonizing and coordinating supranational responses to hostile disinformation and motivating broader civic response. 

Ongoing research to support and evolve election laws

At its heart, civic education must be informed by ongoing research, and so must the enforcement of electoral laws. It is clear that relevant electoral bodies (the Federal Election Commission in the United States, the Electoral Commission in the UK, and the Office of the Chief Electoral Officer in Canada) must reconsider electoral spending rules in the online information space.

What was once the purview of the well resourced with the means to reach voters is now open to anyone (or any organization) with an Internet connection and a reasonable amount of communications savvy, as the IRA showed in both the 2016 presidential election and the British EU referendum. The ability to target and reach audiences abroad in novel and cost-effective ways has opened the opportunity for malign foreign actors to shape the domestic information environment. Such efforts are unlikely to comprise an entirely separate campaign; rather, they support and intermingle with existing domestic ones, further blurring the lines between legitimate and illegitimate activities and the perennially troubling seam between “foreign” and “domestic” for intelligence and security services.

A more comprehensive baseline mapping of the information environment would involve a detailed understanding of the actors operating within it, both foreign and domestic, as well as their capabilities, intent, and funding sources. This information can, thus, be presented to the relevant electoral body in the run-up to major elections such that claims of electoral law breaches may be handled swiftly, effectively, and transparently. This might be overseen by a new apolitical public body if necessary, but must crucially include input from both academic studies and experts in the private sector, including social media companies themselves.

While the recent Russia Report posits that the British government had “badly underestimated the Russian threat and the response it required,” including within the context of electoral influence, the United Kingdom’s Defending Democracy program aims to provide some capability in preserving election security by monitoring and responding to emerging threats during elections, and by inviting politicians, academics, regulators, and other third parties to collaborate. One promising New World manifestation of the recognition of the need for such cross-cutting partnership is the Partnership for Countering Influence Operations sponsored by the Carnegie Endowment for International Peace. This effort is a critical vehicle for the sort of research that must be done to understand and counter influence operations.

Further restrictions on digital campaign fundraising and advertising spending may be required, with separate consideration for digital tools, data access, and online advertising, supported by platform transparency and cooperation with the research community. As emphasized by the University of Oxford’s Computational Propaganda Research Project, it is important to establish coherent rules in advance of elections. Unclear rules are a vulnerability that both domestic and foreign actors can readily exploit. Indeed, the Capitol riots of 6 January 2021 starkly revealed the sort of carnage that repeated claims of illegitimate elections can cause.  And, while foreign actors are likely to continue to disrupt Western information environments, clarity in both the expected norms and the origin of campaigns will allow the government—and, indeed, the population—to hold them to account.

Forward together

The digital security malaise within the Five Eyes is not terminal, nor does it mean that the will of the electorate is destined to be compromised or that electoral outcomes will be made illegitimate in the future. The information environment is a protean beast of constant change, and is subject to enormous observation bias. Education and skill development must always be iteratively applied—and regulatory and legal frameworks regularly reviewed—to keep pace with a dizzying pace of technological and social change. Seeking out new opportunities, updating existing frameworks and liaison mechanisms to work with allies, sharing information in real time, harmonizing regulatory approaches, and adopting best practices from other Western countries are key ingredients in confronting disinformation. 

Geopolitical competition is increasingly being waged in and through the information space. Increasing societal resilience in the face of information warfare is nothing short of an urgent and enduring matter of collective national defense, within the transatlantic anglosphere and beyond. To meet this challenge, as Churchill would have suggested, “let us go forward together.”

*This paper does not necessarily represent the views of the Department of Defense or the United States Government. 

About the authors

Daniel Dobrowolski is a researcher and senior physicist at Coltraco Ultrasonics and Head of the forthcoming Durham Institute of Research, Development, and Invention and its Centre for Underwater Acoustic Analysis. His work involves the research and development of novel technologies in the fields of acoustics, electromagnetism, and information engineering. Daniel holds a master’s in Theoretical Physics from the University of Durham and is a graduate of the Cambridge Security Initiative International Security and Intelligence Programme. His interests include science & technology and the social and political impacts thereof, particularly relating to matters of defence, intelligence, and security. He is a published scholar with the Royal United Services Institute. Daniel is a dual British-New Zealand national currently residing in London.

David V. Gioe is visiting professor of intelligence and international security in the Department of War Studies at King’s College London and director of studies for the Cambridge Security Initiative. He is also history fellow for the Army Cyber Institute at West Point. 

Dr. Trey Herr is the director of the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security at the Atlantic Council. His team works on cybersecurity and geopolitics including cloud computing, the security of the internet, supply chain policy, cyber effects on the battlefield, and growing a more capable cybersecurity policy workforce. Previously, he was a senior security strategist with Microsoft handling cloud computing and supply chain security policy as well as a fellow with the Belfer Cybersecurity Project at Harvard Kennedy School and a non-resident fellow with the Hoover Institution at Stanford University. He holds a PhD in Political Science and BS in Musical Theatre and Political Science.

The Atlantic Council’s Digital Forensic Research Lab (DFRLab) has operationalized the study of disinformation by exposing falsehoods and fake news, documenting human rights abuses, and building digital resilience worldwide.

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

Related Experts: Trey Herr

Image: Feature image: An aerial image of the Government Communications Headquarters in Cheltenham, Gloucestershire. Source: UK Ministry of Defence