Organizations from Around the World Come Together to Define the Defending Against Disinformation Common Data Model (DAD-CDM)
Boston, MA – 16 November 2023 – OASIS Open, the international open source and standards consortium, launched the DAD-CDM project, an open source initiative to develop data exchange standards for normalizing and sharing disinformation and influence campaigns. DAD-CDM will serve as a valuable resource, particularly in the identification and alerting of AI-empowered attacks.
“DAD-CDM won’t try to define disinformation. Instead, the standard will offer a framework for assessing both technical and non-technical aspects of disinformation campaigns. This will alert influence operation (IO)-fighting teams worldwide and give them the means to communicate their analyses using a standardized language. The ultimate decision on classifying an attack as disinformation rests with analysts,” said Jean-Philippe Salles of Filigran, co-chair of the DAD-CDM Project Governing Board (PGB).
In the context of IO campaigns, AI-driven attacks often exhibit remarkable sophistication and adaptability. The use of AI as a tool can exacerbate the impact of these operations and is a growing concern. A common data model, such as DAD-CDM’s data exchange standards, will provide a structured and standardized approach for sharing critical information regarding these AI-empowered attacks, thus enabling early detection, rapid alerting, and improved response strategies. This will enable stakeholders, including governments and cybersecurity experts, to effectively identify, counter, and mitigate the influence of AI in propagating disinformation and interference campaigns, ultimately reinforcing our defenses against this evolving and pervasive challenge.
“In a world characterized by increasing global division exacerbated by the proliferation of IO campaigns including disinformation, misinformation, and FIMI, it becomes increasingly evident that a shared data model is imperative. Such a model would streamline the sharing and analysis of information concerning influence operations, allowing for a unified approach in response coordination and resource allocation,” said Dr. Georgianna Shea of the Foundation for the Defense of Democracies, co-chair of the DAD-CDM PGB. “The DAD-CDM, in the realm of influence operations, serves a purpose akin to what MITRE ATT&CK accomplishes in the context of cyber-attacks. Both are indispensable instruments, essential for navigating the intricate and multifaceted terrain of contemporary threats, ensuring a more cohesive and effective response strategy.”
Building upon the OASIS Structured Threat Information eXpression (STIX) threat intelligence sharing standard, DAD-CDM will leverage models, protocols, and policies widely used today in the cybersecurity field. DAD-CDM will focus on manipulative behaviors and so will also expand on the DISARM Framework, which standardizes the codification of adversary behavior Tactics, Techniques, and Procedures (TTPs).
“The concept of ‘defending’ involves real-time action and strategic planning to confront the threat of disinformation, which poses a significant threat to peace, democracy, and critical policy areas like pandemics and climate change,” said Pablo Breuer, Ph.D., Chair, DISARM Foundation. “DAD-CDM offers several advantages, including faster alert sharing, easier response coordination, increased report sharing, and the ability to compare and contrast actor behavior over time. Together, we will create a stronger defense against the spread of disinformation and online harms and help safeguard the integrity of information worldwide.”
Leadership and funding for the project are provided by AdTechCares, Crisp, Cyabra, Debunk.org, DISARM Foundation, Filigran, Foundation for Defense of Democracies, Global Disinformation Index, Johns Hopkins University Applied Physics Laboratory, Limbik, Logically, MarvelousAI, and sFractal Consulting. Participation in the DAD-CDM Open Project is open to all interested parties. Contact firstname.lastname@example.org for more information.
Support for the DAD-CDM OP
“Crisp has witnessed a transformation in the scale and maturity of disinformation threats that we support our partners in tackling, particularly with the recent surge in generative AI. Being part of this common approach within the DAD-CDM project is an important development that Crisp is proud to support. We eagerly anticipate the collective industry advancement in countering disinformation that this partnership promises, in the face of ever more sophisticated bad actor networks.”
– David Hunter, VP Trust & Safety, Crisp
“Social media is the new attack surface and the fastest-growing arena for bad actors. Ten years after the creation of the ATT&CK framework, which has helped guide the growth of the cybersecurity sector, Cyabra is excited to join OASIS Open and lead the emergence of the formal counter-disinformation industry.”
– Rafi Mendelsohn, VP Marketing, Cyabra
“The creation of a common language and model through the DAD-CDM initiative is pivotal for professional FIMI defenders. It significantly enhances our efficiency in responding to FIMI attacks. As the Head of Debunk.org, I am proud to join this initiative that promises to unify and strengthen our efforts against the sophisticated FIMI attacks threatening our information landscape.”
– Viktoras Daukšas, Head of Debunk.org
“To effectively identify and expose foreign manipulation before it negatively impacts our democracies, we need to quickly establish a comprehensive threat overview. STIX enables this by connecting the dots. For example, with STIX we will be able to assert, ‘Another community member already analyzed this inauthentic Facebook account and shared their report,’ or ‘These specific deceptive behaviors strongly resemble prior election interference campaigns by this nation-state.’ To address hybrid threats such as cyber-enabled influence (e.g., hack-and-leak) or influence-enabled cyber (e.g., clickbait) we need to model Indicators of Compromise (IOCs) and Indicators of Manipulation (IOMs) in the same way. With STIX we will be able to do that.”
– Stephen H. Campbell, CTO, DISARM Foundation
“OASIS Open’s DAD-CDM initiative is a pivotal step forward in addressing the growing challenges of online disinformation, particularly FIMI. At Filigran, we recognize that tackling this multifaceted problem requires collaboration and unified efforts. We’re proud to support a project that not only builds on the trusted foundation of the STIX cybersecurity standard but also fosters real-time, scalable defenses against AI-powered threats, ensuring a more secure and trustworthy digital environment for all.”
– Samuel Hassine, Co-founder & CEO, Filigran
“In the years Limbik has been leveraging cognitive AI against disinformation, we have seen incredible progress and ingenuity within the community. This new project is an extremely promising advancement, bringing the best technology, insights, and lessons learned together towards the vaunted whole-of-society response that is desperately needed. A common approach to disinformation that aligns academia, industry, government, and non-profits toward proactive resilience building and risk mitigation represents a huge advancement in an increasingly risky world.”
– Robert Schaul, VP Strategy, Limbik
“The sheer scale of the disinformation threat facing global society is vast and requires coordinated collaboration from a host of stakeholders if we are to limit the impact of bad actors who utilize disinformation campaigns to cause confusion, disruption and harm. We are delighted to be a part of the DAD-CDM project and look forward to working with our partners to detect disinformation campaigns earlier and improve our response strategies.”
– Lyric Jain, CEO, Logically
“In the pursuit of truth and transparency, we are excited to harness the collective power of open-source, guided by the STIX and TAXII standards, to illuminate the shadows cast by information influence operations.”
– Danielle Deibler, Co-founder and CEO, MarvelousAI
“Standards are essential in countering disinformation influence campaigns because standards provide a common framework and guidelines for identifying, mitigating, and preventing disinformation. Standards promote sharing which helps level the playing field and ensures consistency in response strategies. Utilizing standards allows authorities, organizations, and individuals to better coordinate efforts, mitigate the spread of disinformation and safeguard the integrity of the information ecosystem.”
– Duncan Sparrell, Chief Cyber Curmudgeon, sFractal Consulting
- DAD-CDM FAQ
- STIX is complemented by the OASIS Trusted Automated Exchange of Intelligence Information (TAXII) standard, a protocol used for the secure exchange of cyber threat intelligence.
- Foreign Information Manipulation and Interference (FIMI) is defined as a “mostly non-illegal pattern of behavior that threatens or has the potential to negatively impact values, procedures and political processes. Such activity is manipulative in character, conducted intentionally and in a coordinated manner. Actors of such activity can be state or non-state actors, including their proxies inside and outside of their own territory.”