Influence operations are elusive to define. The Rand Corp.'s [definition]() is as good as any: "the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent." Basically, we know it when we see it, from bots controlled by the Russian Internet Research Agency to Saudi attempts to plant fake stories and manipulate political debate. These operations have been run by Iran against the United States, Russia against Ukraine, China against Taiwan, and probably lots more besides. Since the 2016 US presidential election, there have been an endless series of ideas about how countries can defend themselves. It's time to pull those together into a comprehensive approach to defending the public sphere and the institutions of democracy. Influence operations don't come out of nowhere. They exploit a series of predictable weaknesses -- and fixing those holes should be the first step in fighting them. In cybersecurity, this is known as a "[kill chain]()." That can work in fighting influence operations, too -- laying out the steps of an attack and building the taxonomy of countermeasures. In an [exploratory blog post](), I first laid out a straw man information operations kill chain. I started with the seven [commandments](), or steps, laid out in a 2018 _New York Times_ opinion [video series]() on "Operation Infektion," a 1980s Russian disinformation campaign. The information landscape has changed since the 1980s, and these operations have changed as well. Based on my own research and feedback from that initial attempt, I have modified those steps to bring them into the present day. I have also changed the name from "information operations" to "[influence operations]()," because the former is [traditionally defined]() by the US Department of Defense in ways that don't really suit these sorts of attacks. **Step 1:** Find the cracks in the fabric of society -- the social, demographic, economic, and ethnic divisions. For campaigns that just try to weaken collective trust in government's institutions, lots of cracks will do. But for influence operations that are more directly focused on a particular policy outcome, only those related to that issue will be effective. **Countermeasures:** There will always be open disagreements in a democratic society, but one defense is to shore up the institutions that make that society possible. Elsewhere I have [written]() [about]() the "common political knowledge" necessary for democracies to function. That shared knowledge has to be strengthened, thereby making it harder to exploit the inevitable cracks. It needs to be made unacceptable -- or at least costly -- for domestic actors to use these same disinformation techniques in their own rhetoric and political maneuvering, and to highlight and encourage cooperation when politicians honestly work across party lines. The public must learn to become reflexively suspicious of information that makes them angry at fellow citizens. These cracks can't be entirely sealed, as they emerge from the diversity that makes democracies strong, but they can be made harder to exploit. Much of the work in "norms" falls here, although this is essentially an unfixable problem. This makes the countermeasures in the later steps even more important. **Step 2:** Build audiences, either by directly controlling a platform (like RT) or by cultivating relationships with people who will be receptive to those narratives. In 2016, this consisted of [creating]() social media accounts run either by human operatives or automatically by bots, making them seem legitimate, gathering followers. In the years following, this has gotten [subtler](). As social media companies have gotten better at deleting these accounts, two separate tactics have emerged. The first is microtargeting, where influence accounts join existing social circles and only engage with a few different people. The other is influencer influencing, where these accounts only try to affect a few proxies (see step 6) -- either journalists or other influencers -- who can carry their message for them. **Countermeasures:** This is where social media companies have made all the difference. By allowing groups of like-minded people to find and talk to each other, these companies have given propagandists the ability to find audiences who are receptive to their messages. Social media companies need [to]() [detect]() and [delete]() accounts belonging to propagandists as well as bots and groups run by those propagandists. Troll farms exhibit particular behaviors that the platforms need to be able to recognize. It would be best to delete accounts early, before those accounts have the time to establish themselves. This might involve normally competitive companies working together, since operations and account names [often cross platforms](), and cross-platform visibility is an important tool for identifying them. Taking down accounts as early as possible is important, because it takes time to establish the legitimacy and reach of any one account. The NSA and US Cyber Command worked with the FBI and social media companies to [take down]() Russian propaganda accounts during the 2018 midterm elections. It may be necessary to pass laws requiring Internet companies to do this. While many social networking companies have reversed their "we don't care" attitudes since the 2016 election, there's no guarantee that they will continue to remove these accounts -- especially since their profits depend on engagement and not accuracy. **Step 3:** Seed distortion by creating alternative narratives. In the 1980s, this was a single "big lie," but today it is more about many contradictory alternative truths -- a "[firehose of falsehood]()" -- that distort the political debate. These can be fake or heavily slanted news stories, extremist blog posts, fake stories on [real-looking websites](), [deepfake videos](), and so on. **Countermeasures:** Fake news and propaganda are [viruses](); they spread through otherwise healthy populations. Fake news has to be identified and labeled as such by social media companies and others, including recognizing and identifying manipulated videos known as deepfakes. Facebook is [already]() making [moves]() in this direction. Educators need to teach [better]() [digital]() [literacy](), as [Finland is doing](). All of this will help people recognize propaganda campaigns when they occur, so they can [inoculate themselves]() against their effects. This alone cannot solve the problem, as much sharing of fake news is about [social]() [signaling](), and those who share it care more about how it demonstrates their core beliefs than whether or not it is true. Still, it is part of the solution. **Step 4:** Wrap those narratives in kernels of truth. A core of fact makes falsehoods more believable and helps them spread. Releasing stolen emails from Hillary Clinton's campaign chairman John Podesta and the Democratic National Committee, or [documents]() from Emmanuel Macron's campaign in France, were both an example of that kernel of truth. Releasing stolen emails with a few deliberate falsehoods embedded among them is an even more effective tactic. **Countermeasures:** Defenses involve exposing the untruths and distortions, but this is also complicated to put into practice. Fake news [sows confusion]() just by being there. Psychologists have [demonstrated]() that an inadvertent effect of debunking a piece of fake news is to amplify the message of that debunked story. Hence, it is essential to replace the fake news with accurate narratives that counter the propaganda. That kernel of truth is part of a larger true narrative. The media needs to learn skepticism about the chain of information and to exercise caution in how they approach debunked stories. **Step 5:** Conceal your hand. Make it seem as if the stories came from somewhere else. **Countermeasures:** Here the answer is attribution, attribution, attribution. The quicker an influence operation can be pinned on an attacker, the easier it is to defend against it. This will require efforts by both the social media platforms and the intelligence community, not just to detect influence operations and expose them but also to be able to [attribute]() attacks. Social media companies need to be more transparent about how their algorithms work and make source publications more obvious for online articles. Even small measures like the [Honest Ads Act](), requiring transparency in online political ads, will help. Where companies lack business incentives to do this, regulation will be the only answer. **Step 6:** Cultivate proxies who [believe and amplify]() the narratives. Traditionally, these people have been called "useful idiots." Encourage them to take action outside of the Internet, like holding [political rallies](), and to adopt positions even [more extreme]() than they would otherwise. **Countermeasures:** We can mitigate the influence of people who disseminate harmful information, even if they are unaware they are amplifying deliberate propaganda. This does not mean that the government needs to regulate speech; corporate platforms already employ a variety of systems to amplify and diminish particular speakers and messages. Additionally, the antidote to the ignorant people who repeat and amplify propaganda messages is other influencers who respond with the truth -- in the words of [one report](), we must "make the truth louder." Of course, there will always be true believers for whom no amount of fact-checking or counter-speech will suffice; this is not intended for them. Focus instead on persuading the persuadable. **Step 7:** Deny involvement in the propaganda campaign, even if the truth is obvious. Although since one major goal is to convince people that nothing can be trusted, rumors of involvement can be beneficial. The first was Russia's tactic during the 2016 US presidential election; it employed the second during the 2018 midterm elections. **Countermeasures:** When attack attribution relies on secret evidence, it is easy for the attacker to deny involvement. Public attribution of information attacks must be accompanied by convincing evidence. This will be difficult when attribution involves classified intelligence information, but there is no alternative. Trusting the government without evidence, as the NSA's Rob Joyce [recommended]() in a 2016 talk, is not enough. Governments will have to disclose. **Step 8:** Play the long game. Strive for long-term impact over immediate effects. Engage in multiple operations; most won't be successful, but some will. **Countermeasures:** Counterattacks can disrupt the attacker's ability to maintain influence operations, as [US Cyber Command did]() during the 2018 midterm elections. The NSA's new policy of "[persistent engagement]()" (see the article by, and interview with, US Cyber Command Commander Paul Nakasone [here]()) is a strategy to achieve this. So are [targeted]() [sanctions]() and [indicting individuals]() involved in these operations. While there is little hope of bringing them to the United States to stand trial, the possibility of not being able to travel internationally for fear of being arrested will lead some people to refuse to do this kind of work. More generally, we need to better encourage both politicians and social media companies to think beyond the next election cycle or quarterly earnings report. Permeating all of this is the importance of deterrence. Deterring them will require a different theory. It will require, as the political scientist Henry Farrell and I [have]() [postulated](), thinking of democracy itself as an [information system]() and understanding "[Democracy's Dilemma]()": how the very tools of a free and open society can be subverted to attack that society. We need to adjust our [theories]() of [deterrence]() to the realities of the information age and the democratization of attackers. If we can mitigate the effectiveness of influence operations, if we can publicly attribute, if we can respond either diplomatically or otherwise -- we can deter these attacks from nation-states. None of these defensive actions is sufficient on its own. Steps overlap and in some cases can be skipped. Steps can be conducted simultaneously or out of order. A single operation can span multiple targets or be an amalgamation of multiple attacks by multiple actors. Unlike a cyberattack, [disrupting]() will require more than disrupting any particular step. It will require a coordinated effort between government, Internet platforms, the media, and others. Also, this model is not static, of course. Influence operations have already evolved since the 2016 election and will continue to evolve over time -- especially as countermeasures are deployed and attackers figure out how to evade them. We need to be prepared for wholly different kinds of influencer operations during the 2020 US presidential election. The goal of this kill chain is to be general enough to encompass a panoply of tactics but specific enough to illuminate countermeasures. But even if this particular model doesn't fit every influence operation, it's important to start somewhere. Others have worked on similar ideas. Anthony Soules, a former NSA employee who now leads cybersecurity strategy for Amgen, presented this concept at a private event. Clint Watts of the Alliance for Securing Democracy is [thinking]() along these lines as well. The [Credibility Coalition's]() Misinfosec Working Group proposed a "[misinformation pyramid]()." The US Justice Department developed a "[Malign Foreign Influence Campaign Cycle]()," with associated countermeasures. The threat from influence operations is real and important, and it deserves more study. At the same time, there's no reason to panic. Just as overly optimistic technologists were wrong that the Internet was the single technology that was going to overthrow dictators and liberate the planet, so pessimists are also probably wrong that it is going to empower dictators and destroy democracy. If we deploy countermeasures across the entire kill chain, we can defend ourselves from these attacks. But Russian interference in the 2016 presidential election shows not just that such actions are possible but also that they're surprisingly inexpensive to run. As these tactics continue to be democratized, more people will attempt them. And as more people, and multiple parties, conduct influence operations, they will increasingly be seen as how the game of politics is played in the information age. This means that the line will increasingly blur between influence operations and politics as usual, and that domestic influencers will be using them as part of campaigning. Defending democracy against foreign influence also necessitates making our own political debate healthier. This essay [previously appeared]() in _Foreign Policy_.