In 2019, in what now reads like a strikingly prescient premonition, OODA CTO Bob Gourley penned a two-part series on the neglect of our national Cognitive Infrastructure:

America’s Most Critical Infrastructure is also Our Most Neglected Infrastructure

Mitigating Risks to America’s Cognitive Infrastructure

In the series, Bob discussed the efforts by the U.S. government in the 1990s to create a framework for “Critical Infrastructure Protection” when talking about manufacturing, dams, the energy sector, nuclear reactors, the materials and waste sector, and transportation systems.  In 2007, all these critical infrastructure protection efforts were encapsulated in the establishment of the Department of Homeland Security, National Protection and Programs Directorate (NPPD), which in 2018 became the Cybersecurity and Infrastructure Security Agency (CISA).  And much of this “Critical Infrastructure” framing and language is still a central part of the policy lexicon today.  Most recently, the policy framework was used by the current administration when extending critical infrastructure protections through cybersecurity and industrial control systems initiatives in July and October of last year.

What is the Cognitive Infrastructure? (from Part I in the aforementioned series)

The nation’s cognitive infrastructure includes the mental capacities of our citizens and the decision-making ability of people, organizations, and our government. It also includes the information channels used to feed our decision-making capabilities and the education and training systems used to prepare people and organizations for critical thinking.

OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.

You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.

Our cognitive infrastructure is threatened in ways few of us ever imagined just a few years ago. Old-style propaganda has been modernized and is now being aided by advanced technologies and new information dissemination methods.

New technologies used by our adversaries to attack our cognitive infrastructure include

• Internet-based communications technologies that enable anonymous action from a distance.
• Machine learning algorithms that can extract information from massive quantities of data. These algorithms can be used for a variety of purposes including learning previously unknowable things about people, their behaviors, and deepest desires, all of which can aid adversaries seeking to manipulate cognition.
• An Internet that is optimized to deliver information through ads to tailorable audiences across multiple devices and track who sees what.
• Artificial Intelligence can help create the right message to influence an audience, and then quickly re-tailor messages on the fly to improve desired outcomes.
• Tools that can manipulate images, audio, and sound to create deceptive messages, including creating entire events that never occurred. These tools are now so easy to use that amateurs are “face-swapping” faces into videos of their choosing just for fun. These tools are being weaponized across video, text, and audio.
• Tools that can take entire sources of information offline through denial-of-service attacks.
• Fragile security systems can be penetrated remotely to enable the planting of information or extraction of data for malicious use.

Adversaries seeking to exploit our cognitive infrastructure are also aided by the many new information channels that reach our citizens and organizations. They include all the old media plus:

• Email, voice, and video that connects everyone everywhere.
• Social media, including Facebook and Twitter, and LinkedIn, which enables anyone to create and disseminate and consume any content.
• New genres of information include podcasts, blogs, streaming video (YouTube), on-demand entertainment (Netflix, AppleTV, Apple Music, Amazon video), on-demand books (Kindle and ebooks).
• Many video games can serve as communications media, including immersive video games using virtual reality and augmented reality.
• Government and corporate information systems which enable instant broadcasting of messages to individuals. These are controlled by people who can be tricked into transmitting the wrong information or can simply screw up (reducing credibility while doing so).
• Cable and broadcast TV is in just about every house and can even reach people on their mobile devices.

This all means that today, 330 million Americans are being bombarded with information that can be not just wrong, and not just deceptive, but malicious in ways we are not prepared to defend against.

What is the potential impact of the threat to our cognitive infrastructure? Imagine a world where:

• Groups of people can be manipulated and driven to violence
• The credibility of any fact can not only be challenged but deceptively refuted in ways many will believe
• No source is considered authoritative. No expert or researcher or academic or a business leader or judge or jury will have the credibility to provide the final answer on any subject
• Technologies that distort reality will continue to evolve faster than our ability to detect distorted reality. People will find it harder and harder to tell what is real
• Any individual anywhere in the globe can make it seem like an event has happened, even if it did not
• Organizations created to gain knowledge, including government agencies, think tanks, and academic organizations, are fed false information that increases error rates, and even when they are acting on good information have their credibility attacked
• Reality apathy sets in. The false world of fake stories that sound good and immersive entertainment will be so much more attractive to people, with growing
• Elections become moot because the only politicians that can win are those that are masters of deception.

Our cognitive infrastructure deserves to be treated with the same respect afforded our other critical infrastructures. Just like the other sectors, this is not something that free societies place the government in charge of fixing. But we do, and should, determine the role of government in helping to fix these challenges.

The Swedish Psychological Defence Authority

The U.S-based efforts which most closely resemble the working definition of Cognitive Infrastructure Protection offered by Bob back in 2019 include the short-lived CISA website Rumor Control (to address disinformation associated with the 2020 United States presidential election) and the analysis and recommendations made by the recent Aspen Institute Commission on Information Disorder Final Report.   To date, the problem continues to dwarf any viable holistic solutions and appropriate governmental responses of any scale.

It took from 2007 to 2018 for cybersecurity to get top billing in the creation of CISA.  Is it time for the establishment of an independent National Cognitive Infrastructure Directorate?

Back in 2020, The Swedish government concluded it was time for just such a governmental entity.  In May of 2021, Sweden committed to a new authority to develop and coordinate psychological defence, including “the establishment of a National Centre for Psychological Defence within the new authority whose main task will be to develop, coordinate and strengthen the national ability to identify, analyze and face undue information influence.” In October 2021,  the Swedish Government “appointed a Director General of the Swedish Psychological Defence Agency, Henrik Landerholm.  The agency will have a complex operation with contacts with both the military defence and civilian authorities.”   The report which called for the establishment of the new agency also contained “a proposal that the authority should be an information-entitled total defence authority and thus be able to target signals intelligence.”

Swedish Defense Minister Peter Hultqvist placed the new agency in the context of what has been called the Hultqvist Doctrine, which resists full membership in NATO, increases defense spending, and closer alliances with the U.S., NATO, and Finland:

“The Swedish government will continue our two-track policy: to strengthen our national defense posture over the coming years and to deepen our international defense cooperation. The good news is that the new policy comes with increased resources…Defense intelligence capabilities are to be further enhanced along with cyber defense. The latter will include the ability to conduct defensive and offensive operations in the cyber domain…An important task in the upcoming years is to reestablish our “Total Defence.” The resilience in critical functions needs to be enhanced to enable society to operate under severe crisis or wartime conditions. Civil and military defense needs to be developed in a coordinated fashion.  The deterioration of the security situation — due in part to the use of hybrid activities — is a fact.  Just recently, the Swedish government decided to establish a new cybersecurity center, and a government agency for psychological defense will be established in 2022.” (1)

The Psychological Defence Authority has a uniquely Swedish historical pedigree:  it is a direct descendant of the Swedish Cold War entity known as the Board for Psychological Defence from the 1950’s and 1960’s.  The Swedish Total Defence concept also dates to the 1940’s (see also 2). Colonel Mikael Johnsson explains:   “[Total Defence] is rooted in the idea that all elements of society have a duty to prepare to support the armed forces at times of crisis.”  Or, according to Dr. Björn von Sydow in the NATO Review,  Total Defence is concerned with “mobilising the whole of society.”

According to rusi.org, “in a piece of landmark legislation in 2015, Sweden boosted its defence spending; reinstated conscription, albeit a more selective version than in the past; and revitalised its Total Defence concept, remodeled to meet today’s spectrum of threats. Key to rebuilding this policy was the need to reinstate its Cold War practice of running regular national resilience exercises.”  A seminal Total Defence 2020 Exercise, a yearlong Swedish military exercise (of which Colonel Johnsson was the military co-chair of the exercise planning group), provided the actionable insights for the establishment of the Swedish Psychological Defence Authority:  

“The first major lesson of the exercise was that it is extremely difficult to communicate clear messages to the population of a free society against the background noise of sustained disinformation campaigns. This was not a surprise to the Swedish authorities but proved far more significant than they expected. As a result, [Nils Svartz, co-chair of the evaluation branch from the Swedish Civil Contingency Agency] reported that his government has decided to establish a psychological defence agency to combat this problem.

The second major lesson was that, with the advent of hybrid and grey-zone warfare, the transition period when the armed forces move from supporting civil society to being supported by civil society has become more complex but nonetheless must be seamless and flexible. It may also call for the central government to take tighter control than normal over lower levels of government during a crisis.”

“In a free society, it is the job of the citizen to decide what their role is in the cognitive infrastructure.”

The Psychological Defense Authority launched on January 1st, and the role of the individual citizen (as spelled out by the authority) sets it apart from all other approaches we have evaluated in the last year:  “Many people contribute to psychological defence. Free and independent media is a key player along with agencies and institutions, but as an individual, you also play an important role. By increasing your knowledge and awareness that misleading information exists, how it is spread and how it poses a threat, you reduce the risk of being influenced.  The Swedish Psychological Defence Agency leads the work of coordinating and developing Sweden’s psychological defence – an important part of a strong and modern total defence.”  Frequently Asked Questions directly answered by the Authority’s website are also of note:

In what way can undue information influence be dangerous?

“Misleading information can create anxiety, heighten hatred and doubt, and make society more vulnerable. This can be exploited by interests that want to threaten and disrupt Swedish society and our independent decision-making. It can challenge the life and health of the population, societal functioning, and our fundamental values such as democracy, the rule of law and human rights and freedoms.”

How can I protect myself from misleading information?

“By becoming more aware and learning to recognise misleading information you increase your resilience to being affected by it. Disinformation depends on people sharing it, so be careful when sharing information and be critical of sources and avoid sharing information you feel hesitant about. A good start can be to complete this web course. Please note that the web course is held in Swedish.”

This ‘ask’ from the government of the individual to have personal agency in the psychological defense of the nation is really striking.   When announcing what the Swedes call the “instruction for the Swedish Psychological Defence Authority, which specifies the authority’s responsibilities and tasks”, part of the remit of the authority is to “contribute to strengthening the resilience of the population. The Agency will have these tasks both in peacetime and on heightened alert.”

In Part II of his series, Mitigating Risks To America’s Cognitive Infrastructure, Bob Gourley also includes the citizen as a central unit of participation in a broad societal solution:   “The nation’s cognitive infrastructure includes the mental capacities of our citizens and the decision-making ability of people, organizations and our government. It also includes the information channels used to feed our decision-making capabilities and the education and training systems used to prepare people and organizations for critical thinking.”    He offered the following considerations for “The Role of The Citizen” in mitigating risk:

• In a free society, it is the job of the citizen to decide what their role is in the cognitive infrastructure. But there may be areas where laws or regulations should be changed to mitigate risks of malicious activity.
• Optimally, citizens should be equipped with mental models that will enable them to rapidly learn to spot specious or deceptive information.
• Citizens should be provided with means to report to businesses and the government when they detect malicious attacks against our cognitive infrastructure.

The Swedish Psychological Defense Authority and Gourley’s notion of Cognitive Infrastructure put the enabling (along with the personal responsibility and personal agency) of the individual citizen as the vital organizational unit and design element of a strategic defense for the protection of a nation’s cognitive infrastructure.  This speaks to a very bottom-up design process for a U.S. Cognitive Infrastructure Directorate.  If such an agency is in our future, we can best learn from the example set by the Swedes by first asking:  Do we have equally as strong a national, historical, and structural precedent on which to build these capabilities?

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking

The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real-world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking

Corporate Sensemaking: Establishing an Intelligent Enterprise

OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along its journey to optimized intelligence. See: Corporate Sensemaking

Artificial Intelligence Sensemaking: Take advantage of this megatrend for competitive advantage

This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking

COVID-19 Sensemaking: What is next for businesses and governments

From the very beginning of the pandemic, we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily intelligence as well as pointers to reputable information from other sites. See OODA COVID-19 Sensemaking Page.

Space Sensemaking: What does your business need to know now

A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking

Quantum Computing Sensemaking

OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See Quantum Computing Sensemaking.

The OODAcast Video and Podcast Series

In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision-making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast