cognitive security: pyramid of pain

I swear my best posts come from random conversations on the internet.

Pyramid of pain

The Pyramid of Pain describes the types of indicators you can use to make sense of / detect a cyber attack. In a curious moment, I asked it’s creator, David Bianco, if there was a disinformation version of it yet.

Erm… not yet? And he’s been thinking about it, and I have, so I scribbled down some tweets.

David’s question: “The Pyramid of Pain is about helping analysts & detection engineers make better choices wrt the types of IOCs they use for detection of security incidents. How would you describe an analog in the misinformation space?” sparked off:

I think it would be similar. We created the artifacts/ narratives/ incidents/ campaigns pyramid because the stuff at the bottom was easier to find, analyse and address than the stuff at the top, and we wanted people to raise their eyes up from “we found some stuff; remove stuff”…

Cognitive security pyramid of pain?
  • …at the bottom I’d see artifacts: known hashtags, phrases, images etc — things that we know are around in a lot of disinformation campaigns, hate speech, extremist posts etc. Keep a list, search for them, find some stuff…

That was a coffeebreak’s worth of thought, but it might have some uses. One thing that’s glaringly missing from it are the human interactions that make up many disinformation campaigns — those attempts to manipulate groups, emotions etc as well as beliefs and algorithm rankings. There might be a whole different top of the pyramid for that, maybe even a whole other pyramid. But it’s a start of thinking about “what do we look for, what do we measure, how do we rank that by effort?”.

Social data nerd.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store