Digital Threat Digest Insights Careers Let's talk

The canary in the coal mine - Digital Threat Digest

PGI’s Digital Investigations Team brings you the Digital Threat Digest, SOCMINT and OSINT insights into disinformation, influence operations, and online harms.


In one of the latest Digital Threat Digests, my colleague urged readers to rethink the way we approach digital investigations to catch up with threat actors. A digital rendition of they go low, we go lower, if you will. However fun and satisfying that may feel, it raises a number of ethical questions about the development of the sector.

What I like about the thinking behind this proposition is the anticipatory angle it advocates for. Over the past five years, the international community has developed framework after framework to try and put in practice early warning and anticipatory policies to prevent conflict. Bills like the 2019 Global Fragility Act put sustainable political development and strong infrastructure at the core of increasing a country's resilience. In more than one way - especially here at PGI - understanding infrastructure already plays a key role in mapping threat behaviours online. So why not consider the entire infrastructure that keeps us connected to understand and anticipate threat actors?

Internet access is the 21st century canary in a coal mine. Recent political events, especially in the Levant, the Sahel and equatorial Africa, have shown that no matter how strong a military or how sure a rigged election, shutting down the internet is still a key feature of significant political upheaval. Prior to the coup in Gabon, Ali Bongo's government cut the internet on election day, undermining transparency and curtailing the flow of information. Just last week, Netblocks reported a drop in connectivity in Chad ahead of the constitutional referendum. As scholar Kholood Khair pointed out, the blackout may be a symptom of a coup, amid growing tensions between some factions of the military and hereditary ruler Mahamat Idriss Deby. There are also instances where internet blackouts have helped curb sectarian and religious violence. What matters is that whoever gets to control access to the internet is by nature the most dangerous threat actor in an information environment. When we map out malicious stakeholders, we consider their political leanings and financial resources, why not consider how much access to critical digital infrastructure they have? It would allow us to understand an actor's full arsenal and anticipate internet blackouts. As recently shown in Gaza, something as simple as an e-Sim bought abroad and shared with Gazans helped establish a critical line of information within and outwith the Strip, when Israel repeatedly shut it off from the internet.

The debate around who gets to control connectivity is much larger than a few considerations of applying anticipatory techniques to digital resilience. It is one that encompasses philosophical questions over the management of public goods in capitalist societies, where financial gains often trample the interests of a population. What I do think we can do - without getting too philosophical on a Tuesday morning - is reconsider the power threat actors wield on the very field they play on and how they can change the field to their advantage.

More about Protection Group International's Digital Investigations

Our Digital Investigations Analysts combine modern exploitative technology with deep human analytical expertise that covers the social media platforms themselves and the behaviours and the intents of those who use them. Our experienced analyst team have a deep understanding of how various threat groups use social media and follow a three-pronged approach focused on content, behaviour and infrastructure to assess and substantiate threat landscapes.

Disclaimer: Protection Group International does not endorse any of the linked content.