Inside Cybersecurity

August 11, 2022

Daily News

Stanford’s Lin says new Aspen disinformation commission will wrestle with ‘how to incentivize doing the right thing’

By Charlie Mitchell / March 29, 2021

Stanford University’s Herb Lin, a member of the Aspen Institute’s new Commission on Information Disorder, says “cyber-enabled information warfare” poses an existential threat that in many ways defies current government and private-sector structures organized to protect digital systems from cyber attack.

“Cybersecurity is usually thought of in technical terms -- viruses, firewalls, etc. -- and the primary focus is on protecting the computer,” Lin told Inside Cybersecurity. “The problem of defending against information disorder is more about protecting the human mind than about computers. A computer can be patched but there’s no downloadable patch for the human mind.”

Lin is a prominent thinker and strategist on cyber issues and served on the 2016 Commission on Enhancing National Cybersecurity. He has written extensively on information warfare and how current government organization stacks up against the challenge. His verdict: Not very well.

Herb Lin

Herb Lin, Senior research scholar for cyber policy and security, Stanford University

“First, the legal authorities of U.S. governmental departments and agencies have yet to catch up to the problem of cyber-enabled IW/IO [information warfare/information operations] conducted against the United States. Indeed, U.S. governmental authorities that may be useful, continue to be premised on the existence of a marketplace of ideas that works well to inform a public that routinely and systematically engages in critical thinking and reflection on political matters,” Lin wrote in a 2019 article.

“Second and perhaps more importantly,” he wrote, “given the diffuse nature of the cyber-enabled IW/IO problem, it is not clear at all how the U.S. government could draw a ‘bubble chart’--that is, a chart depicting the organizational units sharing a common objective--with unambiguous lines of responsibility and authority. Who or what existing entity could be put ‘in charge’ or respond to cyber-enabled IW/IO? If, as seems likely, no existing entity could do the job, what charge should be given to a new entity to address the problem?”

In his talk with Inside Cybersecurity, Lin noted that in exploring what the U.S. government can do, he had concluded, “Not very much,” in large part due to free-speech protections. Therefore, he said, it’s unclear what role the government can play, saying it could be a “convening” function or something similar.

“But the key factor is how to incentivize the private sector to do the right thing -- and what is the right thing?” Lin said. “We’ll explore this on the commission. I don’t want to commit myself.”

Lin sketched out the stakes in another 2019 paper, this one for the Bulletin of the Atomic Scientists:

Corruption of the information ecosystem has become an existential threat to civilization as we know it because prosperity and advancement depend on a secure information infrastructure and environment that provides human beings with contextualized, reliable, trustworthy information when and where it is needed. Information is as much a part of human ecology and the essence of being human as DNA (itself a form of information!) is a part of the evolutionary processes in biological systems.

But the problem doesn’t easily lend itself to legislative or regulatory solutions, he said.

Lin said the Aspen Institute brings “unique talents and resources” to the effort, including high-level participation from the government and private sector and a well-established ability to harness industry, government and civil society behind a public policy mission.

Aspen last week formally unveiled the commission and its membership, including co-chairs Christopher Krebs, the former Cybersecurity and Infrastructure Security Agency director, journalist Katie Couric and Color of Change president Rashad Robinson. Among its members are British Prince Harry.

“I think he’ll have something substantive to say, he’s suffered from disinformation in ways most of us haven’t,” Lin said of Prince Harry.

Aspen has offered a roadmap for the logistics of its upcoming work at According to Aspen’s FAQ page: “We'll be releasing more details regarding logistics, as well as the effort's priorities, targets for recommendations, and potential impact and solutions, about 60 days into the work.”

It says, “In the interim, the Commission will receive a series of briefings from a range of experts to understand the scope of the problem and identify the gaps that exist in the ability of government, the tech platforms, and civil society to address what First Draft Co-Founder Claire Wardle has termed ‘information disorder.’"

According to Aspen, “These briefings will cover the history, rise, and current threat of disinformation; the intersection of disinformation and marginalized communities; the challenge of civic education and literacy; the societal decline of trust in institutions; the First Amendment and the effects of Section 230; and the growing challenge of mis- and disinformation campaigns against private industry and companies; among other core topics. These briefings will be recorded and made available to the public, along with reading materials provided to the commissioners.” -- Charlie Mitchell (