/amitt_framework

AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. AMITT is part of misinfosec - work on adapting information security practices to help track and counter misinformation - and is designed as far as possible to fit existing infosec practices and tools.

Primary LanguageJupyter NotebookCreative Commons Attribution Share Alike 4.0 InternationalCC-BY-SA-4.0

Credibility Coalition AMITT Framework

AMITT (Adversarial Misinformation and Influence Tactics and Techniques) is a framework designed for describing and understanding disinformation incidents. AMITT is part of misinfosec - work on adapting information security (infosec) practices to help track and counter misinformation, and is designed as far as possible to fit existing infosec practices and tools.

AMITT's style is based on the MITRE ATT&CK framework; we're working on generating STIX templates for all its objects so it can be passed between ISAOs and similar bodies using standards like TAXI.

How this works

The framework is shown in Framework diagram. Its entities are:

  • Tactics: stages that someone running a misinformation incident is likely to use
  • Techniques: activities that might be seen at each stage
  • Tasks: things that need to be done at each stage. In Pablospeak, tasks are things you do, techniques are how you do them.
  • Phases: higher-level groupings of tactics, created so we could check we didn't miss anything

There's a directory for each of these entities, containing a datasheet for each individual entity (e.g. technique T0046 Search Engine Optimization). The details above "DO NOT EDIT ABOVE THIS LINE" are generated from the code and spreadsheet in folder generating_code, which you can use to update framework metadata; you can add notes below "DO NOT EDIT ABOVE THIS LINE" and they won't be removed when you do metadata updates. (Yes, this is an unholy hack, but it's one that lets us generate all the messages we need, and keep notes in the same place.)

The framework was created by finding and analysing a set of existing misinformation incidents, which also have room for more notes.

Updating the fileset

The code to create all the datasheets is in directory generating_code

  • Metadata is in the file amitt_metadata_v3.xlsx
  • If you change something in the metadata file, go into generating_code, and type "python amitt.py" - this will update the metadata in all the datasheets, and create a datasheet each for any new objects you've added to the spreadsheet.
  • If you don't have any datasheets yet, use "python amitt.py" to create them all.

Provenance

AMITT was created by the Credibilty Coalition's Misinfosec working group, which is the standards group connected to Misinfosec. We would love any and all suggestions for improvements, comments and offers of help via the issues list on this github.

AMITT is licensed under CC-BY-4.0