Hadley Newman
Senior AdvisorHadley Newman argues that Russian information operations such as DoppelGänger exploit the lack of allied co-ordination to weaponise falsehoods and calls for the United Kingdom to lead the creation of a standards-based cross-border defence mechanism that provides a shared real-time picture of the information environment to turn fragmented awareness into collective readiness.
The UK is well placed to lead allies in building a shared view of the information environment for enhanced defence. A new wave of Russian information operations shows how hostile actors turn lies into leverage.
Last month, a false story claimed President Zelensky’s inner circle was funnelling 50 million dollars a month to Dubai. As later traced by NewsGuard, it began on a fringe Turkish site, was picked up by Russian outlets, surfaced on Microsoft’s MSN feed and was finally shared by a US Congresswoman. Within days, Russian media cited her post as proof that “even American lawmakers” agreed. The story was fiction, but its spread was real. This is how digital lies are laundered into legitimacy.
The same pattern drives DoppelGänger, a broader Russian campaign that clones trusted media outlets and fills them with fabrications. Investigations by the EU DisinfoLab and Sweden’s Psychological Defence Agency have traced its servers, front companies, and fake accounts, showing how operators exploit takedown-proof hosting to keep the lies alive. The aim is not persuasion but paralysis, to distort debate, undermine trust and constrain allied decision-making regarding defence.
Viewed together, these operations form a system built for speed, deniability, and disruption, impacting politics long before anyone calls it an attack. Operators clone trusted domains to publish deceptive material in national languages, then move it through synthetic personas and co-ordinated amplification networks from Telegram to X and, eventually, into mainstream feeds.
Other campaigns, such as Operation Overload and Operation Ghostwriter, expose the same cross-border and cross-platform choreography: seeding, sharing, and amplifying falsehoods until they look like facts. Analysts can now map these patterns with the DISARM framework. The problem is not a lack of data; it is the lack of shared situational awareness and understanding.
Ghostwriter planted forged stories on compromised national outlets, then localised and republished them in multiple languages through co-ordinated networks of controlled or compromised accounts. A study by the European Centre of Excellence for Countering Hybrid Threats applied the DISARM common language to Ghostwriter, showing how seeding, referencing, and amplification can be consistently mapped across jurisdictions. Each case exposes the same weakness: adversaries use repetition and replication as force multipliers, turning ordinary online behaviour into a delivery mechanism for falsehood – truth becomes collateral damage.
The Allied Capability Gap
Allies lack a shared operating picture of the information environment. This environment includes not only information itself but also the people, systems, and spaces where influence takes hold. Without a shared view of what is happening across borders, each nation sees only a fragment and treats manipulation as a local anomaly. The result is duplication, delay, and diminished capacity for co-ordinated action.
Warning signs are scattered across languages, platforms, and jurisdictions. A single false story can flare on one platform, reappear days later on a cloned outlet elsewhere and end up in mainstream debate through co-ordinated reposts.
Without context, they look like isolated incidents. The connection stays invisible until the damage is done, by which point, the narrative has already spread too far to contain. This asymmetry gives hostile actors an edge: they can experiment and adapt faster than governments can detect and share. As recent European analysis noted, the advantage lies with those who move fastest to exploit allied seams.
Allied doctrine already calls for early, continuous analysis of the information environment – but, in practice, implementation is patchy. When co-ordination falters, allied freedom of manoeuvre shrinks and adversaries gain narrative and operational space to act.
The House of Commons Defence Committee reached a similar conclusion, warning of persistent gaps in hybrid-threat preparedness and partner co-ordination. The answer is not another task force or toolset. Allies now need a secure, standards-based coordination mechanism that brings national information-threat data together into a single, cross-border picture, turning fragments into an allied early-warning system. The goal is to get on the front foot with joined-up analysis and faster, collective action. Right now, allied warning systems still lack the shared standards and automation to connect information across borders, so indicators of the adversaries’ campaigns arrive late and opportunities to act are lost.
A UK-anchored Path Forward
The UK is well placed and, arguably, obliged to lead this effort. The National Cyber Security Centre already offers a proven model for cross-government threat response – a single front door, clear severity levels, and a standing national picture of risk. Adapted to information threats, the same principles could connect departments, link existing expertise and bring allies together through shared data standards and secure interfaces.
What is needed now is an alliance-wide co-ordination mechanism built on shared standards, not new tools, designed specifically for information defence. Its purpose: to integrate existing national feeds, translate them into a common classification and deliver a unified cross-border view of information threats in near real time.
This would not replace the work already underway in UK departments and NATO structures; it would connect and amplify it. A shared operating picture would make national efforts mutually reinforcing, more accessible to allies, and faster to act.
This capability should sit within Strategic Communications, bridging policy, planning, and operations, and serve as a strategic co-ordination mechanism within a wider deterrence posture. It would help allies anticipate rather than react, and support decision advantage below the threshold of conflict. With a clearer picture of the threat’s scale and persistence, governments could allocate resources more effectively and intervene before false narratives harden into public belief.
Implementation should be incremental. The UK can draw on its experience countering hybrid threats and its deep partnerships with NATO and EU counterparts. The process should start with a UK-led pilot using common data standards, recognised behaviour taxonomies, and shared workflows for detection, triage, and escalation. Success will depend on turning intent into structure, providing earlier warnings, faster handovers, and cleaner co-ordination across borders.
The UK already characterises hostile state activity as gradual, ambiguous, and often deniable – language consistent with the Integrated Review. A co-ordinated information-threat monitoring capability would expose that activity at scale, improve attribution and give decision-makers a fuller picture of the threat.
What This is Not
It is not censorship, not a public-facing counter-disinformation campaign, and not a single-tool purchase. It is a secure co-ordination function that provides a shared operating picture of the information environment, enabling rapid response to identified adversary networks. There are clear reference points for interoperability.
Federated Mission Networking already shows how information can be standardised and shared across nations at speed, and NATO’s C3 Taxonomy provides a common language to align data and services. Experience shows that effective information-sharing starts with the basics: common standards first, the interfaces that link them next, and the analytic tools last.
Implementation Priorities
Turning this concept into a working allied capability requires steady, demonstrable progress rather than grand announcements. Each step should deliver visible value and strengthen confidence among allied partners.
- Secure scope and governance. Establish a closed, legally grounded partnership among trusted allies, with clear audits, data protection, and oversight.
- Standards and interoperability. Demonstrate cross-government interoperability first, then publish shared data standards and taxonomies for classifying actors and behaviours. This enables automated de-duplication, cross-border correlation, and secure evidence exchange – drawing on NATO’s C3 Taxonomy and other federated models.
- Delivery and integration. Provide early, tangible outputs, such as near-real-time early warnings and shared indicators, to support attribution. Link national data feeds through standard interfaces and replace manual transfers with secure, real-time exchange across borders.
- Exercise, align and scale. Embed the function within NATO planning (J5) and operations (J3), incorporate it into national and alliance exercises and start with a UK-led pilot that proves faster detection, smoother co-ordination, and earlier warning before expanding participation.
Hostile actors exploit speed and ambiguity to gain advantage through persistent activity below the threshold of conflict. A co-ordinated allied response anchored in shared standards and automated exchange would shorten detection and decision cycles, strengthen resilience and restore freedom of manoeuvre in the information environment.
Conclusion
DoppelGänger is not an isolated case. It is one example of how weaponised information exploits the seams between allied responses. The recent NewsGuard investigation, which tracked a fabricated story about Ukraine from a fringe website to Russian state media via Western news aggregators and even a US lawmaker, shows the same mechanism in action. Falsehoods now move faster than facts, carried by algorithms, repetition, and misplaced trust.
These cases expose a consistent weakness. Allies remain reactive, limited by fragmented data and incompatible systems. Hostile actors, by contrast, behave as networks, testing, refining, and synchronising their narratives at speed. Unless that imbalance is corrected, adversaries will continue to dictate tempo and shape public debate long before governments can respond. A coherent allied response anchored in shared standards and secure exchange can reverse that dynamic.
Linking national data sources through a single trusted framework would allow allies to shift from monitoring to anticipating, from reacting to pre-empting. It would turn dispersed awareness into collective readiness. This is the foundation of resilience in the information domain: standards that create interoperability, interoperability that enables speed, and speed that restores allied freedom of manoeuvre.
The UK now has an opportunity to lead this effort with NATO and EU partners, turning policy intent into a working, standards-based capability. Done well, it would shorten detection and decision cycles, strengthen allied cohesion and constrain adversary freedom of action – protecting the integrity of public debate and reinforcing deterrence below the threshold of conflict.
Hadley Newman is a Senior Adviser and defence researcher specialising in foreign information, threats, and interference. He has advised governments and international organisations on strategic communications and strengthening information resilience, with work published in the Journal of Information Warfare and cited by UK Parliament committees. He previously served as Strategic Communications Director for the G20.
To purchase your edition of Chamber UK, visit: www.chamberuk.com/publications