Cognitive warfare and digital influence: measuring the effects, not just the flows
Digital influence has become a central issue in the cyber field. It features in military doctrines on cyber influence operations, in public policies addressing information manipulation, in research on digital platforms, in debates surrounding generative artificial intelligence, and in discussions on democratic resilience. This centrality is no accident: contemporary operations no longer clearly separate technical attacks, information operations and social disruption.
This observation led us to formulate the following research question: what are the limitations of information monitoring tools when it comes to measuring the actual effectiveness of an influence operation? Put differently, how can we move from describing information flows to measuring effects? The argument advanced here is straightforward: digital influence can only be assessed rigorously through behavioural change measured against a counterfactual scenario. Narratives, networks, cognitive biases, social intermediaries and platform metrics are useful but intermediate variables. They only become meaningful when they help to estimate what actually changes compared with what would probably have occurred in the absence of intervention.
What is cognitive warfare?
Cognitive warfare involves exploiting individuals’ cognitive biases (characteristics, limitations and vulnerabilities) by employing strategies of influence, persuasion and disinformation to shape decision-making in the long term. In this sense, digital influence plays a central role in cognitive warfare. In the cyber domain, it features in doctrines on cyber influence operations, in public policies against the manipulation of information, in research on platforms, in debates on generative artificial intelligence and in discussions on democratic resilience.
Disinformation, manipulation of information, digital influence: what are we talking about?
Information manipulation does not consist of a mere accumulation of false propositions, but rather of repeated, stabilised and cumulative narrative structures. This approach is intellectually sound, as it builds on earlier work on framing, narrativity and discursive structures. In the recent French debate, this perspective is explicitly articulated through the idea of interpreting disinformation as a ‘serial narrative’, that is to say, as a discursive construction that unfolds through episodes, characters, recurring conflicts and continuous interpretative frameworks. This approach corrects the naivety of treating each piece of false or manipulative content as an isolated entity. An influence operation rarely works through a single message. It works through repetition, through familiarisation, and through the stabilisation of an interpretative framework. In the cyber domain, this insight is useful: following a data breach, a ransomware attack, an institutional compromise or an act of digital sabotage, the narrative accompanying the event can produce a lasting framing. It can transform a technical vulnerability into evidence of political incompetence, an opportunistic attack into a strategic humiliation, or a local disruption into a sign of systemic collapse. Narrative analysis therefore helps us to understand how a cyber sequence becomes an informational sequence.
Why information monitoring is no longer enough: the confusion between visibility and impact
Systems for analysing influence rely predominantly on variables that are accessible because they are observable, but which are insufficient to establish behavioural impact. The current formulation of the problem therefore does not reveal anything radically new. Rather, it confirms a long-standing assessment: that of a field which is becoming increasingly adept at describing signals, but which still struggles to estimate their effects. This distinction is crucial in the cyber domain, as decisions there are made under time pressure, with incomplete data and the risk of amplification. Responding too quickly to a hostile manoeuvre can neutralise a narrative; it can also give it a level of visibility it would never have achieved on its own. Furthermore, remaining silent may be strategic, but it can also allow a narrative to take hold. The question cannot therefore be: ‘Is the narrative circulating?’. It must be: ‘Which course of action produces the best net behavioural effect, compared with inaction and the other available options?’
De la description des flux à la mesure des effets
From a rigorous perspective, the effect of influence must be understood as a behavioural shift relative to a situation without intervention. This is precisely the core of the model advocated here: the observable variables (output, visibility, circulation, engagement, coordination, narrative recurrence) describe the informational environment, but do not in themselves measure influence. The object of measurement must be the counterfactual behavioural shift, that is to say, the difference between what a population does under intervention and what it would probably have done without intervention.
The limitations of the three dominant approaches: narrative analysis (‘serial narrative’), cognitive engineering (design lab), and the recipient’s cognitive resilience
Three approaches currently feature disproportionately in the debate: narrative analysis, the cognitive engineering of systems, and the cognitive resilience of the recipient. All three approaches are useful; none should be dismissed out of hand. Their weakness lies not in being incorrect, but in being situated upstream of or separate from the very object that needs to be measured. They describe structures, design interventions or strengthen individual capabilities, but on their own they do not yet allow us to estimate the behavioural effect of an influence intervention in a cyber environment.
Recommendations
First, define the target behaviour before measuring.
An influence operation should not be evaluated based on a generic visibility indicator. It must first be considered in relation to a target behaviour: clicking, sharing, abstaining, applying a security instruction, leaving a platform, joining a channel, trusting a source, exerting pressure on an institution or changing a professional practice. Without a target behaviour, metrics only describe information noise.
Second, separate indicators of activity, reception and impact.
Dashboards should distinguish between three levels. Activity indicators describe what is circulating: volumes, accounts, hashtags, timing and coordination. Reception indicators describe what is being processed: attention, credibility, memorisation and self-reported agreement. Impact indicators describe what changes: decisions, actions, inaction, withdrawal, mobilisation, cooperation or security practices. Conflating these levels leads to overestimating the effectiveness of visible campaigns.
Third, make narratives, design and resilience subordinate to effect evaluation.
Narrative analysis, cognitive engineering and receiver resilience should remain part of the evaluation chain, but each in their proper place. Narratives provide information about frameworks of meaning. Design produces intervention options. Cognitive resilience strengthens the capacity for judgement. None of these elements on their own demonstrate influence. They must be linked to an observed or estimated behavioural effect.
Fourth, construct a counterfactual baseline.
Every evaluation should include an estimate of what would probably have happened in the absence of intervention. This baseline can be imperfect, but it must be explicit: the natural development of the conversation, the expected media cycle, exposed audiences, usual intermediaries, the prior level of trust, and the probable trajectory of the adversarial narrative. A response should only be considered effective if it performs better than this reference trajectory.
Fifth, compare multiple options, including silence.
Evaluation should not merely answer the question: should action be taken? It should compare multiple options: public response, discreet response, third-party intermediary, prior inoculation, technical correction, platform-based action, channel change or non-response. In certain situations, controlled silence may produce a better net effect than a visible denial, particularly when the risk of amplification exceeds the expected benefit.
Sixth, incorporate the risks of amplification, backlash and saturation.
The effectiveness score must incorporate the possible negative effects of an intervention: giving visibility to a marginal narrative, reinforcing pre-existing distrust, providing the adversary with material for renewed attacks, inducing audience fatigue or weakening the credibility of the source. An information action should therefore be evaluated in terms of net effect, not visible activity.
Seventh, prioritise segments close to an action threshold.
Efforts should focus on audiences capable of changing behaviour, not merely those most heavily exposed. A campaign may reach many individuals who are already convinced, without producing any effect. Conversely, a segment that is small but already close to a threshold, such as employees tempted to circumvent a procedure, users considering leaving a service, journalists seeking an interpretative framework or decision-makers under pressure, may prove decisive.
Eighth, organise evaluation around five levels.
The measurement doctrine should be structured around five levels: the crisis context, the information environment, the population, the intervention and the behaviour. This architecture requires explicit specification of what is observed, what is inferred, what is decided and what is ultimately changed. It also makes it possible to justify a proportionate response and to retain a record of the assumptions used.
Ninth, validate models progressively based on lessons learned.
Evaluation models should first be tested on retrospective cases and then through prospective exercises. Recommendations formulated before decisions are made should be compared with the trajectories subsequently observed: reduction in amplification, improved identification of at-risk audiences, greater accuracy of assumptions, and the capacity to recommend non-response. The objective is not perfect prediction, but the reduction of decision-making error.
