40% of Government Organizations Will Establish TrustOps to Counter Deepfake Threats by 2028
Forty percent of government organizations will establish dedicated TrustOps functions by 2028 to combat deepfake identity impersonation and disinformation-as-a-service (DaaS), according to Gartner, Inc., a business and technology insights company.
Government organizations must urgently establish trust capabilities, such as transitioning from reactive fact-checking to a proactive trust architecture, to defend against deepfakes. These threats manifest as public-facing disinformation campaigns, such as impersonating leaders to issue misleading public statements, and in attacks on internal systems. The latter aims to compromise automated biometric authentication (voice or face) or use social engineering to manipulate employees into harmful actions, typically by rapidly establishing authority and urgency.
Daniel Nieto, Sr. Director Analyst at Gartner, said, “Deepfakes can undermine or even weaponize notions of digital identity, attacking the credibility of the State itself,” said “If citizens cannot distinguish a legitimate prime minister’s announcement or a secure tax agency portal from a replica, the foundational architecture of truth collapses.”
To mitigate the existential risk of institutional irrelevance, CIOs must shift from reactive fact-checking to proactive trust architecture. The implications of deepfakes at scale, resulting from the marriage of social media and synthetic content demand an orchestrated, rapid, enterprisewide defense.
“The deepfake phenomenon threatens to induce digital regression; reversing the ROI of digital transformation by forcing a retreat to high-friction, paper-and-in-person interactions,” said Nieto.
Preparing Government Organizations for Disinformation
Government organizations should not treat deepfakes solely as an IT problem. It is a cross-functional crisis requiring executive orchestration and a prolonged continuous education of the workforce and public; there is no single owner in a traditional organizational structure. They also must avoid relying on reactive takedowns. They cannot outrun a deepfake once it is viral. Organizations must saturate the information space with the truth first.
Finally, they should not over-rely on citizen awareness. While education is necessary, the burden of verification must shift away from the end user to the institutional architecture through cryptographic provenance.
To accomplish these goals, government organizations should prioritize the following in the near-term:
- Establish a trust council: Orchestrate an oversight role in consultation with primary stakeholders (IT, legal, communications, HR). This capability must manage the digital identity issues and manage inward/outward disinformation activity.
- Harden business processes: Identify and then audit high-risk administrative workflows, such as financial disbursements. Implement security measures that require multiple approvers and application-level authentication to eliminate single-point-of-failure vulnerabilities exploitable by voice-cloned executives. Then adopt formal data and security governance strategies and programs that first focus on these high-risk workflows and subsequently expand to others as necessary.
- Develop deepfake verification procedures: Design standard operating procedures (SOPs) that utilize step-by-step guides to use technology to test suspicious digital interactions and expose content that may have been synthetically created by AI.
“Long-term, government organizations can consider implementing solutions such as the C2PA protocol,” said Nieto. “They should mandate outbound content grounding by adopting the C2PA protocol, embedding tamper-proof cryptographic metadata into all official digital media. They can also market the use of content provenance to constituents and stakeholders to assert trust.”
