Intelligence activity, a prevalent practice across various fields, has continually evolved in response to the changing dynamics of human societies. The shift from analog to digital has significantly transformed social practices and modes of communication.
The transmission of information is a crucial component of intelligence activities and has attracted attention in anthropology and social sciences. This research is dedicated to understanding and describing the information exchange practices among threat intelligence communities, especially those using MISP. We aim to explore the functioning and limitations of these practices within their cultural context, focusing on how these communities operate and interact within these frameworks.
While much of the research in information security and intelligence has traditionally emphasized practical, standardized, and technical facets of information sharing, the exploration of its social and cultural aspects has not been as extensive. Our research seeks to contribute to this area by offering insights and exploring potential avenues for further inquiry and improvement. We aim to enrich the understanding of information sharing by shedding light on these less explored dimensions, thereby opening the door for more comprehensive future research and practice advancements.
We face missed opportunities for successful information sharing within the research community. To understand and address this issue, we aim to describe the information sharing processes, examining functional challenges from social and cultural perspectives. This involves identifying both the incentives for and barriers to sharing.
A significant portion of academic research has been dedicated to examining the structure of information, with a particular emphasis on the tools employed for this purpose. Much of this research is specialized, focusing on areas like competitive analysis construction or the structuring of data exchanges.
In our bibliography, we have specifically included papers related to the MISP platform. This focus will facilitate our engagement with and interviews of groups actively involved in information sharing, leveraging insights from those who use MISP in their operations.
A series of interviews are conducted with various sharing communities. We aim to compare the actual usage of the platform, as observed by us, with the users' perspectives as shared in the interviews.
Our research aims to detail the social practices that facilitate information sharing. The focus is on uncovering and testing social models to better understand specific dynamics in this area. Key areas of exploration will include:
- Differentiating between organizations that primarily produce information and those that disseminate it [^1], acknowledging that producers and sharers may be distinct entities.
- Describing the contextual factors surrounding the creation and dissemination of information.
- Analyzing the dynamics of information sharing within communities.
- Investigating factors that could enhance the effectiveness of sharing practices.
These insights are expected to contribute to the development of more sophisticated detection mechanisms within organizations.
- Beuving, J. and De Vries, G., 2015. Doing qualitative research: The craft of naturalistic inquiry. Amsterdam University Press.
- Charmaz, K. and Belgrave, L.L., 2007. Grounded theory. The Blackwell encyclopedia of sociology.
- Corballis, M.C., 2014. The recursive mind: The origins of human language, thought, and civilization-updated edition. Princeton University Press.
- Corbin, J. and Strauss, A., 2014. Basics of qualitative research: Techniques and procedures for developing grounded theory. Sage publications.
- Corsín Jiménez, A., 2011. Trust in anthropology. Anthropological Theory, 11(2), pp. 177-196.
- Edgar, T.W. and Manz, D.O., 2017. Research methods for cyber security. Syngress. pp. 96-105.
- Glaser, B.G. and Strauss, A.L., 2017. Discovery of grounded theory: Strategies for qualitative research. Routledge.
- Goldenberg, I. and Dean, W.H., 2017. Enablers and barriers to information sharing in military and security operations: lessons learned. In Information Sharing in Military Operations (pp. 251-267). Springer, Cham.
- Goldenberg, I., Soeters, J. and Dean, W.H. eds., 2017. Information sharing in military operations. Springer International Publishing.
- Hernandez-Ardieta, J.L., Tapiador, J.E. and Suarez-Tangil, G., 2013, June. Information sharing models for cooperative cyber defence. In 2013 5th International Conference on Cyber Conflict (CYCON 2013) (pp. 1-28). IEEE.
- Heuer, R.J., 1999. Psychology of intelligence analysis. Center for the Study of Intelligence.
- Hunger, I. and Müller, J., 2016. Barney G. Glaser/Anselm L. Strauss: The Discovery of Grounded Theory. Strategies for Qualitative Research, Aldine Publishing Company: Chicago 1967, 271 S.(dt. Grounded Theory. Strategien qualitativer Forschung, Bern: Huber 1998, 270 S.). In Klassiker der Sozialwissenschaften (pp. 259-262). Springer VS, Wiesbaden.
- Jiménez, A.C., 2017. The anthropology of organisations. Routledge.
- Johnston, R., 2005. Analytic culture in the US intelligence community: An ethnographic study (No. 14). Central Intelligence Agency.
- Mermoud, A., Keupp, M.M., Huguenin, K., Palmié, M. and Percia David, D., 2019. To share or not to share: a behavioral perspective on human participation in security information sharing. Journal of Cybersecurity, 5(1), p.tyz006.
- Moore, D.T., 2010. Critical thinking and intelligence analysis (No. 14). Government Printing Office.
- Murdoch, S. and Leaver, N., 2015, October. Anonymity vs. trust in cyber-security collaboration. In Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security (pp. 27-29).
- Price, D.H., 2008. Anthropological intelligence: the deployment and neglect of American anthropology in the Second World War. Duke University Press.
- Skopik, F., Settanni, G. and Fiedler, R., 2016. A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Computers & Security, 60, pp.154-176.
- Soeters, J., 2017. Information sharing in military and security operations. In Information sharing in military operations (pp. 1-15). Springer, Cham.
- Strauss, A. and Corbin, J., 1998. Basics of qualitative research techniques. Thousand Oaks, CA: Sage publications.
- Sutton, R.I. and Staw, B.M., 1995. What theory is not. Administrative science quarterly, pp.371-384.
- T. Sander and J. Hailpern. Ux aspects of threat information sharing platforms: An examination and lessons learned using personas. In Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, WISCS '15, pages 51--59, New York, NY, USA, 2015. ACM.
- Van den Heuvel, G., 2017. Information sharing in military organizations: a sociomaterial perspective. In Information Sharing in Military Operations (pp. 165-182). Springer, Cham.
- Wagner, C., Dulaunoy, A., Wagener, G. and Iklody, A., 2016, October. Misp: The design and implementation of a collaborative threat intelligence sharing platform. In Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security (pp. 49-56).
- Zibak, A. and Simpson, A., 2019, August. Cyber threat information sharing: Perceived benefits and barriers. In Proceedings of the 14th International Conference on Availability, Reliability and Security (pp. 1-9).
Cyber security information is extremely sensitive and confidential. This introduces an information-sharing trade-off, between the benefits of improved threat-response capabilities and the drawbacks of disclosing national-security-related information to foreign agencies or institutions. The purpose of this project is to resolve the aforementioned trade-off by enabling secure collaborations with valuable sensitive data that is not normally shared. Each institution keeps full control over their data records, that never leave their security perimeter, whereas computations are protected by efficient and highly-scalable multiparty-homomorphic-encryption techniques. This will expand the range of available intelligence, thus leading to new and better threat analyses and predictions.
