# Project (1) Pauline Bourmeau - The Social Perspective in the Intelligence Activity among Information Sharing Communities - CNAM Paris (Supervisor Philippe Baumard).
Intelligence activity is a common practice shared among different fields. The practice of intelligence evolved to adapt to the evolution of human societies. The transition from analog to digital introduced changes in social practices and communications.
Transmission of information is a key element to intelligence activity, as such a subject of studies in anthropology and social sciences. The subject scope is to analyse the social activities among sharing communities, in order to understand and describe the practices of information exchange.
Information sharing has become a key in our societies effectiveness, as in facing information warfare.
Many studies and researches in the field of information security and intelligence focused mainly (cf. state-of-the-art) on the practical, the standardisation, the usage perspective and the technical aspects of information sharing, without an analysis of its social or cultural aspects.
Information sharing plays a key role in law enforcement investigations and especially to track and take-down criminal activities. Efficient information exchange ensure resolution and prosecution in a timely fashion. Information strongly relies on the existence of sharing communities among law enforcement and intelligence.
We lack some opportunities to make successful sharing among the community of research. In order to tackle this issue, we must first understand how information sharing happen.
An extensive review has been performed in the field of information sharing. A significant number of academic papers focused on the structure of information and especially the tools used. A majority of the researches focus on a niche in intelligence, such as building competitive analysis or structuring data exchange.
In the bibliography, we reviewed papers which are related to the main information sharing platform MISP, which will allow us to meet and interview groups who are actively performing information sharing.
We assume that we can observe replicates of social practices from real to digital environment, and a specific set of practices on sharing platforms such as MISP ("people need to make sense out of it").
A serie of interviews will be conducted among sharing communities. We are interested in the comparison between usages of the platform that we observe, in one hand, and what people can tell us about it, in the other hand.
We assume that both technical observations, as statistics from the platform, and qualitative observations from the interviews can reveal “abnormal” behaviors from participants.
As a starting point, a list of reasons are included below in the section "Example list".
We narrow our questioning about the following points:
- Common assumed (survey) reasons why organisations are not sharing
- Common reasons why organisations are sharing
In order to integrate as much data as possible and to avoid pre-interview categorization, we will perform free interviews.
In this case, the observer is a participant : an interview is a conversation between two “analysts”. The participant and the researcher agree on the meaning of words, they use during the conversation. The idea is to note these keywords definitions and update their meaning during the research.
Keywords here can illustrate or reflect social practices among the community, and help in creating a first set of variables. Those initial “variables” can be used to discover reasons (explanations of behaviors) or new parameters (unknown reasons) which can emerge after additional interviews, and can be used as a first set of constants for further analysis.
- Collecting structured information from sharing platforms (e.g. MISP data to refine or use existing)
- Interviews (unstructured or semi-structured model) [^2]
Structured information from sharing platforms such as the type of information shared, the activity per organisations or the contextualisation applied.
Partially structured information from the interviews. Different data analysis will be applied especially to cross-check data from sharing platforms and the unstructured data collected from interviews.
- Beuving, J. and De Vries, G., 2015. Doing qualitative research: The craft of naturalistic inquiry. Amsterdam University Press.
- Charmaz, K. and Belgrave, L.L., 2007. Grounded theory. The Blackwell encyclopedia of sociology.
- Corballis, M.C., 2014. The recursive mind: The origins of human language, thought, and civilization-updated edition. Princeton University Press.
- Corbin, J. and Strauss, A., 2014. Basics of qualitative research: Techniques and procedures for developing grounded theory. Sage publications.
- Corsín Jiménez, A., 2011. Trust in anthropology. Anthropological Theory, 11(2), pp. 177-196.
- Edgar, T.W. and Manz, D.O., 2017. Research methods for cyber security. Syngress. pp. 96-105.
- Glaser, B.G. and Strauss, A.L., 2017. Discovery of grounded theory: Strategies for qualitative research. Routledge.
- Goldenberg, I. and Dean, W.H., 2017. Enablers and barriers to information sharing in military and security operations: lessons learned. In Information Sharing in Military Operations (pp. 251-267). Springer, Cham.
- Goldenberg, I., Soeters, J. and Dean, W.H. eds., 2017. Information sharing in military operations. Springer International Publishing.
- Hernandez-Ardieta, J.L., Tapiador, J.E. and Suarez-Tangil, G., 2013, June. Information sharing models for cooperative cyber defence. In 2013 5th International Conference on Cyber Conflict (CYCON 2013) (pp. 1-28). IEEE.
- Heuer, R.J., 1999. Psychology of intelligence analysis. Center for the Study of Intelligence.
- Hunger, I. and Müller, J., 2016. Barney G. Glaser/Anselm L. Strauss: The Discovery of Grounded Theory. Strategies for Qualitative Research, Aldine Publishing Company: Chicago 1967, 271 S.(dt. Grounded Theory. Strategien qualitativer Forschung, Bern: Huber 1998, 270 S.). In Klassiker der Sozialwissenschaften (pp. 259-262). Springer VS, Wiesbaden.
- Jiménez, A.C., 2017. The anthropology of organisations. Routledge.
- Johnston, R., 2005. Analytic culture in the US intelligence community: An ethnographic study (No. 14). Central Intelligence Agency.
- Mermoud, A., Keupp, M.M., Huguenin, K., Palmié, M. and Percia David, D., 2019. To share or not to share: a behavioral perspective on human participation in security information sharing. Journal of Cybersecurity, 5(1), p.tyz006.
- Moore, D.T., 2010. Critical thinking and intelligence analysis (No. 14). Government Printing Office.
- Murdoch, S. and Leaver, N., 2015, October. Anonymity vs. trust in cyber-security collaboration. In Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security (pp. 27-29).
- Price, D.H., 2008. Anthropological intelligence: the deployment and neglect of American anthropology in the Second World War. Duke University Press.
- Skopik, F., Settanni, G. and Fiedler, R., 2016. A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Computers & Security, 60, pp.154-176.
- Soeters, J., 2017. Information sharing in military and security operations. In Information sharing in military operations (pp. 1-15). Springer, Cham.
- Strauss, A. and Corbin, J., 1998. Basics of qualitative research techniques. Thousand Oaks, CA: Sage publications.
- Sutton, R.I. and Staw, B.M., 1995. What theory is not. Administrative science quarterly, pp.371-384.
- T. Sander and J. Hailpern. Ux aspects of threat information sharing platforms: An examination and lessons learned using personas. In Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, WISCS '15, pages 51--59, New York, NY, USA, 2015. ACM.
- Van den Heuvel, G., 2017. Information sharing in military organizations: a sociomaterial perspective. In Information Sharing in Military Operations (pp. 165-182). Springer, Cham.
- Wagner, C., Dulaunoy, A., Wagener, G. and Iklody, A., 2016, October. Misp: The design and implementation of a collaborative threat intelligence sharing platform. In Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security (pp. 49-56).
- Zibak, A. and Simpson, A., 2019, August. Cyber threat information sharing: Perceived benefits and barriers. In Proceedings of the 14th International Conference on Availability, Reliability and Security (pp. 1-9).
Cyber security information is extremely sensitive and confidential. This introduces an information-sharing trade-off, between the benefits of improved threat-response capabilities and the drawbacks of disclosing national-security-related information to foreign agencies or institutions. The purpose of this project is to resolve the aforementioned trade-off by enabling secure collaborations with valuable sensitive data that is not normally shared. Each institution keeps full control over their data records, that never leave their security perimeter, whereas computations are protected by efficient and highly-scalable multiparty-homomorphic-encryption techniques. This will expand the range of available intelligence, thus leading to new and better threat analyses and predictions.
