Cyber Security and Emerging Threats Eimi Harris

INFOCAT: Improving Cybersecurity Through Information Foraging

When Edward Snowden leaked files on the NSA’s surveillance programs in 2013, the public reacted negatively to the act of the government collecting domestic and foreign data on a non-discriminatory basis through programs like PRISM and the Upstream collection. However, the US was not the only country collecting data. The UK was also doing so through TEMPORA, and Canada’s Communications Security Establishment (CSE) has been engaged in its own digital surveillance through Levitation and EONBLUE.

Beyond the initial shock of learning that those programs exist, there is still the question of how to really utilize those programs. While these programs seem intimidating for the sheer amount of information they collect, it is important to remember the sheer amount of information they collect. For the millions of files collected to be of use to national intelligence agencies for the purpose of identifying national security threats, one has to be able to sort through the “information overload.”

Defence Research and Development Canada (DRDC) is now trying to identify ways to improve how intelligence analysts search through data and select the information that is relevant to their missions. The DRDC has started by analyzing how analysts currently think using the Information Foraging Cognitive Analysis Tool (INFOCAT), an “experimental platform for studying information foraging of intelligence analysts.”

David Bryant, the cognitive scientist running INFOCAT, described ‘information foraging’ to VICE Motherboard by offering a comparison to how animals forage: “Animals ask themselves: While I’m foraging in this bush, how long should I stay there?…Should I stay there and completely exhaust the food? That’s not a very good strategy.” Like animals foraging, analysts have to make a number of decisions about how they analyze information in short periods of time. These analysts must find a balance of thoroughness and efficiency while looking for needles in one of a million haystacks.

While INFOCAT is largely meant to map how analysts currently think, its results can have immense implications for surveillance practices. Once DRDC has an idea of how analysts engage with the mountain of data they are given, it becomes a matter of identifying how to make cognitive practices more efficient and training analysts to engage in them.

At the same time, the impact will go beyond just a practical element; INFOCAT’s results will enable us to create a regimen that formulates the human organization and processing of mass amounts of information. From a theoretical standpoint, systemizing the data collected from communications technology is an incredibly important endeavour for how we see information and engage in it as both a human tool and independent entity.

From a national security standpoint, making intelligence analysts more efficient at “information foraging” will affect cybersecurity. Between cyber-diplomacy and cyber-attacks, finding the target or traces of a target’s activity within data is essential. Under current practices, it takes too long for intelligence analysts to identify malware harming national security. When intelligence analysts went looking for Chinese hackers attacking US data and computer structures, intelligence bodies were only able to identify the attacker and access the source code for Chinese malware after “wading through uninteresting data.”

As analysts become better at locating key bits of information, the ability to manipulate data and connections between software and creator will only become more finessed. Detection and location will no longer be just a matter of brute force; there will be a systemic practice leading to faster reactions. Something that is very important to accept about cyberspace is this: as fast as everything is moving, we are still in very primitive stages of understanding and conceptualizing data and informational space. As we get more familiar/organized/manipulative, our ability to engage in defence will increase, but so will the ability to attack.

On the issue of privacy, some may argue that making analysts more efficient at targeting information within mass collections will enable analysts with ulterior motives to invade the privacy of certain individuals. It is true that this is a trade-off of making analysts better at detecting real threats, but this could be viewed from an alternate perspective: if analysts become better targeted in their searches, they may be less likely to stumble on the personal information that should remain private.

This is not to say that mass surveillance is appropriate as a whole, but with INFOCAT there are some national security benefits that can be taken into consideration and should be utilized. With INFOCAT, my hope is that by better targeting the information needed to protect national security, fewer breaches of privacy will occur within the information already collected.

Photo courtesy of United States Navy (Wikipedia).

Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.

Eimi Harris
Eimi Harris is a student working towards her undergraduate degree in International Relations and Economics at the University of Toronto. Her main focus in international affairs is cybersecurity, particularly diplomatic relations and normative development in the cybersphere. On the side, she enjoys watching films and is also working towards her Cinema Studies degree.