Diversity is an important part of every workplace. In a western, liberal, and business context, few would argue otherwise. This blog explores the specific need for diversity in the processes of analysis that are a crucial part of cyber threat intelligence.
”Optimal results come from alternating between individual thinking and team effort, using group interaction to generate ideas that supplement individual thought. A diverse group is clearly preferable to a homogeneous one. Some groups participants should be analysts who are not close to the problem, inasmuch as their ideas are more likely to reflect different insights.”Heuer, Richards J. Psychology of Intelligence Analysis, 1999.
In this, Heuer alludes to the notion that analytical progress is driven by a dialectic. The basic concept is simple: Person A puts forward an idea (‘Thesis’), Person B notes all that is wrong with that idea (‘Antithesis’), and then both Person A and B argue to a commonly held position that fuses the most coherent elements of both arguments (Synthesis). However, Heuer also acknowledges that for this ‘synthesis’ or analytical output to be of value, it must not perpetuate underlying assumptions or bias.
In analytical fields, there exist similar concepts and variations on this theme. Red Teaming, for instance, requires analysts to simulate outcomes in a competitive environment by adopting the outlook and modus operandi of the opposing force. Similarly, Steel Manning involves analysts making convincing arguments in opposition to their own in order to better understand the opposing argument’s strengths and weaknesses.
If two analysists from identical backgrounds attempt to engage in a dialogue, both may be prone to agree with each other and fail to challenge each other’s arguments. Red Team members need to challenge the cultural assumptions on which the ‘Blue Team’ is basing its strategy – an incredibly difficult task if the Red Team is a homogeneous mass with little experience working in other environments or with different cultures. There is also the psychological phenomenon of ‘Groupthink’, where a group of analysts make an assessment without critical reasoning out of a desire to not ‘rock the boat’. Any group of analysts- no matter how diverse – can end up victims of Groupthink as group dynamics and hierarchies also come into play. Nevertheless, the more diverse the team of analysts, the more willing others may be to listen to alternate or dissenting viewpoints, and the less Groupthink is a problem.
Diversity in CTI analysis
For Cyber Threat Intelligence (CTI) analysis, diversity in background, experience, and occupation (to name a few factors) prove valuable not only during the analytical process, but also during various stages of the Intelligence Cycle (Figure 1).
During the Collection process, for instance, diversity in experience and occupation can increase the quality of the team’s research by allowing it to consider previously overlooked questions (in the case of interviews), while language and cultural diversity can yield the cultivation of new sources.
A varying set of perspectives can also benefit the Processing stage, by which raw data is transformed into usable formats. Though this stage is often automated, having a diverse team of analysts reduces the likelihood of misvaluing data and ensures accurate confidence scoring of intelligence sources (as is done using the 5x5x5 model) .
As discussed in the previous section, diversity within the Analysis and Production phase sees that debate is encouraged and that assumptions do not go unchallenged. This can involve identifying cases of mirror-imaging, in which analysts may inadvertently fill in knowledge gaps with their own understanding, or recognising alternate models or frameworks in which to present findings.
These are but a few reasons diversity in analytical teams is not only important, but essential, for the output of high quality intelligence products and services.
The author is a researcher on Orpheus’ Analysis team