Friday, August 27, 2010

DARPA Project CINDER Targets Insider Threats

Via Threatpost.com -

The U.S. military is looking for new ways to identify malicious insiders and stop them from operating from within government and military networks, which it assumes have already been compromised.

The Defense Advanced Research Projects Agency (DARPA)this week issued a call for proposals for a new Cyber Insider Threat (CINDER) Program. The goal of the program is to "greatly increase the accuracy, rate and speed with which insider threats are detected."

While incidents of cyber espionage, such as Titan Rain and the so-called Aurora attacks from late 2009 are common, so are compromises due to rogue insiders with legitimate access to sensitive information.

Leaks of classified documents to the Website Wikileaks, allegedly by service member Bradley Manning, are just the most high-profile and recent example of the dangers posed by rogue or malicious insiders. Earlier this month, a federal grand jury convicteda former B-2 bomber engineer with selling cruise missile designs to China. The engineer, Noshir Goadia, its alleged, used the money to help pay the mortgage on an elaborate home he built in Maui, Hawaii.

DARPA's CINDER program seeks to spot bad actors such as Goadia who "operate from within our networks and easily evade existing security measures."

In what might be considered a frank assessment of the state of current security within military and government networks, the CINDER program starts with the premise that "most systems and networks have already been compromised by various types and classes of adversaries," and that "these adversaries are already engaged in what appear to be legitimate activities, while actually supporting adversary missions."

In its initial phase, CINDER will seek to identify the kinds of "adversary missions and observables" at work on government and military networks and the techniques advesaries are using. In Phase II, that information will be used to create a system that can identify mulitiple missions that might be ongoing. In Phase III, that system will be deployed in a way that scales to meet the government's needs.

No comments:

Post a Comment