The recent publicity with the leaking of classified military information by unknown people inside the Defense Department has rattled its nerves, and it is looking into all possible ways in which future leaks may be prevented. The DoD’s CINDER or Cyber INsiDER Threat project hopes to do just that.
To quote DARPA’s request for industry solicitations: “The goal of CINDER will be to greatly increase the accuracy, rate and speed with which insider threats are detected and impede the ability of adversaries to operate undetected within government and military interest networks.”
The philosophy driving CINDER is the idea that singular actions by an insider with malicious intent aren’t noticeable as malicious – say, the downloading of a sensitive document from a DoD server or the searching for information on a particular topic. But the larger adversary mission should be noticeable when compared to normal mission activities. By monitoring strings of actions rather than isolated events, CINDER is expected to pinpoint system users who may be up to something malicious.
CINDER assumes that insiders are operating within the Pentagon’s most sensitive networks, so rather than focus on keeping outside threats out, it will be designed to weed out those already inside. As Danger Room points out, it seems like a recipe for false positives, but DARPA seems to think a properly-designed CINDER will be able to distinguish between normal and malicious mission contexts.
We’ll see. In the meantime, while DARPA works CINDER into serviceable shape, the DoD is expected to roll out a new cyber strategy by year’s end to hopefully curtail the kinds of massive leaks and cyber breaches that have been the embarrassment of the Pentagon lately.
Source: Popular Science.