DARPA has an ongoing Cyber Insider Threat or CINDER program to detect insider threats to computer systems. It is under DARPA’s Strategic Technology Office (STO). The project was timed to begin around 2010/2011. In comparison with traditional computer security, CINDER assumes that malicious insiders already have access to the internal network; thus it attempts to detect a threat’s “mission” through analysis of behavior rather than seeking to keep a threat out. The government documentation uses an analogy of the “tell” idea from the card game of poker.
According to Ackerman in Wired, the impetus for the program came after Wikileaks disclosures such as the Afghan War documents leak. Robert Gates’ philosophy of information in the military was to emphasize the access for frontline soldiers. In the face of mass-leaking, the CINDER type of response allows the military to continue that philosophy, rather than simply cutting off access to information en masse. The project is managed by Peiter Zatko, a former member of the L0pht and cDc.