DARPA CINDER program: leak detection


DARPA has an ongoing Cyber Insider Threat or CINDER program to detect insider threats to computer systems. It is under DARPA’s Strategic Technology Office (STO). The project was timed to begin around 2010/2011. In comparison with traditional computer security, CINDER assumes that malicious insiders already have access to the internal network; thus it attempts to detect a threat’s “mission” through analysis of behavior rather than seeking to keep a threat out. The government documentation uses an analogy of the “tell” idea from the card game of poker.

According to Ackerman in Wired, the impetus for the program came after Wikileaks disclosures such as the Afghan War documents leak. Robert Gates’ philosophy of information in the military was to emphasize the access for frontline soldiers. In the face of mass-leaking, the CINDER type of response allows the military to continue that philosophy, rather than simply cutting off access to information en masse.   The project is managed by Peiter Zatko, a former member of the L0pht and cDc.

From Wikipedia.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s