DARPA Leads Project to Stop ‘Cyber Insider Threat’

By Joshua Philipp
Joshua Philipp
Joshua Philipp
Joshua Philipp is an award-winning investigative reporter with The Epoch Times and host of EpochTV's "Crossroads" program. He is a recognized expert on unrestricted warfare, asymmetrical hybrid warfare, subversion, and historical perspectives on today’s issues. His 10-plus years of research and investigations on the Chinese Communist Party, subversion, and related topics give him unique insight into the global threat and political landscape.
September 6, 2010 Updated: October 1, 2015

SECURITY BREACH: The homepage of the WikiLeaks.org website is seen on a computer after leaked classified military documents were posted.  (Illustration by Joe Raedle/Getty Images)
SECURITY BREACH: The homepage of the WikiLeaks.org website is seen on a computer after leaked classified military documents were posted. (Illustration by Joe Raedle/Getty Images)
A new military project aims to root out the Cyber Insider Threat from government and military computer networks. The CINDER Program comes just months after Army intelligence analyst Bradley Manning leaked tens of thousands of classified military documents to whistleblower website WikiLeaks.

Following the release of 76,908 classified documents by WikiLeaks, on July 29, Secretary of Defense Robert Gates said “the battlefield consequences of the release of these documents are potentially severe and dangerous for our troops, our allies, and Afghan partners, and may well damage our relationships and reputation in that key part of the world.”

The incident raised concern of military personnel having open access to classified information. Gates said, “As a general proposition, we endeavor to push access to sensitive battlefield information down to where it is most useful—on the front lines—where as a practical matter there are fewer restrictions and controls than at rear headquarters.

He added, “In the wake of this incident, it will be a real challenge to strike the right balance between security and providing our frontline troops the information they need.”

The CINDER Program is still in its beginning stages and is being led by DARPA, the research and development office for the U.S. Department of Defense (DoD).

International press freedom organization Reporters Without Borders expressed its concern that Wikileaks endangered the openness of the Internet by posting its massive collection of secret U.S. documents.

The July 25 RFS letter to Wikileaks founder Julian Assange states that posting the documents, which contained information on Afghan informants, placed many people’s lives at risk.

It adds, “Such imprudence endangers your own sources and, beyond that, the future of the Internet as an information medium.”

The CINDER Program is among the first government programs to eliminate the insider threat, following the Wikileaks post. The threat to the private Internet is minimal, however, as it’s focus is on government and military networks.

According to a DARPA report on CINDER, it aims to detect insider threat activity within government and military interest systems and networks.

The main concern with insiders is that they “operate from within our networks; and easily evade existing security measures. Insiders do not attack—instead they use legitimate accesses in support of their operations,” said the report.

“The goal of CINDER will be to greatly increase the accuracy, rate, and speed with which insider threats are detected and impede the ability of adversaries to operate undetected within government and military interest network,” it says.

DARPA is currently hiring for the program, and is looking for individuals to solicit “novel approaches to insider threat detection that greatly increase the accuracy, rate, and speed of detection, and that impede the ability of adversaries to operate within government and military interest networks,” says a DARPA job posting on the federal business opportunities website.

According to the CINDER Program report, the program “starts with the premise that most systems and networks have already been compromised by various types and classes of adversaries. These adversaries are already engaged in what appears to be legitimate activities, while actually supporting adversary missions. Thus, this program does not focus on intrusion prevention but instead seeks to identify ongoing missions at various points in their lifecycles with extremely high confidence and without false alarms.”

Joshua Philipp is an award-winning investigative reporter with The Epoch Times and host of EpochTV's "Crossroads" program. He is a recognized expert on unrestricted warfare, asymmetrical hybrid warfare, subversion, and historical perspectives on today’s issues. His 10-plus years of research and investigations on the Chinese Communist Party, subversion, and related topics give him unique insight into the global threat and political landscape.