Cyber Insider Threat

Cyber Insider Threat or CINDER is a DARPA program to detect insider threats to computer systems. It is under DARPA's Strategic Technology Office (STO).[1][2] The project was timed to begin around 2010/2011.[3] In comparison with traditional computer security, CINDER assumes that malicious insiders already have access to the internal network; thus it attempts to detect a threat's "mission" through analysis of behavior rather than seeking to keep a threat out. The government documentation uses an analogy of the "tell" idea from the card game of poker.[1]

According to Ackerman in Wired, the impetus for the program came after Wikileaks disclosures such as the Afghan War documents leak. Robert Gates' philosophy of information in the military was to empahsize the access for frontline soldiers. In the face of mass-leaking, the CINDER type of response allows the military to continue that philosophy, rather than simply cutting off access to information en masse. [2] The project is managed by Peiter Zatko, a former member of the L0pht and cDc hacker crews. [2] Many contractors applied to work on the project. HBGary employees, for example, wrote a proposal for a "Paranoia Meter" and rootkit-based solution.[4][5]

See Also

References