Pentagon targets "insider" cyber threats

Posted by Trent Nouveau

The Defense Advanced Research Projects Agency (DARPA) and Raytheon have teamed up to develop an insider threat research program.

Dubbed ADAMS - or the Anomaly Detection at Multiple Scales - the program will ultimately be capable of identifying and analyzing anomalies within large data sets.



"In order to build algorithms to better detect anomalous behaviors, the ADAMS project will use data collected by Raytheon's endpoint audit and investigation [platform] known as SureView," explained Raytheon VP Steve Hawkins.

"The specific goal of ADAMS researchers is to detect anomalous behaviors shortly after a trusted insider 'turns' and begins committing malicious acts."

According to Hawkins, unlike previous insider threat research programs that were limited in size and scope, ADAMS will have access to massive data sets from large computer end-user populations observed in live, operational environments.

Indeed, DARPA has stated that it wants the technology developed by ADAMS researchers to bolster the capabilities of existing sensor suites currently employed by cyber security analysts and operators.

"This project will provide unprecedented understanding of the insider threat at a time when the U.S. government is mandating that agencies implement automated insider threat detection capabilities to protect their classified information systems," said Hawkins. 



The Pentagon's current focus on detecting insider threats is hardly shocking, as the DoD attempts to formulate (and enforce) a coherent cyber policy to prevent embarrassing data spills - such as the one allegedly perpetrated by Bradley Manning  in 2010 which resulted in approximately three million classified documents hitting the 'Net courtesy of WikiLeaks.

Obviously, the DoD is also keen on preventing the deployment and spread of malware on both classified and more "open" networks.