DARPA seeks assistance with insider threats

DARPA has established a new Cyber Insider Threat (CINDER) program that is currently soliciting new methods to detect insider threats affecting government and military networks.

The CINDER program, according to DARPA, is looking for proposals that “greatly increase the accuracy, rate, and speed of detection and that impede the ability of adversaries to operate undetected within government and military interest networks”.

DARPA has set a deadline of Sept. 17 for abstract proposals from the vendor and research community, with final proposals due by Oct. 22. Upcoming Proposers’ Days conferences have been announced for Sept. 2 in San Francisco and Sept. 9 in Arlington, Va., where further information on the CINDER program will be provided, as well as an opportunity to address specific questions from submitters.

The Broad Agency Announcement (BAA) from the DARPA Strategic Technology Office said the CINDER program will use the premise that most, if not all, military and government networks have been compromised by various agents. The program will not focus on intrusion prevention, said DARPA, but rather detecting adversarial missions being carried out by insiders who appear to be conducting “legitimate” business.

The CINDER program “seeks to identify ongoing missions at various points in their lifecycles with extremely high confidence and without false alarms”, as outlined by the DARPA BAA document.

A special notice and more information about the program are also available on the FedBizOpps website, including details on awards and eligibility. DARPA said it expects to award multiple procurement contracts as a result of program submissions.

What’s hot on Infosecurity Magazine?