Our old friends at DARPA - the US military research bureau - have broached another intriguing and mildy upsetting scheme this week. This time the Pentagon boffins want nothing less than some kind of automated witch-finder technology able to finger "increasingly sophisticated malicious insider behavior" in the USA.
According to the US National Counterintelligence Strategy, “Trusted insiders ... are targeting the US information infrastructure for exploitation, disruption, and potential destruction”.
DARPA aren't having any of that, hence their new and sinisterly named Suspected Malicious Insider Threat Elimination (SMITE) project. The warboffins state:
We define insider threat as malevolent (or possibly inadvertent) actions by an already trusted person with access to sensitive information and information systems and sources.[Full Article]
Darpa Wants Code To Spot 'Anamolous Behaviour' On The Job
Can software catch a cyberspy’s tricky intentions, before he’s started to help the other side? The way-out researchers at Darpa think so. They’re planning a new program, “Suspected Malicious Insider Threat Elimination” or SMITE, that’s supposed to “dynamically forecast” when a mole is about to strike. Also, the code is meant to flag “inadvertent” disclosures “by an already trusted person with access to sensitive information.”
“Looking for clues” that suggest a turncoat or accidental leaker is about to spill (.pdf) “could potentially be easier than recognizing explicit attacks,” Darpa notes in a request for information. But even that simpler search won’t be easy. “Many attacks are combinations of directly observable and inferred events.” Which is why SMITE’s program managers are interested in techniques to figure out “the likely intent of inferred actions, and suggestions about what [that] evidence might mean.” That goes for “behaviors both malicious and non-malicious.”
Step one in starting that process: Build a ginormous database to store all kinds of information on would-be threats. “The next step is to determine whether an individual or group of individuals is exhibiting anomalous behavior that is also malicious.” That’s a toughie — something anomalous in one context might be perfectly normal in another. One possible solution, the SMITE paper adds, could be detecting “deceptive” activities, which are a sign of cyberspying. Or cheating on your taxes. Or carrying on an office affair. Or playing World of Warcraft on the job. Depending on the situation...