

Tom Cruise made "pre-crime'" a futuresque and controversial method of law enforcement in the 2002 movie Minority Report.

Ten years later, the idea of preemptively identifying a criminal — particularly an inside threat — is taking shape within the U.S. Defense Department, reports Joe Gould at Army Times.

Whether it's a low-ranking soldier intent on dumping secret information to WikiLeaks, or a rogue Sergeant going on a shooting rampage, insider threats can seriously plague the military and the government as a whole.

Taking a novel approach, the Pentagon is spearheading research into studying the predictive behavior of personnel in the lead-up to a betrayal.

From Army Times:

The Army’s efforts dovetail with a broader federal government initiative. President Obama signed an executive order last October that established an Insider Threat Task Force to develop a government wide program to deter, detect and mitigate insider threats.

Among other responsibilities, it would create policies for safeguarding classified information and networks, and for auditing and monitoring users.

In January, the White House’s Office of Management and Budget issued a memo directing government agencies that deal with classified information to ensure they adhere to security rules enacted after the WikiLeaks debacle.

Beyond technical solutions, the document asks agencies to create their own “insider threat program” to monitor employees for “behavioral changes” suggesting they might leak sensitive information.

Gould points to a DARPA research solicitation for Suspected Malicious Insider Threat Elimination (SMITE) which would track employees' actions on their networked computers — in particular, seemingly insignificant "observational data of no immediate relevance" — to determine if the user's overall behavior is leading to something malicious.

"Forensic-like techniques can be used to find clues, gather and evaluate evidence and combine

them deductively. Many attacks are combinations of directly observable and inferred events," states the solicitation, emphasizing the word "inferred".

Behavioral studies try to "look beyond computers to spot the point when a good soldier turns" — whether the attack at hand is an information leak, or even a homicide.

A solicitation for another program — Anomaly Detection at Multiple Scales, or ADAMS — uses accused Fort Hood shooter Maj. Nidal Hasan to frame the problem. It asks how to sift for anomalies through millions of data points — the emails and text messages on Fort Hood, for instance — using a unique algorithm, to rank threats and learn based on user feedback.

The Software Engineering Institute of Carnegie Mellon sheds light on what kind of character profile a once trusted employee-turned-threat would display. There are two noteworthy profiles of someone who would steal and leak intellectual information from his/her workplace:

The Entitled Independent: "disgruntled with his job who typically exfiltrates his work a month before leaving."

The Ambitious Leader: "steals information on entire systems and product lines, sometimes to take to a foreign country, such as China."

All of the government's ongoing research and exploration into "computer forensics" will culminate in new standards of defense against internal attacks later this year. The Insider Threat Task Force is expected to be unveiled in October.