Team building tools to help sniff out spies

A team of companies led by a Lockheed Martin Corp. subsidiary is building a tool to help the intelligence community keep tabs on the spooks behind its firewalls.

The Voltaire system will integrate existing technology to identify suspicious activity by insiders with legitimate access to sensitive information. The National Security Agency's Advanced Research and Development Activity is funding development.

The prime contractor for the project is Lockheed Martin Orincon of San Diego. Subcontractors include Authentica Inc. of Waltham, Mass., and Autonomy Corp. of San Francisco.

"They are not going to be developing new technology," said Victor DeMarines, Authentica's director of product management. "It's all in the integration. Nobody has done this before."

Voltaire is intended to make it easier for agencies to share sensitive and classified information by providing a tool to enforce access policy and prevent misuse.

ARDA is a high-tech incubator that funds high-risk, high-payoff research and development programs for the intelligence community. Voltaire is part of a broader ARDA information assurance program to develop proof-of-concept technologies. Total funding for the first phase of the program, running for 18 months in 2003 and 2004, is $11 million. An additional $5 million is available to fund 12 months of second-phase R&D in 2005. Funding for individual projects is expected to be from $750,000 to more than $1 million.

The goal of Voltaire is to detect and stop the kind of activity that FBI turncoat Robert Hanssen got away with for years. Hanssen gathered and sold information about FBI counterintelligence activities by browsing through computer files to which he had access. Although he had no legitimate need to see much of the information, investigators found he was able to access it over a period of years without raising any flags.

Voltaire will be built on Lockheed Martin Orincon's DAIWatch information security infrastructure, which uses mobile agents to collect information on network activity. PageRecall from Authentica tracks activity and enforces access control policy on documents, down to the page level. Autonomy's Intelligent Data Operating Layer Server will provide semantic document interpretation to recognize the context and significance of documents being accessed.

A demonstration version of Voltaire is expected to be ready for testing by summer. Feedback from intelligence agencies will then be implemented into a final product.

The companies are considering commercializing the finished product, DeMarines said.

"The target for this is the intelligence community," he said. "It is focused on the problems they face. But it would be of value to any organization that is worried about its sensitive information."

William Jackson writes for Government Computer News magazine.