The Defense Digital Service’s automated investigations tool turns to the dark side of insider threat hunting and gets rebranded to match.
An automated background investigations prototype developed by the Defense Digital Service is being retooled to focus instead on identifying insider threats, including a rebranding from the System for Automated Background Evaluation and Review, or SABER, to the System for Insider Threat Hindrance, or SITH.
The agency had been developing a tool to automate the preliminary information gathering involved in background investigations as part of the wider Trusted Workforce 2.0 program. The new security clearance process includes automating the initial review and replacing the five- to 10-year reinvestigation process with continuous vetting.
DDS—known as much for its Star Wars-themed naming conventions as its tech development—began work on SABER in 2019 to develop an automated system that “collects a subject’s information, executes a background investigation—with automated and manual parts—and records an adjudication decision,” according to a statement of objectives. The work was done using the agency’s other transaction authority, which allowed it to develop a prototype through a competitive, iterative funding method outside the traditional procurement process.
“Since then, DDS has been working with leadership on the best use for the prototype,” ultimately deciding to change tack and “continue the development of SABER to focus on insider threats,” according to a new document posted to SAM.gov.
The SABER tool was initially integrated with the Electronic Questionnaires for Investigations Processing, or eQuip, system used by investigators and adjudicators. The tool pulls information from the eQuip database combined with relevant data from other government and public systems to “provide an adjudicator with a workflow for approving or declining clearances,” the document states.
The new system will use much of the same underlying tech. But with the new focus comes a new name.
“The System for Insider Threat Hindrance, SITH, will leverage the same data sets and similar workflows and much of the SABER code to automate insider threat reporting and investigation,” the notice states.
The newly rebranded effort includes an uncompeted follow-on production contract for TrussWorks, with a one-year base period and one-year add-on option totaling $14.8 million.
The contract is for continued agile software development services, including software engineering, data engineering, product management, cloud engineering, human centered design and research, technical support and regular reviews.
TrussWorks will also be expected to manage a bug bounty program once the initial minimally viable product is finished, expected within the first nine to 12 months.