Six teams of cyberdefenders at Cyber Coalition 2022, the flagship cyberdefense event hosted by North Atlantic Treaty Organization (NATO) in Estonia in November, had a special mission. Their task? Set up computer-based systems and power grids at an imaginary military base and keep them running during a cyberattack. If hackers interfered with system operations or the power went down for more than 10 minutes, critical systems could go offline with grave consequences.
The faux mission hid a few trip wires. None of the teams knew the scenario or networks prior to the experiment, and all the defending teams — operating remotely from various nations — were simultaneously cyberattacking each other. Three of the six teams had access to a novel Autonomous Intelligence Cyberdefense Agent (AICA) prototype developed by the U.S. Department of Energy’s (DOE) Argonne National Laboratory that helped them understand the attacks and the attackers. The other three teams did not.
“We were able to see the network as AICA sees it, including relationships between attack patterns, network traffic and target systems. Agents use this information to build a knowledge graph of the network and that helps them better protect it.” — Benjamin Blakely, cybersecurity research analyst at Argonne
Argonne’s AICA prototype is an advanced, award-winning computer defense software. It uses artificial intelligence to collect data, learn about its environment and advise users on next steps. Argonne recently received funding to further develop its groundbreaking potential through the Commercialization Accelerator Program of U.S Department of Homeland Security’s Science and Technology Directorate.
Benjamin Blakely, a cybersecurity research analyst in Argonne’s Strategic Security Sciences division, led the experiment along with cyberspace experts from NATO’s Allied Command Transformation (ACT), the group that led Cyber Coalition 2022. Blakely and ACT will publish its results in the coming months. Nate Evans, department manager of Argonne’s National and Cyber Security Information Sciences group, will also contribute.
“All the teams were able to keep their grids online, but that wasn’t the only valuable outcome,” said Blakely. “We were able to see the network as AICA sees it, including relationships between attack patterns, network traffic and target systems. Agents use this information to build a knowledge graph of the network and that helps them better protect it.”
Argonne is committed to accelerating development of autonomous defense softwares similar to AICA. They are essential for protecting emerging technologies, such as self-driving vehicles, automated laboratories and other critical infrastructures, that are vulnerable to cyberattack. Cybersecurity agents need tools that improve collaboration between humans and machines and maximize the potential of artificial intelligence to reduce cyber risk.
Argonne has been a key partner in collaborative international efforts to develop such tools since 2017. In addition to its partnership with ACT, the lab participates in NATO Research Task Groups and the Autonomous Intelligent Cyberdefense Agents International Work Group, of which Evans is the lead.
Industry partnerships also play a role. Argonne worked with Amazon Web Services to provide a solid platform upon which to build AICA in advance of the simulated mission. The company has a long history of partnering with Argonne to support domestic cybersecurity competitions for college students through DOE’s CyberForce Program®.
NATO’s Cyber Coalition events, held annually in Estonia, attract as many as 1,000 participants from more than 30 countries. NATO routinely challenges cybersecurity experts with highly realistic, real-time challenges. The goal is to boost the ability by NATO allies and other countries to defend networks and operate together in cyberspace.
Read the full article here
 
			 Live Threat Map
 Live Threat Map