The Defense Advanced Research Projects Agency (DARPA) Information Innovation Office (I2O) is sponsoring a Proposers Day to provide information to potential proposers on the objectives of the anticipated Cyber Agents for Security Testing and Learning Environments (CASTLE) Broad Agency Announcement (BAA). The CASTLE program seeks to develop an AI-toolkit to instantiate realistic network environments and train cyber agents to enable resilient network operations against advanced persistent threats (APT). CASTLE will formulate network hardening as a reinforcement learning (RL) problem and train defensive agents in open, evolving, and adversarial environments that mimic actual networks. Environments will execute agents inside instrumented subnets that are deployed to live networks and will simulate defensive actions that counter APT tools. Agent execution will produce calibrated datasets for progressively improving simulations. If released, the BAA will be posted on the System for Award Management (SAM) website at https://sam.gov/. This Proposers Day will be held at the unclassified level. There is no fee to attend. This meeting is not open to the general public or members of the media.

The CASTLE program aims to formulate network hardening as a reinforcement learning (RL) problem and teach RL agents to ‘operate through’ the post-breach behavior of widely available penetration testing tools. Over progressive rounds of attack and defense, agents will explore defensive actions to proactively stop on-going attacks while maintaining operationally relevant workflows. CASTLE workflows may encompass critical assets and essential services performed by networks.

The CASTLE program seeks to generate realistic environments that mimic actual networks. In these environments, agents will train to counter APT tools by learning automated defensive actions such as dataprotection policies, firewall rules, and device re-configurations. To support open and evolving training, environments and agents must allow progressive updates such as adding common vulnerabilities and exposures, ports, protocols, and services. Over the course of the program, CASTLE seeks to model networks at greater scale and fidelity and develop agents with more sophisticated defensive actions.

To improve simulations, CASTLE aims to instantiate environments as deployable subnets inside live networks, such that subnets are instrumented to record network and device events. Top performing simulated agents must be able to be instantiated inside subsets as well. Furthermore, the CASTLE program seeks to capture the side-effects of agent actions being executed inside the live network to inform future rounds of agent training. The CASTLE program views agent execution in instrumented subnets as a risk reduction measure intended to ensure simulations do not deviate from reality.

As an important benefit, instantiated environments and captured agent execution enable generation of labeled and continuously updated datasets. CASTLE aims to promote open, rigorous evaluations of defensive approaches by publicly releasing toolkit-generated datasets. Moreover, CASTLE aims for toolkit datasets to serve as standard benchmarks for rigorous measurement of cyber security performance beyond the program. Thus, proposers are encouraged to discuss concepts for publishing datasets to include labeling tool behavior, curating community-driven results, and making datasets amenable to open source machine learning libraries.

Since networks can differ greatly, the CASTLE program seeks research leading to open source standards and software for hardening networks. Indeed, the open source approach is expected to produce technology that is repeatable, portable, and shareable. Moreover, abstracting network hardening enables better collaboration between data scientists, machine learning researchers, and cybersecurity experts. Altogether, CASTLE aims to promote the adoption of a community-developed project that can contribute to collective network defense.

