An ever-expanding cyber-attack surface, infrequent computer vulnerability scans, and burdensome security procedures create a seemingly lopsided battle when it comes to defending critical computing assets. Couple those factors with costly cybersecurity assessments that often lack actionable feedback, and the odds may appear to favor bad actors.
DARPA intends to change that dynamic through a new program focused on technology that can accelerate cybersecurity assessments with automated, repeatable, and measurable approaches.
The Cyber Agents for Security Testing and Learning Environments (CASTLE) program seeks to improve cyber testing and evaluation by developing a toolkit that instantiates realistic network environments and trains AI agents to defend against advanced persistent cyber threats (APTs). Teams will use a class of machine learning known as reinforcement learning to automate the process of reducing vulnerabilities within a network.
“Attackers often have a better understanding of network vulnerabilities than defenders but it doesn’t have to be that way,” said Tejas Patel, CASTLE program manager in DARPA’s Information Innovation Office. “Reinforcement learning may enable the creation and training of cyber agents that are much more effective than current manual approaches for addressing APTs in networks.”
Another goal of CASTLE is to create open-source software that can help network defenders anticipate vulnerabilities an attacker may exploit. As an important benefit, datasets created by the CASTLE software will promote open, rigorous evaluation of defensive approaches that last beyond the life of the program.
More information can also be found in the CASTLE Broad Agency Announcement.