Supporting cyber operators across civilian, intelligence and Defense Department missions provides Peraton insight into challenges facing both defensive and offensive cyber operations. A consistent challenge that we hear from cyber operators defending environments is making sense of large volumes of data to mitigate analyst fatigue.
On the offensive side, a commander wants to know with a high degree of certainty that a cyber effect can be delivered at a time and place of his or her choosing and it will reliably yield a measurable mission outcome. The challenges of operational predictability and analyst effectiveness are magnified when the digital battlefield is constantly changing at an increasingly faster rate.
Artificial intelligence (AI) creates both risks and opportunities for cyber operations.
Cyber adversaries nominally hold an advantage in the well understood context that they must be successful in finding just one exploit while a defender must successfully defend an entire attack surface. This advantage can be made worse by AI if an adversary has a higher risk tolerance for unleashing automation and collateral damage it could cause. Hence, our defenses need to be bold and vigorous against adversarial AI.
At the same time, AI also creates an opportunity to amplify the “home field advantage” of defenders and bring more repeatability to offensive operations. On the defensive side, AI can be used for automated discovery of software and networks to accelerate the prioritization of vulnerabilities and threats to critical missions.
For example, Peraton has developed ThreatBoard, an AI-based environment that integrates open and operational data feeds to highlight priority actions for analysts. This capability has reduced incident resolution times from hours to minutes. Other defensive cyber-AI applications include leveraging infrastructure as code to apply automated moving target defense and other deception techniques. AI-based defensive capabilities can be combined with other prudent measures, like zero trust architectures, along with cloud-to-edge governance and resilience to improve overall cyber security posture for cyber defenders.
Cyber researchers are also innovating quickly to develop capabilities to augment human offensive cyber teams. For example, Peraton Labs has developed a capability that uses AI to significantly accelerate the experience accumulation of red team operators. By monitoring the activities of a penetration testing team, the system accumulates insights which are then used to offer recommendations to new operators. Other applications of AI include mapping adversary digital terrain to create a simulation environment for developing and testing exploits. Capabilities like this leverage AI to increase the speed and predictability of cyber effects.
The future of cyber is shaped by five defining pillars that will fuel innovation and discovery: automation and autonomy, ubiquitous surveillance, advanced computing and data, critical infrastructure protection, and multi-domain operations. AI and data are connective tissue across all five, creating an interlocking cyber system for offensive and defensive capabilities.
To achieve this level of cyber robustness, organizations should also consider these four principles to guide their strategy and approach:
-
Set ground rules for AI usage
Define the specific missions an AI-based capability will support and dictate, through attribute-based access control, who can access specific data sets and capabilities.
-
Start with applications for human machine teaming
AI should augment human judgment, not replace it. Use AI to automate routine tasks and summarize/prioritize information presented to operators.
-
Focus on data assurance and model integrity
Understand how your models are trained and how the outputs of AI-tools are secured. Apply secure-by-design principles to AI systems.
-
Adopt a “field-first” mentality
Co-create applications with operators to place emphasis on use cases aligned with operational needs. Quickly move to pilot deployments in the field to validate utility and expose practical challenges to drive application maturity.
With up front planning and a focus on data assurance, organizations can tap into maturing AI-based capabilities to increase the effectiveness of cyber defenders and improve the predictability of cyber effects.
Tom Afferton is president of the Cyber Mission Sector at Peraton, where he’s responsible for the sector’s strategy development and execution, program performance and growth objectives.
