AI Agents Defend the Network During NetModX
The Army seeks an artificial intelligence architecture for cyber.
The recently completed Network Modernization Experiment (NetModX) included an army of autonomous agents unleashed in defense of the network and in some cases also protected other artificial intelligence (AI) technologies.
NetModX is a science and technology experiment held July 20-October 2 at Joint Base McGuire-Dix-Lakehurst, New Jersey. The science and technology experiment provides lessons learned for Army acquisition decisions, science and technology specifications, requirements and strategies necessary to modernize the force. Systems that performed well this year might ultimately end up in the Army’s arsenal as part of the capability sets to be fielded in 2023 and 2025.
Army officials outlined the role artificial intelligence played in the experiment during a virtual roundtable discussion with reporters October 22. The discussion was hosted by the service’s Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance and Reconnaissance (C5ISR) Center.
“As far as artificial intelligence, that’s infused across a number of our projects that we have at this experiment to hopefully enhance the way that we sense and respond and manage the network operations and the way that we take in and process data and provide information to a user in terms of situational awareness tools,” said Daniel Coulter, a senior science and technology advisor for the Army’s Network Cross Functional Team in charge of modernizing the network. “It’s really a part of everything we’re doing. It’s a foundational tool that we use in a bunch of different contexts.”
Brian Lyttle, chief of the Cyber Security and Information Assurance Division within the C5ISR Center, said that autonomous agents, one form of AI, was used to defend other AI technologies. “For this year in NetModX, we were focused on providing tools which help defend new artificial intelligence capabilities that we’re deploying into the tactical battlefield spaces. What we looked at were sending out autonomous agents across the network and watching for potential threats as they moved into these new tools that provide artificial intelligence capabilities.”
The technologies, including machine learning, helped defend the entire network. “We’re at the initial stages of deploying and developing this type of capability, so our object at NetModX was really to establish a machine learning architecture, how data flowed through in a live environment, so we could help train our artificial intelligence systems to recognize a potential threat that was on the network,” Lyttle explained.
The technology is important, in part, because tactical units often do not have enough personnel to protect the network. Lyttle cited one example of an enterprise network rather than a tactical network that had 77 million alerts on it, which became about 25,000 investigations and resulted in over 80 incidents that had to be handled and reported to the Joint Force Headquarters-Department of Defense Information Network.
“At the tactical level, you’re really significantly undermanned to handle a lot of the problems. And that’s with a staff of several dozen people all in overwatch and handling different parts of that. At a brigade combat team, you only have a staff of perhaps a dozen, and if you’re fortunate, you have a cyber protection team there to help you with it as well,” Lyttle said. “What we’re trying to do is provide those intelligent software tools that will help us beat that manning problem down at the brigade combat team down at the pointy edge of the spear with our autonomous cyber set of projects.”
Those autonomous cyber projects, he added, included not just the autonomous agents but also a “fairly robust architecture” to enable machines to learn what activities look normal on a tactical network and what qualifies as an anomaly, which will “trigger a set of recommendations back to the J-6 for them to take action.”
Lyttle described the experiment as an “initial stage” that already has provided great results. “NetModX for us really is the opportunity to push technologies out of the lab into the Brigade Combat Team environment, but to examine it from a white box perspective where we have our engineers on hand in a deployed environment examining the performance of our new cybersecurity tools.”
The NetModX environment is helpful in part to gather tactical data for training AI and machine learning systems. “The more difficult data to get, for us, is on the tactical side of the house. NetModX really provides an opportunity for us to collect that data and to watch it internally because we know the systems that are there and we can help train our systems as to what looks like network normal,” Lyttle said.
In what Lyttle described as an interesting twist, new technologies normally flow from the enterprise network down to the tactical network, but in this case, that process is being reversed.
If you enjoyed this article, you might also enjoy: