On February 7, Cambridge, MA-based Charles River Analytics announced that it has won a contract, in two phases, to develop an artificial intelligence (AI) and machine-learning-based cyber opponent that would enable more frequent and less resource-intensive cybersecurity training. The $1.1 million Phase II contract, awarded through the Small Business Innovation Research (SBIR) program, will run through July 2023.
Given the growing threat of cyberwarfare, training exercises in cybersecurity are becoming increasingly imperative. Unfortunately, large-scale exercises require too much time, money, and expertise to execute. As a result, training slips down in priority. An automated, adaptive, and dynamic training tool that can successfully mimic an adversary would reduce the cost of exercises and potentially increase their frequency.
The Cyber Reactive Adversary Framework for Training (CRAFT) from Charles River Analytics fits the bill, according to the company, providing realistic, dynamic, and customized adversary behavior to meet training objectives.
Alternative approaches can craft an automated cybertraining tool, but they come with their own challenges. Baseline “smart scripting,” for example, is simple to use but is often too elementary in its approach. As a result, adversaries can easily figure out their behavior and circumvent them. “Intelligent scripting is too simplistic and not very dynamic,” said Sean Guarino, principal scientist at Charles River Analytics. “They don’t react very well to the things the defender might do, so they’re easily detected.” On the other end of the spectrum, cognitive architectures can also deliver, but they are too complex and esoteric, leaving the crafting of a tool to only a few skilled professionals.
CRAFT treads the middle “Goldilocks” ground effectively by leaning on its in-house reactive behavior modeling architecture, Hap. Hap agents proactively and dynamically collect information on behavior. “Hap uses active planning so, unlike static behavior-tree approaches, Hap dynamically reconfigures the behaviors it pursues based on what the defenders are doing. Being able to detect, react, and adapt in real time presents a more complex adversary,” Guarino said.
The team is working on making CRAFT with a more accessible interface so it can be “easily adopted by those who need to work with it,” Guarino added.
CRAFT’s achievement during Phase I was the development of an agent that can execute a live attack exercise, instead of simulations, and dynamically change behaviors. Phase II will address a wide range of adversary behaviors and attacks, including those outlined in MITRE’s ATT&CK framework.
While CRAFT started out as a tool for the armed forces, it can find commercial applications in corporate and university training programs. “There are a lot of gaps in training in the commercial sector as well. Having a tool such as CRAFT allows organizations to deliver more frequent and effective training,” Guarino said. “It means our cyberdefenders will be better prepared to detect and respond to attacks more quickly and to conduct better cyberforensics to understand what happened during an attack that already occurred.”
Source: Charles River Analytics
Your competitors read IC News each day. Shouldn’t you? Learn more about our subscription options, and keep up with every move in the IC contracting space.
By Loren Blinde
February 16, 2023
