Cyber threats are real and constantly evolving, and responsible cybersecurity is looming.[1] This confluence of factors makes cybersecurity more important than ever. However, this article is not a detailed account of cyber threats or the necessity of cybersecurity. It is 2022, and I will assume you already know these realities. Instead, this article is about research, specifically how to pursue research properly, based on my experience with two different research programs at the Defense Advanced Research Projects Agency (DARPA).

The first aspect of cyber defense of AI starts with the networks, Marine Corps Lt. Gen. Michael S. Groen said today during a virtual fireside chat at the Billington CyberSecurity Summit. "The department is undergoing a little bit of a mind shift on networks and architecture. Our networks are a core piece of our warfighting architecture. Our networks are weapons, and, so, we have to treat them like weapons. We have to, we have to plan to protect them, make them resilient because everything that we're going to do in an artificial intelligence or data-driven way will depend on the security [of] those networks," he said.

Research seeks to apply Artificial Intelligence (AI) to scale and extend the capabilities of human operators to defend networks. A fundamental problem that hinders the generalization of successful AI approaches -- i.e., beating humans at playing games -- is that network defense cannot be defined as a single game with a fixed set of rules. Our position is that network defense is better characterized as a collection of games with uncertain and possibly drifting rules. Hence, we propose to define network defense tasks as distributions of network environments, to: (i) enable research to apply modern AI techniques, such as unsupervised curriculum learning and reinforcement learning for network defense; and, (ii) facilitate the design of well-defined challenges that can be used to compare approaches for autonomous cyberdefense. To demonstrate that an approach for autonomous network defense is practical it is important to be able to reason about the boundaries of its applicability. Hence, we need to be able to define network defense tasks that capture sets of adversarial tactics, techniques, and procedures (TTPs); quality of service (QoS) requirements; and TTPs available to defenders. Furthermore, the abstractions to define these tasks must be extensible; must be backed by well-defined semantics that allow us to reason about distributions of environments; and should enable the generation of data and experiences from which an agent can learn. Our approach named Network Environment Design for Autonomous Cyberdefense inspired the architecture of FARLAND, a Framework for Advanced Reinforcement Learning for Autonomous Network Defense, which we use at MITRE to develop RL network defenders that perform blue actions from the MITRE Shield matrix against attackers with TTPs that drift from MITRE ATT&CK TTPs.

The Army general likely to be tapped to head U.S. CYBERCOM and the NSA has some big plans for deploying cyber forces and using artificial intelligence in information attacks. Lt. Gen. Paul Nakasone, who currently leads U.S. Army CYBERCOM, is expected to nominated in the next few months to replace Adm. Michael Rogers, as first reported by The Cipher Brief (and confirmed by the Washington Post and a Pentagon source of our own). But caution is in order: the rumor mill says several other contenders are in the running, including Army Lt. Gen. William Mayville. Neither CYBERCOM nor the Pentagon would comment about the potential nomination. UPDATE: As @TheCipherBrief reported, Lt. Gen. Paul Nakasone is expected to be Trump's nominee.

The Army general likely to be tapped to head U.S. Cyber Command and the NSA has some big plans for deploying cyber forces and using artificial intelligence in information attacks. Lt. Gen. Paul Nakasone, who currently leads U.S. Army Cyber Command, is expected to nominated in the next few months to replace Adm. Michael Rogers, as first reported by The Cipher Brief (and confirmed by the Washington Post and a Pentagon source of our own). But caution is in order: the rumor mill says several other contenders are in the running, including Army Lt. Gen. William Mayville. Neither Cyber Command nor the Pentagon would comment about the potential nomination. UPDATE: As @TheCipherBrief reported, Lt. Gen. Paul Nakasone is expected to be Trump's nominee.