Autonomous Cyber Defense Agents for NATO: Threat Analysis, Design, and Experimentation

This paper discusses the design and implementation of Autonomous Cyber Defense (ACD) agents for Protected Core Networking (PCN). Our solution includes two types of specialized, complementary agents placed in different parts of the network. One type of agent, ACD-Core, is deployed within the protected core segment of a particular nation and can monitor and act in the physical and IP layers. The other, ACD-CC, is deployed within a colored cloud and can monitor and act in the transport and application layers. We analyze the threat landscape and identify possible uses and misuses of these agents. Our work is part of an ongoing collaboration between two NATO research task groups, IST-162 and IST-196. The goal of this collaboration is to detail the design and roadmap for implementing ACD agents for PCN and to create a virtual lab for related experimentation and validation. Our vision is that ACD will contribute to improving the cybersecurity of military networks, protecting them against evolving cyber threats, and ensuring connectivity at the tactical edge.