New NSA tool aims to automate cyber-defense tests
Agency chief says AI-powered platform will help intel-community suppliers evaluate their network defenses much more cheaply and rapidly.
The NSA has a new AI-powered tool to help vendors to the intelligence community test their cyber defenses.
The Autonomous Penetration Testing platform aims to replace much of the manual labor involved in searching for vulnerabilities and gauging the robustness of cyber defenses, NSA and Cyber Command leader Gen. Timothy Haugh said last week at a dinner event with the Intelligence and National Security Alliance.
The APT tool—not to be confused with advanced persistent threats—will be distributed through the agency’s Cybersecurity Collaboration Center, which circulates information about threats to American infrastructure and other key targets.
“It will enable the [defense industry] customers to more quickly broaden penetration tests of their internal assets, identify issues, implement mitigations, and confirm effective closure of any identifiable vulnerabilities,” Haugh said.
The NSA and other intelligence agencies often lean on the private sector for technology services to help their cyber warriors thwart malicious hackers and spy on targets overseas. That dynamic includes a robust collection of zero-day exploits — hacks that target unknown system vulnerabilities that get their name because developers have “zero days” to patch them — that are discovered by private firms and sold to the agency to be used later for device break-ins.
Recent high-profile supply chain cyberattacks, where a digital gap in a vendor’s defenses allows hackers to jump into the systems of another company being serviced by that vendor, have called into question the cyber posture of government providers. The incidents helped fuel a recent guidance overhaul for sensitive data that’s exchanged between agencies and private sector contractors.
For highly classified environments where third-party companies’ technology runs parallel to NSA networks, leaders view AI-backed penetration testing as an efficient method for quickly patching system vulnerabilities and minimizing the amount of time a defense provider is exposed, Haugh said on stage.
The new APT service allows traditional penetration-testing tools to better “learn and update vulnerabilities and threats,” he said, adding that the method was already deemed successful in pilot phases. AI-powered penetration testing allows security researchers to more broadly assess vulnerabilities in their systems and continually monitor networks for cyber flaws, according to findings from IT security firm CQR.
In the event of an attack on a defense or intelligence agency industry provider, sensitive or even classified data can be exposed. The Defense Department’s IT infrastructure is a target-rich environment for cybercriminals and nation-state hackers because the department’s personnel data can be easily connected back to intelligence findings, national security assessments or closed-off weapons designs.
An advanced North Korean hacking group has targeted information stored in government nuclear facilities and research institutes, as well as data in nuclear power plants, radar systems and other sectors in an effort to shore up Pyongyang’s military apparatus and nuclear missile program, the FBI and others warned last week.
Editor's note: This article has been updated to reflect Gen. Timothy Haugh's rank.