The increasing scale and complexity of networked computer systems, the persistently large set of vulnerabilities in the services and software running on these systems, and the increasing reliance of mission-critical workflows on such networked computer systems portend a challenging future where state and non-state actors can hold DoD and non-DoD infrastructure and workflows at risk. The BAA recognizes an important imperative and identifies a vital component to minimize and mitigate these risks: robust autonomous cybersecurity agents that can work with humans in defending networked computer systems while sustaining mission-critical operational workflows.

Our overarching goal is to build a state-of-the-art RL training environment for network operations for training both blue team agents to learn defensive actions to maintain operational workflows and red team agents to search for attack paths that exploit exposed networkvulnerabilities. We bring together a highly qualified team of researchers from Vanderbilt University, the University of Virginia (UVA), and Leidos, Inc., with complementary expertise in the areas most relevant to the program and this proposal. Vanderbilt’s work builds upon expertise in model-based integration, simulation-based testbeds for experimentation on networked cyber-physical systems, the science of security (Vanderbilt hosts one of six NSA tablets), and assured machine learning. UVA’s work builds upon expertise in cybersecurity and experience constructing and supporting a live network testbed for experiments in the DARPA CHASE program. Leidos builds upon their expertise in constructing an emulation environment for cyber offense and defense experiments, coincidentally called CastleClone, that is soon to be used by several of their DoD and IC customers.