Lead author: Alexander Kott
Objective of the report: This report describes an initial reference architecture for intelligent software agents performing active, largely autonomous cyber defense actions on military networks of computing and communicating devices. The report is produced by the North Atlantic Treaty Organization (NATO) Research Task Group (RTG) IST-152 “Intelligent Autonomous Agents for Cyber Defense and Resilience”. In a conflict with a technically sophisticated adversary, NATO military tactical networks will operate in a heavily contested battlefield. Enemy software cyber agents—malware—will infiltrate friendly networks and attack friendly command, control, communications, computers, intelligence, surveillance, and reconnaissance and computerized weapon systems. To fight them, NATO needs artificial cyber hunters—intelligent, autonomous, mobile agents specialized in active cyber defense. With this in mind, in 2016, NATO initiated RTG IST-152. Its objective is to help accelerate development and transition to practice of such software agents by producing a reference architecture and technical roadmap. This report presents the concept and architecture of an Autonomous Intelligent Cyber Defense Agent (AICA). We describe the rationale of the AICA concept, explain the methodology and purpose that drive the definition of the AICA Reference Architecture, and review some of the main features and challenges of the AICA.
This report is the result of a study conducted by the European Union Agency for Network and Information Security (ENISA) for the European Parliament’s Science and Technology Options Assessment (STOA) Panel with the aim of identifying risks, challenges and opportunities for cyber-defence in the context of the EU Common Security and Defence Policy (CSDP).
"Published on 25 October 2016, this document is the result of the work of a multinational team of volunteer academics and researchers drawn from 17 nations associated with the Partnership for Peace Consortium (PfPC) Emerging Security Challenges Working Group (ESCWG). The aim was to produce a flexible and generally comprehensive approach to the issue of cybersecurity."