Skip to main content
Feature Story | Argonne National Laboratory

International experts put Argonne’s cybersecurity defense software through the wringer at NATO’s Cyber Coalition 2022

How might artificial intelligence help NATO allies protect information technology systems, power grids, and other assets?

Six teams of cyberdefenders at Cyber Coalition 2022, the flagship cyberdefense event hosted by North Atlantic Treaty Organization (NATO) in Estonia in November, had a special mission. Their task? Set up computer-based systems and power grids at an imaginary military base and keep them running during a cyberattack. If hackers interfered with system operations or the power went down for more than 10 minutes, critical systems could go offline with grave consequences.

The faux mission hid a few trip wires. None of the teams knew the scenario or networks prior to the experiment, and all the defending teams — operating remotely from various nations — were simultaneously cyberattacking each other. Three of the six teams had access to a novel Autonomous Intelligence Cyberdefense Agent (AICA) prototype developed by the U.S. Department of Energy’s (DOE) Argonne National Laboratory that helped them understand the attacks and the attackers. The other three teams did not.

We were able to see the network as AICA sees it, including relationships between attack patterns, network traffic and target systems. Agents use this information to build a knowledge graph of the network and that helps them better protect it.” — Benjamin Blakely, cybersecurity research analyst at Argonne

Argonne’s AICA prototype is an advanced, award-winning computer defense software. It uses artificial intelligence to collect data, learn about its environment and advise users on next steps. Argonne recently received funding to further develop its groundbreaking potential through the Commercialization Accelerator Program of U.S Department of Homeland Security’s Science and Technology Directorate.

Benjamin Blakely, a cybersecurity research analyst in Argonne’s Strategic Security Sciences division, led the experiment along with cyberspace experts from NATO’s Allied Command Transformation (ACT), the group that led Cyber Coalition 2022. Blakely and ACT will publish its results in the coming months. Nate Evans, department manager of Argonne’s National and Cyber Security Information Sciences group, will also contribute.

All the teams were able to keep their grids online, but that wasn’t the only valuable outcome,” said Blakely. We were able to see the network as AICA sees it, including relationships between attack patterns, network traffic and target systems. Agents use this information to build a knowledge graph of the network and that helps them better protect it.”

Argonne’s AICA prototype made observations — such as network activity, logged events, intrusion detection alerts or detected malware — to enable sophisticated operator queries and automated decision-making about defensive responses. (Image by Argonne National Laboratory/Benjamin Blakeley.)

Argonne is committed to accelerating development of autonomous defense softwares similar to AICA. They are essential for protecting emerging technologies, such as self-driving vehicles, automated laboratories and other critical infrastructures, that are vulnerable to cyberattack. Cybersecurity agents need tools that improve collaboration between humans and machines and maximize the potential of artificial intelligence to reduce cyber risk.

Argonne has been a key partner in collaborative international efforts to develop such tools since 2017. In addition to its partnership with ACT, the lab participates in NATO Research Task Groups and the Autonomous Intelligent Cyberdefense Agents International Work Group, of which Evans is the lead.

Industry partnerships also play a role. Argonne worked with Amazon Web Services to provide a solid platform upon which to build AICA in advance of the simulated mission. The company has a long history of partnering with Argonne to support domestic cybersecurity competitions for college students through DOE’s CyberForce Program®.

NATO’s Cyber Coalition events, held annually in Estonia, attract as many as 1,000 participants from more than 30 countries. NATO routinely challenges cybersecurity experts with highly realistic, real-time challenges. The goal is to boost the ability by NATO allies and other countries to defend networks and operate together in cyberspace.

Argonne National Laboratory seeks solutions to pressing national problems in science and technology. The nation’s first national laboratory, Argonne conducts leading-edge basic and applied scientific research in virtually every scientific discipline. Argonne researchers work closely with researchers from hundreds of companies, universities, and federal, state and municipal agencies to help them solve their specific problems, advance America’s scientific leadership and prepare the nation for a better future. With employees from more than 60 nations, Argonne is managed by UChicago Argonne, LLC for the U.S. Department of Energy’s Office of Science.

The U.S. Department of Energy’s Office of Science is the single largest supporter of basic research in the physical sciences in the United States and is working to address some of the most pressing challenges of our time. For more information, visit https://​ener​gy​.gov/​s​c​ience.