AI meets cyber as Army tests tactical network protection

Staff Sgt. Keila Peters conducts testing during Network Modernization Experiment 20 at Joint Base McGuire-Dix-Lakehurst, New Jersey, July 27, 2020. (U.S. Army C5ISR Center photo/Jasmyne Douglas)

The Army is testing out automated tools to enhance tactical network security and protect artificial intelligence capabilities.

The Army recently wrapped up its 11-week Network Modernization Experiment (NetModX) at Joint Base McGuire-Dix-Lakehurst in New Jersey on Oct. 2, a science and technology experiment that set out to test more than 30 fresh-out-the-lab technologies that would be available in 2023.

One of the key takeaways was improving automated network defenses to reduce technical personnel needs on the battlefield.

"At the tactical levels, you're really significantly undermanned to handle a lot of the problems," said Brian Lyttle, the chief of cybersecurity and information assurance division in the Army's Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance and Reconnaissance Center. (The center, which is part of Army Combat Capability Development Command, hosted NetModX.)

This year's experiment focused on network resiliency, bandwidth, and spectrum use. Lyttle's team tested autonomous agents for defensive cyber operations. Those agents are a form of artificial intelligence and were deployed across the network to watch for potential threats, while also protecting other artificial intelligence tools that were deployed on the battlefield, Lyttle told reporters Oct. 22.

"What we looked at were sending out autonomous agents across the network and watching for potential threats as they moved into these new tools that provided artificial intelligence capabilities," he said, adding that a set of recommendations and reactions were then generated and sent for review.

The tools could help with the tactical manning problem of having too few network engineers on the battlefield, especially when it comes to wading through the sheer volume of alerts generated.

Using an enterprise level example, Lyttle said a system received 77 million alerts that became 25,000 investigations. Those turned into more than 80 incidents that needed mitigation and were ultimately reported to the Joint Force Headquarters- Department of Defense Information Network. The future research goal is to improve the tools and their ability to determine what "network normal" is which can improve detection and protection capabilities both on the battlefield and at the enterprise level.

The NetModX demonstration, which comes on the heels of another large-scale Army tech demo called Project Convergence, also yielded some promising tech developments on the radio and spectrum front.

Daniel Duvak, the chief for the C5ISR center's radio frequency communications division, said they tested eight different technologies on communications resiliency in hardened and non-traditional waveforms that don't rely on dedicated, licensed spectrum.

"A lot of our radio systems of today, they use a lot of spectrum," Duvak said. "Government is selling off spectrum to cell phone companies and others. And spectrum is becoming a very, very finite resource for the Army and for the joint services."

Duvak said that about four of the eight technologies would be ready for next year's Project Convergence 2021, which will focus on tech interoperability between the joint force. The remaining four need to be matured, he said.