New NSA-powered AI tool would help industry optimize cyberdefense testing
NSA Director and Cyber Command Commander Gen. Timothy Haugh speaks at an industry event in Baltimore in June 2024. Defense Systems Information Agency photo by David Marin
Autonomous Penetration Testing would overhaul manual work needed to check the cyber armor of firms that service the intelligence community, said Cyber Command and NSA head Gen. Timothy Haugh.
The NSA has a new AI-powered tool to help intelligence community industry providers more thoroughly test the cyberdefenses of their systems.
The Autonomous Penetration Testing platform would replace much of the laborious, manual process of such testing, where organizations use vulnerability scanning tools and other methods to measure the robustness of their cyberdefenses against hackers, NSA and Cyber Command leader Gen. Timothy Haugh said late Tuesday at a dinner event with the Intelligence and National Security Alliance.
The APT tool — not to be confused with common APT lingo used to denote Advanced Persistent Threats — will be offered via the agency’s Cybersecurity Collaboration Center, a cross-sector group that shares information between other agencies and the private sector about hacking threats to American infrastructure and other key targets.
“It will enable the [Defense Industrial Base] customers to more quickly broaden penetration tests of their internal assets, identify issues, implement mitigations and confirm effective closure of any identifiable vulnerabilities,” Haugh said.
The NSA and other intelligence agencies often lean on the private sector for technology services to help their cyber warriors thwart malicious hackers and spy on targets overseas. That dynamic includes a robust collection of zero-day exploits — hacks that target unknown system vulnerabilities that get their name because developers have “zero days” to patch them — that are discovered by private firms and sold to the agency to be used later for device break-ins.
Recent high profile supply chain cyberattacks, where a digital gap in a vendor’s defenses allows hackers to jump into the systems of another company being serviced by that vendor, have called into question the cyber posture of government providers. The incidents helped fuel a recent guidance overhaul for sensitive data that’s exchanged between agencies and private sector contractors.
For highly classified environments where third-party companies’ technology runs parallel to NSA networks, leaders view AI-backed penetration testing as an efficient method for quickly patching system vulnerabilities and minimizing the amount of time a defense provider is exposed, Haugh said on stage.
The new APT service allows traditional penetration-testing tools to better “learn and update vulnerabilities and threats,” he said, adding that the method was already deemed successful in pilot phases. AI-powered penetration testing allows security researchers to more broadly assess vulnerabilities in their systems and continually monitor networks for cyber flaws, according to findings from IT security firm CQR.
In the event of an attack on a defense or intelligence agency industry provider, sensitive or even classified data can be exposed. The Defense Department’s IT infrastructure is a target-rich environment for cybercriminals and nation-state hackers because the department’s personnel data can be easily connected back to intelligence findings, national security assessments or closed-off weapons designs.
An advanced North Korean hacking group has targeted information stored in government nuclear facilities and research institutes, as well as data in nuclear power plants, radar systems and other sectors in an effort to shore up Pyongyang’s military apparatus and nuclear missile program, the FBI and others warned last week.
Editor's note: This article has been updated to reflect Gen. Timothy Haugh's rank.