Active Cyber Defense (ACD) is "an organization’s synchronized, real-time capability to discover, detect, analyze, and mitigate threats and vulnerabilities within their cyber defense ecosystem".
DarkLight supports each phase of ACD by synchronizing and automating sensing, sense-making, decision-making, and acting capabilities. ACD is the cyber equivalent of the OODA Loop (Observe, Orient, Decide, Act) developed by military strategist and United States Air Force Colonel John Boyd.
In warfare with photons and electrons, the observe, orient, decide and act cycle, or OODA loop, will be pulled into a knot and it will be so tight that people cannot be inside of it. We need...AI that we understand and can train."
—Dr. William Roper, Director, Strategic Capabilities Office of the OSD
Trusted Information Sharing (TIS) is sharing situational awareness, threat intelligence, and playbooks with communities of trust.
Both Active Cyber Defense and Trusted information Sharing are enabled by the Integrated Adaptive Cyber Defense framework.
The result of collaboration between NSA, DHS, Johns Hopkins University APL and many industry-leading vendors, Integrated Adaptive Cyber Defense (IACD) is a strategy for increasing the speed and scale of cyber defenses.
The rapid detection and mitigation of cyber threats requires the integration, synchronization, and automation of sensing, sense-making, decision-making, and acting capabilities across network layers, and relies upon the rapid ingestion and processing of shared threat and response intelligence among trusted partners."
DarkLight provides governance, adjudication, and management of decision making for the IACD framework, using explainable AI. Click here to learn more.
DarkLight automates what was previously solely a human task in Adaptive Cyber Defense and Trusted Information Sharing. Upper-level sense-making and decision-making functions which require human expertise and analytic tradecraft “in the loop” are now captured, augmented and/or automated to perform at machine speed, while the human remains “on the loop” only as needed, to further train and guide the AI.
This two-page document is ideal for the Security Analyst, Security Operation Center (SOC) Managers and CISO, and will explain the