The CSCRC is undertaking a research project on Augmenting Cybersecurity Defence Capability (ACDC), in collaboration with ECU, CSIRO, Deakin university, WA government and a range of industry participants. The ACDC Project is working towards adopting Artificial Intelligence (AI) to develop augmentation capabilities for Incident Response (IR) teams that will enhance the IR teams capabilities for an effective response during fast-paced cyber incidents. The research is grounded in work on understanding human behaviour during cyber defence exercises and using semantic attacker and defender behaviour models.
Aims and objectives of ACDC
This project addresses 8 Core Technical Challenges:
1. Monitoring and observing IR team behavior
2. Modelling of team behavior
3. AI Reasoning about human behavior in a semantic framework
4. Detecting and resolving interference and conflict between human and AI behaviors
5. Providing a Human Computing Interface that facilitates cooperation
6. Evaluating the effectiveness of Human-AI interaction and collaboration in red/blue training
7. Understanding and modelling cyber situational awareness of human operators
8. Integration of physical and OT environments to enable dynamic impact assessments of attack and response in Critical Infrastructure (CI) settings
Cyber Security Training Platform
To develop these augmentation capabilities, the project involves the development and deployment of a Cyber Security Training Platform (CSTP) that tests the capabilities of an IR team and gathers IR data. The CSTP was built around a comprehensive port operation scenario developed in collaboration with Port Authorities in Western Australia to provide the environment for testing the ACDC project. This covers classic Information Technology (IT) coupled with critical Operational Technologies (OT). The CSTP is utilised to generate and collect data and validate the research outcomes through a series of war-gaming events which take place once every six months and are informed by similar exercises undertaken by AUKUS partners. Red (attacker) and blue (defender) teams are composed of volunteering cyber security experts who join the event with anonymous identities and signed consents. Red team members play through a (defined) structured attack scenario during the event to achieve the attack objectives whilst the blue team defend the port and maintain its operations within the cyber-range against the red team. The data gathered at each event is utilised to gradually enhance the CSTP and further build on the augmentation capabilities of the IR team.
IR Training Opportunity
The first red/blue team event was undertaken in November 2022. THe next event takes place across 2 days on 14th to 15th June 2023, in Edith Cowan University Joondalup Campus, Perth. Cyber professionals are invited to volunteer for the Red and Blue teams.
We would welcome participation from cybersecurity professionals from your organisation and network for the above or future events. These are an excellent opportunity to meet other professionals, showcase and develop your team’s IR skills and work with others to improve on your skills and expertise when it comes to protecting systems within Australia’s critical infrastructures.
To register interest contact Project Lead Seyit Camtepe Seyit.Camtepe@cybersecuritycrc.org.au or Dom Basic email@example.com from the CS CRC.