Visible to the public Automated computer network defence using ARMOUR: Mission-oriented decision support and vulnerability mitigation

TitleAutomated computer network defence using ARMOUR: Mission-oriented decision support and vulnerability mitigation
Publication TypeConference Paper
Year of Publication2017
AuthorsNakhla, N., Perrett, K., McKenzie, C.
Conference Name2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)
Date Publishedjun
KeywordsARMOUR, Automated computer network defence, Automated Cyber Defence, automated mission-oriented decision support, Automated Response Actions, composability, Computational modeling, Computer architecture, computer network security, computer networks, Cyber Attacks, cyber defence integration framework, cyber defence science-and-technology platform, Data analysis, Data models, data sources, decision making, decision support, Decision support systems, Defence Research and Development Canada, infrastructure data analysis, Mission Assurance, mission-context information, near real-time defensive cyber operations, network operators, network responses, Network topology, network-based CoA, network-based courses-of-action, Proactive Cyber Defence, pubcrawl, Resiliency, Responsive Cyber Defence, security, situational awareness, Software, Software Vulnerability Mitigation, vulnerability mitigation

Mission assurance requires effective, near-real time defensive cyber operations to appropriately respond to cyber attacks, without having a significant impact on operations. The ability to rapidly compute, prioritize and execute network-based courses of action (CoAs) relies on accurate situational awareness and mission-context information. Although diverse solutions exist for automatically collecting and analysing infrastructure data, few deliver automated analysis and implementation of network-based CoAs in the context of the ongoing mission. In addition, such processes can be operatorintensive and available tools tend to be specific to a set of common data sources and network responses. To address these issues, Defence Research and Development Canada (DRDC) is leading the development of the Automated Computer Network Defence (ARMOUR) technology demonstrator and cyber defence science and technology (S&T) platform. ARMOUR integrates new and existing off-the-shelf capabilities to provide enhanced decision support and to automate many of the tasks currently executed manually by network operators. This paper describes the cyber defence integration framework, situational awareness, and automated mission-oriented decision support that ARMOUR provides.

Citation Keynakhla_automated_2017