Breadcrumb

  1. Home
  2. Research
  3. Programs
  4. ACD: Active Cyber Defense

ACD: Active Cyber Defense

 

Program Summary

U.S. military, government and commercial IT networks face constant cyberattack from both criminal and state-sponsored adversaries. Current IT security response practices to these attacks boil down to four steps: find the invading code, unplug the affected systems, create security patches to thwart particular attacks, and apply those patches network-wide. This reactive engagement model is effective on a case-by-case basis but does not address key advantages attackers have—for example, adversaries can easily make small changes to malware that bypass patches and distribute that new malware on a massive scale. To stay ahead of increasingly sophisticated, stealthy and dangerous threats, defenders must move beyond traditional static defenses to exploit the natural advantages of their IT systems and expertise.

DARPA’s Active Cyber Defense (ACD) program is designed to help reverse the existing imbalance by providing cyber defenders a “home field” advantage: the ability to perform defensive operations that involve direct engagement with sophisticated adversaries in DoD-controlled cyberspace. Created in December 2012, the program seeks to develop a collection of synchronized, real-time capabilities to discover, define, analyze and mitigate cyber threats and vulnerabilities. These new proactive capabilities would enable cyber defenders to more readily disrupt and neutralize cyberattacks as they happen. These capabilities would be solely defensive in nature; the ACD program specifically excludes research into cyber offense capabilities.

Contact