Program Summary
Networks are under persistent threat from malicious cyber actors (MCAs). In response, a growing industry of network security professionals are offering realistic, threat-informed assessments of network owners’ defensive posture. These assessments are performed by a team of ethical hackers (i.e., the red team) in which they assume the role of sophisticated MCAs and perform a controlled security test in collaboration with network defenders (i.e., the blue team). Red team exercises are designed to exceed simple penetration testing and emulate MCA behaviors as realistically as possible. Realistic emulation of sophisticated cyber threats in a measured exercise is very helpful for providing a comprehensive picture of network defenders’ readiness.
The Signature Management using Operational Knowledge and Environments (SMOKE) program aims to develop data-driven tools to automate the planning and execution of threat-emulated cyber infrastructure needed for network security assessments (e.g., red team exercises). In a complementary activity, SMOKE will explore the development of data-driven tools to automate the discovery of distinguishable patterns of sophisticated cyber threat infrastructure (i.e., signatures). Together, SMOKE seeks to prototype components that enable red teams to plan, build, and deploy cyber infrastructure that is informed by machine-readable signatures of sophisticated cyber threats.
Additional information is available in the SMOKE Broad Agency Announcement