As military systems become more complex and interconnected, timely information-sharing is critical to mission success. At the same time, cyber threats are growing in sophistication. Combined with an industry shortage of human cyber operators, these challenges point to the need for autonomous systems in cyber defence. However, deploying AI in cyber defence requires more than innovation, it demands assurance.
To adopt AI-based autonomous agents for cyber defence, a robust test and evaluation (T&E) process is essential. Such a process must ensure these agents work as expected, meet user requirements and are robust, ethical, safe and secure.
As part of its four-year Autonomous Resilient Cyber Defence (ARCD) programme, QinetiQ has developed Dstl’s blueprint for T&E and demonstrated its application to interactive data-driven cyber-defence agents trained by a third party.
The T&E process
The T&E blueprint for autonomous cyber defence of military platforms consists of six key phases. The process is:
- Iterative: built around cycles of evaluation and refinement
- Evidence-based: focused on reducing uncertainty
- Risk-focused: based on identifying, estimating, reporting and updating key risks
At its core, the process builds evidence of whether an autonomous agent is safe and fit for purpose.