Content, Security Program Controls/Technologies

Homeland Security, CISA Team to Build AI, Machine Learning Cybersecurity Testing Ground

DHS Flag painted on a wall

The Department of Homeland Security’s (DHS) Science and Technology Directorate (S&T) and the Cybersecurity and Infrastructure Security Agency (CISA) plan to jointly develop an advanced artificial intelligence and machine-learning ecosystem, or "sandbox," intended to counter evolving threats and defend against cybersecurity attacks.

What's Involved?

S&T, which is DHS' research and development wing, will drive the CISA Advanced Analytics Platform for Machine Learning (CAP-M). An earlier version of the project dating to mid-2021 was dubbed CyLab. CAP-M is a revising and restating of the original project’s plans with an updated charter.

The end goal of the project is to improve situational awareness and decision making surrounding cyber strikes. As the tactics and techniques of cyber attackers become more sophisticated, CAP-M is intended to provide CISA with the tools and capabilities to innovate and prepare for advanced cyber threats.

“CAP-M is a secure, multi-cloud collaborative research environment that will enable CISA users to apply advanced analytic techniques across a variety of data sources,” S&T said in a statement.

Lessons learned from experiments in analyzing, correlating and enriching data will be shared with government, academia and private industry.

Research Plan Unveiled

The three-point research plan includes:

  • Ecosystem. Prototyping a multi-cloud sandbox for next generation training ground for CISA users.
  • Tools and tradecraft. Researching artificial intelligence and machine learning capabilities.
  • Automating the machine learning loop. Build and automate the ML solution loops and the workflows through the loop.

“Fully realized, CAP-M will feature a multi-cloud environment and multiple data structures, a logical data warehouse to facilitate access across CISA datasets, and a production-like environment to enable realistic testing of vendor solutions,” S&T said in a project description. “While initially supporting cyber missions, this environment will be flexible and extensible to support datasets, tools, and collaboration for other infrastructure security missions.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.