WHY THIS MATTERS IN BRIEF

Hackers, even AI ones, can’t break into your systems if they’re confused… or so goes the theory.

Intelligence work is often as much about gathering information as it is about disseminating misinformation. To that end, the Intelligence Advanced Research Projects Activity (IARPA), the branch of the US Government whose objective it is to solve some of the US’s most critical Intelligence Community challenges, is looking for innovative solutions around deceptive cyber defenses.

In a recent request for information, IARPA contracting officers put out the call to “identify existing capabilities and emerging methods” for protecting data and systems by confusing and otherwise deceiving the adversary prior to and during a cyberattack.

“Historically, denial and deception (D&D) has been used by militaries for defense, whether it be to instill uncertainty or to provide misinformation,” contracting officials explain in the RFI, and, “D&D can also be looked at similarly for increasing cyber defense posture and resiliency.”

In the RFI, IARPA notes this concept is gaining traction in the private sector but has yet to really mature.

“Many techniques lack rigorous experimental measures of effectiveness, information is insufficient to determine how defensive deception changes attacker behavior or how deception increases the likeliness of early detection of a cyberattack,” according to the notice.

Specifically, IARPA is looking for feedback on existing deception methods, test and evaluation methods, emerging techniques and information on the respondent company’s organizational structure and service offerings. The RFI includes a detailed set of questions for each of the four areas.

Depending on the information received, IARPA plans to hold a one-day workshop on deception tactics, which could lead to research investments in the future.