What is Integrated Adaptive Cyber Defense (IACD)?

IACD is a strategy for increasing the speed and scale of cyber defenses by leveraging automation to enhance the effectiveness of human defenders, moving them outside the response loop into a response planning and approval role “on the loop” of cyber defense. Learn more about IACD here.

What is the value of IACD?

The Integrated Adaptive Cyber Defense (IACD) concept was driven by existing and increasingly more critical challenges in cyber defense:

Cybersecurity solutions and operations cannot scale to complexity, interdependencies, and pervasiveness of threats.
Adversaries already employ reuse, modularization, orchestration, and automation.
Acquisition and procurement processes don’t accommodate for the speed of technology evolution.
Workforce realities demand a different approach—skilled human capital is at a premium.

IACD provides a framework, including reference architectures, use cases, draft specifications, and implementation examples that enable enterprise owners to leverage investments they have already made in cybersecurity through adoption of this extensible, adaptive approach to address the challenges listed above.

How does IACD work?

IACD integrates the activities of multiple products and services to automate the determination of risk, the decision to act, and the synchronization of response actions in accordance with the organization’s business rules. In addition, IACD shares threat information and responses across communities of trust. An organization’s business rules are codified by the procedures (referred to as “playbooks”) it follows when it encounters a cyber event. IACD translates these procedures into workflows that enable automation of the key capabilities of IACD: sensing, sense making, decision making, and action. Further details are available in the Integrated Adaptive Cyber Defense (IACD) Baseline Reference Architecture

Who is sponsoring IACD work?

The IACD project was initiated in 2014 by the Department of Homeland Security (DHS) and the National Security Agency (NSA). They jointly sponsor strategic research and development by the Johns Hopkins University Applied Physics Laboratory (JHU/APL) in collaboration with government, academic, and commercial organizations.

What are the tenets of IACD?

IACD has three driving tenets that influence its concepts and capabilities:

Bring your own enterprise
Employ a product-agnostic, plug-and-play architecture
Insist on interoperability

IACD acknowledges that enterprises have different missions, business process rules, and resources and therefore may implement IACD differently. IACD must be flexible enough to support a range of enterprise environments, technologies, resources, and levels of sophistication. Finally, proprietary products must function together via nonproprietary methods.

What is the strategy for IACD adoption?

IACD stimulates both the demand for and the supply of SOAR-related products and services. This stimulation has been achieved through research and experimentation spirals that result in practical demonstrations of IACD capabilities. In addition, the IACD team has engaged with potential adopters and vendors to make them aware of these capabilities and their market potential. To date, we have observed a growing interest in IACD adoption. This trend is expected to accelerate.

What is Integrated Cyber?

In the past, IACD held Integrated Cyber events two or three times a year. These events brought together the IACD community of interest (COI), which was composed of potential adopters, commercial firms, research organizations, academic institutions, cyber experts, and government agencies. Integrated Cyber events were an excellent opportunity to learn the latest information, make contacts, and contribute to a growing COI. Information about past Integrated Cyber talks can be found here.

Who are the members of the IACD community of interest, and what are we working to accomplish?

The IACD community of interest (COI) includes adopters, suppliers, cybersecurity experts, commercial firms, research organizations, academic institutions, and government entities. Currently, the IACD COI has no formal structure, but it involves organizations such as Information Sharing and Analysis Centers (ISACs), which operate on a more formal basis. It is an evolving community that continues to attract a variety of organizations interested in advancing the art of the possible in cyber defense. Come to an IACD Integrated Cyber event and meet the members of the community.

How can I join?

You can also contact the IACD team for more information, ask to be added to our mailing list, and learn about upcoming cybersecurity conferences that we will be speaking at.

How can I participate in IACD development?

There are many ways to participate, as adopters, vendors, and influencers:

Share successes and lessons learned from your own experiences
Share your processes and procedures (playbooks) for responding to cyber events
Participate in or offer reference implementations to the IACD community in a limited or public forum
Assist in developing relevant specifications
Demonstrate IACD solutions
As a vendor or solution provider, participate in spiral efforts to demonstrate the art of the possible
Highlight how your organization measures or recognizes the value of security automation
Inform the IACD community of interest customer and industry about relevant objectives, challenges, user scenarios, successes, and gaps
Connect with our team!

The Department of Homeland Security’s (DHS) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat indicators between the federal government and the private sector at machine speed. AIS is one of many sources of threat information that IACD can employ. An IACD-enabled enterprise can consume and act upon AIS indicators and defensive measures. In return, IACD can provide indicators and defensive measures to AIS. Additional information is available here.

Where can I find the IACD Community Logo?

In the last year and a half, the market has changed drastically and organizations have made the commitment to automation in cyber operations. There are now many operational deployments with organizations willing to share lessons learned with their peers. Based on discussions with our members and partners, we have determined that the IACD community logo no longer requires a unique 2-day event hosted at JHU/APL in the future. As part of this transition, we are making available a new logo to represent IACD community members. Members of the IACD community can download and use this logo when discussing IACD in the future.