Back to search


EDF Application to Automation of Security Penetration Tests

Awarded: NOK 0.38 mill.

Modern penetration tests are complex. Regular execution of penetration tests is associated with considerable costs, especially when it comes to new and updated technologies like 5G and IoT-connected devices that found broad applications in the military domain. Security audits and penetration tests involve many activities that are non-trivial to automate. Furthermore, due to the particular conditions of defence-related use cases, civil technologies need to be adapted, further improved or combined with defence-specific technologies through additional R&D efforts to make them suitable for defence applications. This project aims at overcoming defence-specific obstacles associated with the automation of penetration tests, and at least partially automate the process by developing a user-friendly software solution that performs network security penetration tests for cyber defence actors. The ambition includes automation of tasks performed by penetration testers, making an artificial intelligence capable of making relevant decisions, and new user interfaces for SOC operators to be involved in automated penetration testing. The project will result in the development of blueprints for a product capable of automating penetration tests based on the technical model, along with suitable use cases defined by industrial partners in consultation with the corresponding MoD. The project will place particular emphasis on novel and disruptive technologies that are currently being integrated in defence networks. These technologies also have the potential for use in communication networks. We will prioritize the integration and training of AI models, specifically focusing on ethical standards and the existing mechanisms that support SOC operations. This includes human-understandable models and parameter visualization.

Funding scheme: