This post is also available in: heעברית (Hebrew)

Military computer networks are under persistent threat from malicious cyber hackers, so network security experts must be able to assess their cyber vulnerabilities and defenses by using red team ethical hackers and blue team cyber defenders.

The use of red teams — ethical hackers who identify system vulnerabilities — can be an effective way for organizations to find and fix problems before malicious cyber actors exploit. 

As it takes a lot of time and expertise to build a test infrastructure that emulates sophisticated threats and evades detection, the US Defense Advanced Research Project Agency (DARPA) wants to automate some of that work.

The agency is asking the computer industry to develop ways to detect, manage, and defeat typical cyber hackers behavior and make them part of the computer and design process.

DARPA has recently issued a broad agency announcement for the Signature Management Using Operational Knowledge and Environments (SMOKE) project.

SMOKE seeks also to measure the risk of cyber threats in real-time, and find new ways for red team ethical hackers to maintain their evasiveness as they help train cyber security experts root-out malicious cyber behavior.

Red team exercises are designed to exceed simple penetration testing, and emulate cyber attacker behaviors as realistically as possible, to form a picture of network defense readiness. Red teams use tactics that mimic advanced cyber threats to evade network defenders and assess how critical networks fare against a determined cyber attack.

A core aspect of red team security assessments are procedures to build domain names, IP addresses, virtual servers, and other components to control red team tools. This infrastructure must exist openly on the public Internet and emits signals that, if detected too easily, can end the assessment quickly without much gain, but at considerable expense.

SMOKE seeks to develop automation tools that will enable red teams to increase the effectiveness of cyber security assessments. These tools also could provide red teams with longer cyber security assessment because of their ability to remain hidden.

DARPA’s SMOKE will prototype components that enable red teams to plan, build, and deploy cyber infrastructure that is informed by machine-readable signatures of sophisticated cyber threats.

To ensure realism, DARPA experts will evaluate SMOKE components on real-world networks controlled by SMOKE performers and government partners — first on emulated environments, and perhaps later on live networks, according to