Our Work


The Department of Homeland Security (DHS), National Security Agency (NSA), and Johns Hopkins University Applied Physics Laboratory (JHU-APL) have formed a partnership to conduct jointly-sponsored research — in collaboration with the private sector — resulting in a strategy for increasing the speed and scale of cyber defenses by leveraging automation to enhance the effectiveness of human defenders, moving them outside the response loop into a response planning and approval role “on the loop” of cyber defense. Integrated Adaptive Cyber Defense defines a framework - including reference architectures, draft specifications for interoperability, use cases and implementation examples - to adopt this extensible, adaptive approach to cybersecurity operations.

Our Approach is to rapidly and iteratively implement a series of reference implementations, each exploring specific use cases in order to:

  • Prove concepts using integrations of commercial products
  • Provide insights into potential challenges
  • Identify gaps in technology, availability of commercial solutions, policies and standards
  • Gather requirements to facilitate appropriate standards development

For a complete list of IACD Documents please click here.

IACD logos

Spiral Summaries

During a period of 90 days, JHU/APL selects IACD concepts to research, architect, and implement. In a world where cyber security and technology are rapidly advancing, this fast paced spiral development plan aims to keep up with the cyber defense community as well as to develop and advance complex concepts. JHU/APL is currently in their 7th iteration of spiral development exploring, "Trust, Automated, Response Actions Across Environments". The timeline below offers brief summaries of the outcomes from each of the past spirals.

Spiral Timeline »


The IACD architecture is intended to be a flexible, extensible, and interoperable framework with which vendors, users, and stakeholders can consider the critical elements of IACD and what is necessary to integrate a variety of products to meet the specific of a given enterprise. Additionally, the IACD architecture is continually being updated to reflect recent research, analysis, and experimentation.

Relevent Documents:

IACD Baseline Reference Architecture *We want your feedback!


In order help the community to adopt and implement IACD certain capabilities and services require specifications. The intent is to provide the cyber defense community with minimum sets of requirements for particular IACD components. The intent of specifications is to help further define IACD components so that products that currently exist or products being developed currently can align themeselves with IACD capabilties and services. Additionally, the goal of the specifications is to illicit feedback from the community to be leveraged.

Relevent Documents:

Orchestration Thin Specification *We want your feedback!

Integration Development

Spiral integration work, whether experimental in nature or supporting a pilot implementation, is a critical element in advancing the IACD framework and adoption of IACD capabilities. Insight derived from this work supports the development and refinement of the reference materials posted on this website (e.g., architecture) as well as provides worked examples that others can use to develop and implement their own IACD solutions.


One critically important missing piece of IACD is the connection between an organization’s policies and procedures with an SA&O vendor’s capabilities. Playbooks can bridge this gap by showing how an SA&O vendor is able to satisfy a client’s policy and procedure requirements through repeatable and auditable processes, with points where security automation can be implemented.

Relevent Documents:

Introduction (PDF)
Content Types (PDF)