CybersecurityDARPA’s Cyber Grand Challenge aims to see fully automated network security systems developed

DARPA will host Cyber Grand Challenge together with DEF CON // Source: etnews.com

Teams from around the world start two-year track toward the world’s first tournament of fully automated network security systems.

Computer security experts from academia, industry, and the larger security community have organized themselves into more than thirty teams to compete in DARPA’s Cyber Grand Challenge — first-of-its-kind tournament designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched. DARPA also announced that it has reached an agreement to hold the 2016 Cyber Grand Challenge final competition in conjunction with DEF CON, one of the largest computer security conferences in the world.

DARPA’s Cyber Grand Challenge takes aim at an increasingly serious problem: the inadequacy of current network security systems, which require expert programmers to identify and repair system weaknesses — typically after attackers have taken advantage of those weaknesses to steal data or disrupt processes. Such disruptions pose greater risks than ever as more and more devices, including vehicles and homes, get networked in what has become known as “the Internet of things.” 

“Today’s security methods involve experts working with computerized systems to identify attacks, craft corrective patches and signatures and distribute those correctives to users everywhere — a process that can take months from the time an attack is first launched,” said Mike Walker, DARPA program manager. “The only effective approach to defending against today’s ever-increasing volume and diversity of attacks is to shift to fully automated systems capable of discovering and neutralizing attacks instantly.”

DARPA says that to help accelerate this transition, the agency launched the Cyber Grand Challenge, the first computer security tournament designed to test the wits of machines, not experts. The Challenge plans to follow a “capture the flag” competition format that experts have used for more than twenty years to test their cyber defense skills. That approach requires that competitors reverse engineer software created by challenge organizers and locate and heal its hidden weaknesses in a live network competition.

The longest-running annual capture-the-flag challenge for experts is held at an annual conference known as DEF CON, and under the terms of a new agreement the Cyber Grand Challenge final competition is scheduled to co-locate with the DEF CON Conference in Las Vegas in 2016.

The co-location of those two events means the first all-computer capture-the-flag competition would occur alongside the conference that has hosted and defined the capture-the-flag competition format for the past twenty-two years.

At the event, computers that have made it through a series of qualifying events over the next two years would compete head-to-head in a final tournament. Custom data visualization technology is under development to make it easy for spectators — both a live audience at the conference and anyone watching the event’s video stream worldwide — to follow the action.

DARPA anticipates that the two-year Challenge and its culmination in an event synchronized with DEF CON will not only accelerate the development of capable, automated network defense systems, but also encourage the diverse communities now working on computer and network security issues in the public and private sectors to work together in new ways. This dynamic is crucial if information security practitioners are to pull ahead of adversaries persistently looking to take advantage of network weaknesses.

During a kickoff event today, DARPA released DECREE, an open-source extension built atop the Linux operating system. Constructed from the ground up as a platform for operating small, isolated software test samples — and incompatible with any other software in the world — DECREE aims to provide a safe research and experimentation environment for the Cyber Grand Challenge.

As part of the Cyber Grand Challenge launch, Walker and other organizers hosted a six-hour interactive conversation with potential competitors and members of the public on Reddit, a community discussion site.

As of today, thirty-five teams from around the world have registered with DARPA to construct and program high-performance computers capable of competing in the Cyber Grand Challenge. Most competitors have entered on the “open track” available to self-funded teams. A parallel “proposal track” consists of teams invited and partially supported by DARPA to develop automated network defense technology. Those teams represent a mix of participants from industry and academia and will receive seed funding from DARPA until their performance is tested in open competition involving all teams at a major qualification event scheduled for June 2015. Additional teams may register to participate through 2 November 2014.

The winning team from the CGC finals stands to receive a cash prize of $2 million. Second place can earn $1 million, and third place $750,000.