Cyber Grand Challenge aims to speed security automation
This week, DARPA announced a “first-of-its-kind tournament” designed to speed the development of automated security systems able to defend against cyberattacks.
The challenge addresses the inadequacy of current network security systems, which require programmers to identify and repair system weaknesses – usually after an attack. As network complexity grows, however, defenders have an increasingly difficult task because they must anticipate and prepare for any possible flaw. Meanwhile, attackers only have to find one flaw to break a system.
Only automation can upend these economics, the agency said.
“The only effective approach to defending against today’s ever-increasing volume and diversity of attacks is to shift to fully automated systems capable of discovering and neutralizing attacks instantly,” said Mike Walker, DARPA program manager at the Defense Advanced Research and Projects Agency.
DARPA officials said they anticipate that the two-year challenge will accelerate development of automated network defense systems and encourage the diverse communities now developing computer and network security to work together in new ways.
This dynamic is crucial if information security practitioners are to pull ahead of adversaries persistently looking to take advantage of network weaknesses, DARPA officials noted.
According to DARPA, the challenge will follow a “capture the flag” format, which requires competitors to reverse-engineer software and locate and heal its hidden weaknesses in a live network competition.
The winning team from the Cyber Grand Challenge finals stands to receive a cash prize of $2 million. Second place can earn $1 million, and third place $750,000.
Additionally, DARPA developed an open source platform built for security research and competition. Now on GitHub, the DARPA Experimental Cyber Research Evaluation Environment (DECREE) is incompatible with any other software in the world, which the agency said will provide a safe research and experimentation environment for the Cyber Grand Challenge.
Officials also announced that they will hold the final competition in conjunction with DEF CON, one of the largest computer security conferences in the world and the site of the longest-running annual capture-the-flag challenge for computer security experts.
At the event, competitors that have made it through a series of qualifying events over the two years of the Challenge will go head-to-head in a final tournament. Custom data visualization technology is under development to make it easy for spectators – both a live audience at the conference and anyone watching the event’s video stream worldwide – to follow the action.
So far, 35 teams from around the world have registered with DARPA to construct and program high-performance computers capable of competing in the Cyber Grand Challenge.
For more information, visit the Cyber Grand Challenge website or check the Reddit AMA hosted by DARPA’s Mike Wallace and Chris Eagle.
Connect with the GCN staff on Twitter @GCNtech.