The inadequacy of current network security systems is no secret – they often require expert programmers to identify and repair system weaknesses, typically after attackers have taken advantage of those weaknesses to steal data or disrupt processes. Such disruptions pose greater risks than ever as more and more devices, including vehicles and homes, get networked in the Internet of Things.
To help pioneer more resilient, self-healing systems, computer security experts from academia, industry and the larger security community have now organized themselves into 35 teams to compete in DARPA’s upcoming Cyber Grand Challenge – a two-year tournament announced last October that’s designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched. The winning team from the CGC finals stands to receive a cash prize of $2 million. Second place can earn $1 million and third place $750,000.
DARPA has also announced that it has reached an agreement to hold the 2016 Cyber Grand Challenge final competition in conjunction with DEF CON, one of the largest computer security conferences in the world.
“Today’s security methods involve experts working with computerized systems to identify attacks, craft corrective patches and signatures and distribute those correctives to users everywhere – a process that can take months from the time an attack is first launched,” said Mike Walker, DARPA program manager, in a statement. “The only effective approach to defending against today’s ever-increasing volume and diversity of attacks is to shift to fully automated systems capable of discovering and neutralizing attacks instantly.”
The challenge plans to follow a “capture the flag” competition format that experts have used for more than 20 years to test their cyber defense skills. The approach requires that competitors reverse-engineer software created by challenge organizers and locate and heal its hidden weaknesses in a live network competition.
In the final, computers that have made it through a series of qualifying events over the next two years will compete head-to-head in a final tournament. Custom data visualization technology is under development to make it easy for spectators – both a live audience at the conference and anyone watching the event’s video stream worldwide – to follow the action.
DARPA anticipates that the multiyear challenge will not only accelerate the development of capable, automated network defense systems, but also encourage the diverse communities now working on computer and network security issues in the public and private sectors to work together in new ways. It’s a crucial goal if information security practitioners are to pull ahead of adversaries persistently looking to take advantage of network weaknesses.
During a kickoff event this week, DARPA released DECREE, an open-source extension built atop the Linux operating system. Constructed from the ground up as a platform for operating small, isolated software test samples – and incompatible with any other software in the world – DECREE aims to provide a safe research and experimentation environment for the Cyber Grand Challenge.
So far, 35 teams from around the world have registered with DARPA to construct and program high-performance computers capable of competing in the Cyber Grand Challenge. Most competitors have entered on the “open track” available to self-funded teams. A parallel “proposal track” consists of teams invited and partially supported by DARPA to develop automated network defense technology. Those teams represent a mix of participants from industry and academia, and will receive seed funding from DARPA until their performance is tested in open competition involving all teams at a major qualification event scheduled for June 2015. Additional teams may register to participate through November 2, 2014.