Security Challenge from DARPA

Thursday, October 24, 2013 @ 06:10 PM gHale

Defense Advanced Research Projects Agency (DARPA) takes security seriously.

So much so, its is holding a Grand Challenge competition with a $2 million prize to build a “fully automated cyber defense system” that protects itself from hackers, responds to attacks and even updates its own code in real-time, without humans helping.

RISI: Industry Attacks Growing
Cost of Cyber Crime Skyrockets
Threats: Manufacturers use ‘Yesterday’s Technology’
Cost of Cyber Crime Skyrockets

“The [Cyber Grand Challenge] seeks to engender a new generation of autonomous cyber defense capabilities that combine the speed and scale of automation with reasoning abilities exceeding those of human experts,” said the request for proposals. “In fully autonomous defense, a cyber system capable of reasoning about software will create its own knowledge, autonomously emitting and using knowledge quanta such as vulnerability scanner signatures, intrusion detection signatures, and security patches.”

While DARPA’s description of the contest focuses on defense, it also describes a series of competitive events.

The final showdown in 2016 will pit automated systems against each other in something like an unmanned version of the cyber security capture the flag competitions that take place at security conventions. The winner of that final event would receive $2 million, with $1 million for the second place finisher and $750,000 for third place.

DARPA’s two previous Grand Challenges centered on a very different kind of autonomous innovation: self-driving cars. In 2004, 25 teams raced unmanned, autonomous cars on a 7 mile desert course for a $1 million prize. None reached the finish line. The next year another Grand Challenge was held, and won by a Stanford team led by professor Sebastian Thrun, whose adapted Volkswagen Touareg named Stanley successfully negotiated a 132-mile course in just under seven hours to claim that year’s million-dollar prize.

The Grand Challenge request for proposals, issued by DARPA’s Information Innovation Office, said the Department of Defense and its contractors are caught in a “constant cycle of intrusion, compromise discovery, patch formulation, patch deployment and recovery,” and that keeping up with that cycle of discovery and defense is an “artisan process, often requiring skilled analysts to spend weeks or months analyzing a problem.”

In an age of pervasive intrusions by state-sponsored foreign hackers stealing data from the government and the private sector, that manual process alone can’t keep up.

“The growth trends we’ve seen in cyber attacks and malware point to a future where automation must be developed to assist IT security analysts,” said Dan Kaufman, head of DARPA’s Information Innovation Office.

Leave a Reply

You must be logged in to post a comment.