October 24, 2013
DARPA Wants Hackers, Developers To Design Better Defense Systems
Michael Harper for redOrbit.com - Your Universe Online
The Defense Advanced Research Projects Agency (DARPA) has put out the call to developers and hackers to create a “fully automated cyber defense system” that is capable of protecting itself from digital attacks as well as launching these attacks against other systems.
According to DARPA, it’s not simply enough for a defense system to know when it’s being attacked, it must also heal and protect itself without any human assistance. To encourage developers to build such a system, DARPA is holding the first-ever Cyber Grand Challenge (CGC), a so-called “tournament” for fully automated defense systems. The winning team will walk away with a $2 million prize; second place earns $1 million and third place receives $750,000. The first tournament, said to be like a virtual capture-the-flag contest, won’t take place until 2016, meaning teams not only have over two years to prepare, they’ll also have to be prepared to potentially use technology that isn't even available yet.
“DARPA’s series of vehicle Grand Challenges were the dawn of the self-driving car revolution,” explained DARPA’s program manager Mike Walker in a press statement.
“With the Cyber Grand Challenge, we intend a similar revolution for information security. Today, our time to patch a newly discovered security flaw is measured in days. Through automatic recognition and remediation of software flaws, the term for a new cyber-attack may change from zero-day to zero-second,” said Walker.
In the driverless car challenges mentioned by Walker, teams had to build and race an autonomous vehicle on a seven-mile-long desert course. Though a $1 million prize was offered, no team could complete the course in 2004. The next year a team from Stanford took the prize after their converted Volkswagen Touareg navigated the desert without a driver for 132 miles. The professor in charge of this team is now working to develop Google’s first autonomous car, according to Forbes.
The teams that aim to compete in the 2016 Cyber Grand Challenge are being asked to rely on a variety of computational disciplines to create the completely autonomous defense system. Once in competition, these systems will not only have to learn from their competitors attacks and adapt to them, they’ll also have to go on the offensive to bring their rivals down. This, says DARPA’s director of information innovation office, is necessary to protect the Nation’s networks against increasingly sophisticated attacks.
“The growth trends we’ve seen in cyber attacks and malware point to a future where automation must be developed to assist IT security analysts,” said Dan Kaufman, head of DARPA’s Information Innovation Office.
Teams must compete in a series of events, including a qualifying round wherein the automated systems must first collect a piece of software, analyze it and repair its flaws. The qualifying round will kick off in mid-2016.
The government isn’t the only entity online that has offered a bounty for security flaws.
Facebook has a standing offer to pay any hacker $500 when he or she reports a repeatable and valid security bug.
Earlier this year a Palestinian IT expert named Khali Shreateh attempted to report a flaw that allowed users to post to other users’ walls, but Facebook’s security team failed to recognize the issue. In August Shreateh made headlines when he used the flaw to report the bug on Mark Zuckerberg’s own wall. Though he was denied his $500, the IT community pitched in and donated more than $11,000 for his work.