Want to Win $2 Million? Build DARPA a Better Cyber Defense

Andrey_Popov via Shutterstock

AA Font size + Print

DARPA is offering a $2 million prize to anyone who can build an automated, instantaneous cyber defense for the Pentagon’s networks. By Kedar Pavgi

Hackers of the future beware: you may one day fight against robots safeguarding the Pentagon’s computer networks with instantaneous cyber defenses.

DARPA, the Defense Advanced Research Project Agency, is planning a first-of-a-kind “Cyber Grand Challenge” to help develop an automatic system capable of instantaneously responding to network attacks while also monitoring for vulnerabilities. “With the Cyber Grand Challenge, we intend a similar revolution for information security,” said DARPA program manager Mike Walker, in a statement on Tuesday. “Today, our time to patch a newly discovered security flaw is measured in days. Through automatic recognition and remediation of software flaws, the term for a new cyber attack may change from zero-day to zero-second.”

DARPA says that the competition would include computer security experts from across the country, especially those who regularly participate in the Capture the Flag competitive hacking circuit. The agency expects teams to develop systems that can self-test for security holes, develop software patches and scale its response to all computers on a network, in the blink of an eye. The competition is scheduled to take place in 2016, and the winner would take home $2 million. DARPA hopes that the challenge model, which was used to spark the self-driving car revolution, will also kick-start the development of these automated systems.

Agency officials expect to issue a second call for technologies that support the competition. Interested competitors will be able to learn about the contest when the agency hosts two Challengers’ Days, in Arlington, Va., and on the west coast.

Senior Pentagon officials have long supported the concept of an automated cyber-defense. In an interview with Foreign Policy last September, the Defense Department’s Chief Information Officer Teri Takai said that automated cyber defenses were the only way that the Pentagon would be able to feasibly respond to the daily flood of network attacks.

The competition couldn’t come soon enough. A Pentagon report in May said that the Chinese military and government was targeting “numerous computer systems around the world, including those owned by the U.S. government.” Additionally, the Washington Post cited a confidential report from the Defense Science Board that said that Chinese hackers had broken into the Pentagon’s networks, possibly compromising the designs of many major weapons systems, including the V-22 Osprey and the F-35 Joint Strike Fighter.

“The growth trends we’ve seen in cyber attacks and malware point to a future where automation must be developed to assist IT security analysts,” said Dan Kaufman, DARPA Information Innovation Office director. 

(Image by Andrey_Popov via Shutterstock)

Close [ x ] More from DefenseOne

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.


When you download a report, your information may be shared with the underwriters of that document.