Cyber teams ready to throw down in Grand Challenge

The teams are ready, the rules have been set and now seven automated programs will take on the difficult challenge of finding and patching bugs within a computer system in a matter of seconds, rather than the months it has proven to take with traditional security practices.

The teams taking part in the Defense Advanced research Projects Agency’s Cyber Grand Challenge this coming week in conjunction with the DEF Con Hacking Conference in Las Vegas will be looking to apply automated systems to counter what has become a common problem. As DARPA points out in an announcement, bugs such as Heartbleed can hide out in computer systems for months or longer (in Heartbleed’s case, for about two and a half years) enabling them to wreak a lot of havoc before being discovered.

The crux of the problem is that, for all the cybersecurity tools that currently exist, isolating and identifying a malware threat still requires a lot of manual labor. Cybersecurity pros have to sift through millions of lines of code in order to find and counter bugs, viruses or other threats, DARPA said. It’s the kind of big data dilemma faced in other fields as well, such as intelligence gathering. As Dr. Steve “Cap” Rogers, the Air Force’s principle scientific authority for automatic target recognition and sensor fusion, said at last year’s GEOINT Symposium, when it comes to analyzing huge amounts of data, “the state of the art is people—throwing people at the problem.”

DARPA’s challenge looks to ease the burden on cybersecurity experts by letting the machines do more of the heavy lifting. Teams will compete Aug. 4 in a computer testbed trying to find and patch a variety of bugs hidden inside software that has never been analyzed, and see if they can do it almost instantaneously. The winner will get an additional challenge the next day, going up against top human hackers in human hackers in a Capture the Flag competition.

The possibility of automated systems finding and eliminating bugs holds a lot of promise—and DARPA’s prize money of $2 million for first place, $1 million for second and $750 thousand for third encourages participation—but Mike Walker, program manager for the Cyber Grand Challenge, warns that the complexity of cyberspace means that solutions won’t be found easily.

“Unlike the case with self-driving cars, where the path to full autonomy, while challenging, is now just a matter of technological advances, we still don’t know if autonomy involving the kind of reasoning that’s required for cyber defense makes conceptual sense,” Walker said in DARPA’s release. “We certainly don’t expect any machine to win against humans at DEF CON this year. But at a minimum we’ll learn a lot from seeing how the systems fare against each other, and if we can even provide a clear proof of concept for autonomous cyber defense, that would be revolutionary.”

“In the same way that the Wright brothers’ first flight didn’t go very far but launched a chain of events that quickly made the world a much smaller place, a convincing demonstration that automated cyber defense is truly doable would be a major paradigm shift, and would speed the day when networked attackers no longer have the inherent advantage they enjoy today.”

For more information on the teams taking part and the time of the event, visit www.cybergrandchallenge.com/.