Top Teams' Automated Cybersecurity Systems Preparing for Final Face-off

DARPAs Cyber Grand Challenge Final Event Aims to Usher In New Era of Scalable, Machine-speed Software Search and Repair

The Heartbleed security bug existed in many of the worlds computer systems for nearly two-and-a-half years before it was discovered and a fix circulated in the spring of 2014, by which time it had rendered an estimated half a million of the internets secure servers vulnerable to theft and other mischief. And while Heartbleed was in some respects an outlier, long-lived critical flaws in widely deployed bedrock internet infrastructure are not rare. Analysts have estimated that, on average, such flaws go unremediated for 10 months before being discovered and patched, giving nefarious actors ample opportunity to wreak havoc in affected systems before they move on to exploit new terrain.


The reason for these time lags? In contrast to the sophistication and automation that characterize so much of todays computer systems, the process of finding and countering bugs, hacks and other cyber infection vectors is still effectively artisanal. Professional bughunters, security coders, and other security pros work tremendous hours, searching millions of lines of code to find and fix vulnerabilities that could be taken advantage of by users with ulterior motives.

But what if that system of finding and fixing flaws were just as fast and automated as the computer systems they are trying to protect? What if cyber defense were as seamless, sophisticated, and scalable as the internet itself?

Those are questions at the heart of DARPAs Cyber Grand Challenge, a multiyear program that is set to culminate in Las Vegas next month at a unprecedented, open-to-the-public cyber defense competition to be held in collaboration with DEF CON, one of the worlds largest and most venerable annual hacker conferences. During the one-day event, computer programs developed by seven remarkable teams will vie for millions of dollars in prizes as they compete in the worlds first automated game of Capture the Flag (CTF)—the same game played by top hackers in their annual displays of cyber intrusion and defense acumen.

Playing in a specially created computer testbed laden with an array of bugs hidden inside custom, never-before-analyzed software, the machines will be challenged to find and patch within seconds—not months—flawed code that is vulnerable to being hacked, and find their opponents weaknesses before the defending systems do. The entire event will be elaborately visualized on giant monitors in the Paris Las Vegas Hotels 5,000-person-capacity auditorium while expert "sportscasters" document the historic competition.

And it may not end there. The organizers of DEF CON CTF have boldly invited the winning automated system to compete against the worlds best human hackers in their Capture the Flag competition the following day, Aug. 5. That would be the first-ever inclusion of a mechanical contestant in that event, and could presage the day when, as eventually happened with chess and Jeopardy!, a computer proves to be the Grand Master of cyber defense.

But lets not get a head of ourselves, said Mike Walker, the DARPA program manager who launched the Cyber Grand Challenge in 2013 and who, for the past year, has been increasingly consumed with leading the elaborate preparations for the final event as separate infrastructure teams test and monitor the synthetic operating system on which the event will play and oversee the installation of gigantic chillers to keep the racks of high-performance computers from overheating on game day.

"Unlike the case with self-driving cars, where the path to full autonomy, while challenging, is now just a matter of technological advances, we still dont know if autonomy involving the kind of reasoning thats required for cyber defense makes conceptual sense," Walker said. "We certainly dont expect any machine to win against humans at DEF CON this year. But at a minimum well learn a lot from seeing how the systems fare against each other, and if we can even provide a clear proof of concept for autonomous cyber defense, that would be revolutionary," he said. "In the same way that the Wright brothers first flight didnt go very far but launched a chain of events that quickly made the world a much smaller place, a convincing demonstration that automated cyber defense is truly doable would be a major paradigm shift, and would speed the day when networked attackers no longer have the inherent advantage they enjoy today."

The Cyber Grand Challenge Final Event is free and open to the press, with media opportunities to be scheduled before, during, and after the days event. For registration and other information, including details and videos about the seven competing teams, please visit www.cybergrandchallenge.com and http://www.darpa.mil/news-events/2015-07-08.

Featured Product

JCO Series: NVIDIA Jetson Rugged AI Edge Computers

JCO Series: NVIDIA Jetson Rugged AI Edge Computers

The JCO Series is a line of NVIDIA Jetson rugged AI edge computers. Unlike standard CPUs, the JCO series employs NVIDIA Jetson-Orin modules, introducing an ARM-based SOM (System-on-Module) architecture with CPU, GPU, and RAM on the same module. This integration brings about significant AI performance right to the edge, coupled with a rugged, fanless design suitable for enduring extreme environments. This series highlights low power consumption (7-60 watts) yet delivers high AI performance up to 275 TOPS, a feat difficult for typical x86 solutions to match. The integration of customizable EDGEBoost IO technology and out-of-band remote management features ensures advanced connectivity and maintenance capabilities, solidifying the JCO Series as an essential solution for mission-critical deployments such as AGV & AMRs, security & surveillance, industrial automation, and industrial IoT. With UL listed, E-Mark, FCC, and CE certifications, the JCO Series meets the highest industry standards for ultimate safety and reliability.