Oct 25, 2013 (06:10 AM EDT)
DARPA Dangles $2 Million For Security Automation Idea
Read the Original Article at InformationWeek
Teams participating in the Cyber Grand Challenge will build fully automated network defense systems that compete against each other by evaluating software, testing for vulnerabilities, creating security patches and applying them to protected computers on a network, DARPA said. The concept is similar to computer security tournaments involving trained experts, but in this case unmanned systems will be competing.
The evolution of cyber-attacks and malware is driving the need for automation in IT security analysis. Thus the goal of the Cyber Grand Challenge is to create a self-patching system that could respond to attacks, and even go a step further by reconciling security problems before they happen. "Today, our time to patch a newly discovered security flaw is measured in days. Through automatic recognition and remediation of software flaws, the term for a new cyber-attack may change from zero-day to zero-second," DARPA program manager Mike Walker said in a written statement.
[ "Peace Corps for Geeks" offers important lessons to IT professionals while helping local government. Read Code For America Made Me A Better IT Leader. ]
The cyber competition will take place on a "network framework purpose-built to interface with automatic systems," according to DARPA. Competitors will have a series of challenges, including a qualifying event where a collection of software will be analyzed. Teams that qualify will need to automatically identify, analyze and repair software flaws. Top experts from various computer security disciplines, such as reverse engineering, formal methods and program analysis are expected to participate. The agency said it will host teaming forums on the official Cyber Grand Challenge website to promote extensive participation.
A select group of top competitors will join the Cyber Grand Challenge final event, scheduled for early to mid-2016. In that event, each team's system will be required to automatically identify software flaws and scan the network to find affected hosts. The highest scores will go to systems that are most capable of protecting hosts, scanning the network for vulnerabilities and maintaining software function.
The winning team will receive $2 million. $1 million will go to second-place competitors, and third place teams will get $750,000.
This isn't the first time that DARPA has shelled out millions of dollars for such a competition. The tradition of DARPA Grand Challenges started with self-driving cars. In October 2005, Stanford University's robotic vehicle, Stanley, won $2 million for beating out the competition and finishing a 132-mile course through the Mojave Desert. The Robotics Challenge -- focusing on autonomous robots -- followed. That challenge kicked off in October 2012 and is scheduled to run through 2014, with three planned competitions, one virtual and two live.