The Defense Advanced Research Projects Agency (DARPA), a wing of the U.S. Defense Department responsible for the development of advanced technologies, has announced the launch of a competition designed to challenge security researchers and vendors to create the first wholly autonomous cyber defense system.
The agency is seeking the development real-time threat mitigation systems that can think and act independently of their human administrators because attackers are routinely taking advantage of the lag time between discovery of a vulnerability, remediation strategies, assessment, testing, and the final deployment of a patch, which can sometime take weeks or months.
“This approach has resulted in an environment of ubiquitous software insecurity that favors attackers over defenders,” DARPA stated.
“To help overcome these challenges, DARPA has launched the Cyber Grand Challenge: a competition that seeks to create automatic defensive systems capable of reasoning about flaws, formulating patches and deploying them on a network in real time. By acting at machine speed and scale, these technologies may someday overturn today’s attacker-dominated status quo.”
The Cyber Grand Challenge is designed to provide prototypes a platform to “compete head-to-head to defend a network,” and will be operated in a manner similar to many popular security tournaments, and the top three teams would receive cash prizes of $2 million, $1 million and $750,000, respectively.
“Competitors would navigate a series of challenges starting with a qualifying event in which a collection of software is automatically analyzed. Competitors would qualify by identifying, proving, and repairing software flaws,” DARPA explained.
“A select group of competitors who display top performance during the qualifying event would be invited to the Cyber Grand Challenge final event, slated for early to mid-2016… Teams would be scored against each other based on how capably their systems can protect hosts, scan the network for vulnerabilities, and maintain the correct function of software.”
DARPA expects the initiative to produce a number of benefits, including:
- Expert-level software security analysis and remediation, at machine speeds on enterprise scales
- Establishment of a lasting competition community for automated cyber defense
- Identification of thought leaders for the future of cybersecurity
- Creation of a public, high-fidelity recording of real time competition between automatic systems
“Realization of this vision will require breakthrough approaches in a variety of disciplines, including applied computer security, program analysis, and data visualization.”
Read More Here…