Cyber Grand Challenge offers millions for better cyber defense

The Defense Advanced Research Projects Agency is known for setting up competitions such as its Robotics Challenge, a prize competition that leverages public-private partnerships to develop semi-autonomous robots. The agency will be taking a similar approach in tackling another problem: cybersecurity.

DARPA’s Cyber Grand Challenge (CGC) seeks to speed the development of automated security systems to rapidly respond to cyberattacks – participants will be competing against each other in a tournament to be held in 2016. Today, DARPA announced the first group of 35 teams in the tournament.

The teams will compete for cash prizes – $2 million for the winner, $1 million for second place and $750,000 for third.

Current security systems require cyber experts to identify and repair systems weaknesses, usually as a reaction to attacks that have already occurred. Cyberattacks are also growing more dangerous as more devices, such as cars and homes, are connected to the Internet.

“Today’s security methods involve experts working with computerized systems to identify attacks, craft corrective patches and signatures and distribute those correctives to users everywhere — a process that can take months from the time an attack is first launched,” Mike Walker, DARPA program manager, said in a DARPA release. “The only effective approach to defending against today’s ever-increasing volume and diversity of attacks is to shift to fully automated systems capable of discovering and neutralizing attacks instantly.”

These automated systems will be put through their paces in a traditional “capture the flag” format that has been used by cybersecurity experts for more than 20 years. The participants will have to be able to reverse-engineer software created by DARPA, locating and healing system vulnerabilities in a live network competition. Not all of teams will be expected to make it to the final event – competitors will have to pass qualifying in the next two years in order to compete in the final tournament, which will be publically streamed using custom data visualization technology that is currently being developed.

The CGC event will be held in conjunction with the 2016 Las Vegas DEF CON event, one of the world’s largest annual hacking conferences. According to DARPA, this will mean that the first all-computer capture-the-flag will take place at alongside the conference that defined the traditional hacker-versus-hacker capture-the-flag competition for the past 22 years.

Computer systems developed for CGC might even get a chance to compete against humans.

“After our CGC final event in 2016, the decision to enter an automated system in DEF CON CTF will be up to the teams that built the systems,” Walker said in an online forum discussion on Reddit earlier this year. “That said, I think this event would be historic, and if it happens I'll be sure to attend.”

DARPA is hoping that the competition will accelerate the development of automated network defense systems, as well as bring together experts from the public and private sectors. Most of the 35 teams that will be competing have entered on the self-funded “open track,” while others were invited on a parallel “proposal track” that is partially supported by DARPA funding. All teams will be tested in a major qualification event scheduled for June 2015.

Meanwhile, new teams can register to participate until Nov. 2, 2014. Additional information can be found at the CGC website. DARPA also will hold a six-hour interactive conversation on Reddit from 10 a.m. to 4 p.m. Eastern time on June 3.