ARLINGTON, Va., June 3, 2014 — Computer security experts from academia, industry and the larger security community have organized themselves into more than 30 teams to compete in the Defense Advanced Research Projects Agency’s Cyber Grand Challenge — a first-of-its-kind tournament designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched, DARPA officials announced today.
The winning team from the Cyber Grand Challenge finals stands to receive a cash prize of $2 million. Second place can earn $1 million, and third place $750,000.
DARPA officials also announced today that the organization has reached an agreement to hold the 2016 Cyber Grand Challenge final competition in conjunction with DEF CON, one of the largest computer security conferences in the world.
DARPA’s Cyber Grand Challenge takes aim at an increasingly serious problem, officials said: the inadequacy of current network security systems, which require expert programmers to identify and repair system weaknesses, typically after attackers have taken advantage of those weaknesses to steal data or disrupt processes.
Such disruptions pose greater risks than ever, officials added, as more and more devices, including vehicles and homes, get networked in what has become known as “the Internet of things.”
“Today’s security methods involve experts working with computerized systems to identify attacks, craft corrective patches and signatures and distribute those correctives to users everywhere, a process that can take months from the time an attack is first launched,” said Mike Walker, DARPA program manager. “The only effective approach to defending against today’s ever-increasing volume and diversity of attacks is to shift to fully automated systems capable of discovering and neutralizing attacks instantly.”
To help accelerate this transition, DARPA launched the Cyber Grand Challenge, the first computer security tournament designed to test the wits of machines, not experts. The Challenge plans to follow a “capture the flag” competition format that experts have used for more than 20 years to test their cyber defense skills. That approach requires competitors to reverse-engineer software created by challenge organizers and locate and heal its hidden weaknesses in a live network competition.
The longest-running annual capture-the-flag challenge for experts is held at an annual conference known as DEF CON, and under the terms of a new agreement, the Cyber Grand Challenge final competition is scheduled to collocate with the DEF CON Conference in Las Vegas in 2016. The collocation of those two events means the first all-computer capture-the-flag competition would occur alongside the conference that has hosted and defined that competition format for the past 22 years.
At the event, computers that have made it through a series of qualifying events over the next two years would compete head-to-head in a final tournament. Custom data visualization technology is under development to make it easy for spectators — both a live audience at the conference and anyone watching the event’s video stream worldwide — to follow the action.
DARPA officials anticipate that the two-year Challenge and its culmination in an event synchronized with DEF CON not only will accelerate the development of capable, automated network defense systems, but also will encourage the diverse communities now working on computer and network security issues in the public and private sectors to work together in new ways.
This dynamic is crucial if information security practitioners are to pull ahead of adversaries persistently looking to take advantage of network weaknesses, DARPA officials noted.
During a kickoff event today, DARPA released DECREE, an open-source extension built atop the Linux operating system. Constructed from the ground up as a platform for operating small, isolated software test samples — and incompatible with any other software in the world — DECREE aims to provide a safe research and experimentation environment for the Cyber Grand Challenge. As part of today’s launch, Walker and other organizers are hosting a six-hour interactive conversation with potential competitors and members of the public on Reddit, a community discussion site, from 10 a.m. to 4 p.m. EDT.
As of today, 35 teams from around the world have registered with DARPA to construct and program high-performance computers capable of competing in the Cyber Grand Challenge. Most competitors have entered on the “open track” available to self-funded teams. A parallel “proposal track” consists of teams invited and partially supported by DARPA to develop automated network defense technology.
Those teams represent a mix of participants from industry and academia and will receive seed funding from DARPA until their performance is tested in open competition involving all teams at a major qualification event scheduled for June 2015. Additional teams may register to participate through Nov. 2, 2014.
The seven DARPA-funded Phase 1 competitors are For All Secure, GrammaTech, Lekkertech, SIFT, SRI, Trail of Bits, and the University of California, Berkeley.
Cyber Grand Challenge
Defense Advanced Research Projects Agency