A dozen years ago the Defense Advanced Research Projects Agency (DARPA) held its first “grand challenge” to see if autonomous automobiles could cross a 240-kilometer stretch of the Mojave Desert on their own. Mechanical problems and mishaps ended the race before any of the competitors had gone more than 12 kilometers. DARPA, the U.S. Department of Defense’s research arm, is looking for a better outcome Thursday in its inaugural Cyber Grand Challenge, where seven autonomous computers battle one another in what the agency claims is the “world’s first all-machine hacking tournament.”
DARPA announced the competition a couple of years ago, challenging computer programmers to create machines that could find and fix flaws in their software without human intervention. At a live event Thursday evening in Las Vegas at the annual DEF CON hacker conference, seven Cyber Grand Challenge finalists are preprogramming their computers to play a digital version of “capture the flag". The key to victory and the $2-million prize is to successfully defend one’s digital “flags”—bits of data written into programs running on the computers—from other teams’ cyber attacks while at the same time attacking competitors’ computers to find their flags.
Just as DARPA’s earlier challenges helped pave the way for advances in self-driving vehicles, the agency wants its Cyber Grand Challenge to uncover ways that connected devices can be programmed to defend themselves against cyber attack. Computers and networks are regularly under attack, leading to data breaches, identity theft and number of other headaches that have become part of modern life. One recent high-profile cyber attack on Democratic National Committee (DNC) computers led to the theft of more than 19,000 committee e-mails and created speculation that the Russian government might be trying to tamper with the upcoming presidential election. As medical equipment, automobiles and home appliances increasingly connect to public networks to create the so-called Internet of Things, cyber attacks could become even more widespread and dangerous.
It takes software companies an average of a year to find and fix security flaws in their software, giving cyber intruders ample time to install malicious software (malware) that can steal users’ sensitive information, says Mike Walker, the DARPA program manager overseeing the Cyber Grand Challenge. DARPA’s new competition is about bringing autonomy to the cyber domain—inside the logic and memory of network computers—so that flaws can be found and fixed in minutes or seconds rather than months, he says.
Competitors wrote their own “cyber reasoning system” software that will run on computers supplied by DARPA for the final round. Over the course of the 10-hour competition this software should identify flaws in other programs running on the computer and automatically defend them from attack as well as probe competitors’ computers for flaws. Each computer in the final round runs on a special DARPA-written operating system and features about 1,000 processing units, or “cores,” and 16 terabytes of RAM.
DARPA awarded each finalist team $750,000 to help them prepare for the final round. Some of the teams include programmers from academia including the University of Idaho, University of Virginia, University of California, Santa Barbara and Syracuse University. Others hail from tech industry veteran Raytheon, as well as a number of cybersecurity startups. Shortly after DARPA names the Grand Challenge winner on Friday, that team’s software will engage in a second capture the flag competition, this time against human hackers.