Government // Cybersecurity
News
12/9/2013
10:50 AM
50%
50%

DARPA Cyber Defense Challenge: $2 Million Prize

Defense research agency's Cyber Grand Challenge aims to close the gap between vulnerability discovery and remediation.

One of the biggest problems facing computer network administrators is the lag between the discovery of a cyber-vulnerability or an attack and the time it takes before the incident is remedied across the entire network. The Defense Advanced Research Projects Agency (DARPA) is looking to address that by sponsoring a Cyber Grand Challenge.

First announced in October, the agency has released new details for potential participants in the tournament. DARPA is trying to advance the development of automated cyber-reasoning by having competing teams develop systems capable of evaluating software, identifying flaws, creating patches, and deploying them on a network in real-time.

According to a broad agency announcement, competitors can choose one of two tracks: an unfunded track, where competitors will underwrite the cost of the competition themselves; and a funded track, in which teams can apply for funding. DARPA will make a determination of teams' qualifications and select competitors.

[Keep up with DARPA's latest initiatives. See 10 Cool DARPA Projects In Development.]

This kind of automated system, called program analysis, "has been around for quite a while. The feeling is that it's on the verge of a breakthrough and ready to move out of the lab and into the field," said Mike Walker, the DARPA program director for the challenge, in a Dec. 6 telephone conference call with reporters. The unmanned cyberdefense tournament will last more than two years; the overall winner will receive a first-place prize of $2 million, with the second-place finisher receiving $1 million, and third place getting $750,000. 

Walker said there is "a lot of interest" in the security community, but he declined to say how many teams have registered to date. The field of competitors will compete in a qualification round, currently scheduled for June 2015. The final round is planned for July 2016.

DARPA is designing a custom environment for the competition, to provide "a field of their own," Walker said. "The software written just for the competition is given to the competitors at the same time." The point is not to test the teams' knowledge of existing software, operating systems, and bugs, but to test the analytical skills of the teams' automated products, he told us.

"Analysis of code will work on known and unknown protocols. We want to make sure our measurement is not polluted -- if I know there are unknown protocols in there, I will focus entirely on adaptation capability."

Walker said the challenge would be based on the C-language family, with binaries created just for the challenge. The broad agency announcement includes a list of known defect types published by Mitre, a nonprofit, federally funded research and development firm, so that teams will have an idea of the kinds of realistic flaws the challenge will require them to find and fix.

While the long-term goal is to develop a deployable network defense that can protect military networks, Walker said the agency is not expecting that outcome by the end of this competition

"If we look at the 2004 Vehicle Grand Challenge," for teams to build self-driving vehicles to negotiate a 150-mile desert course, "those prototypes were not ready to roll out of the competition and onto America's highways," he said. "I think that what we're going to transition out of this is the lessons of competition, the ideas, and the correct application of how to build [this]."

Moving email to the cloud has lowered IT costs and improved efficiency. Find out what federal agencies can learn from early adopters in The Great Email Migration report. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
12/10/2013 | 9:36:59 AM
Really big challenge and will be fun to watch
As if the prize-money is not incentive enough, DARPA's goal -- development of an automated network defense that can evaluate software, identify patches and deploy them in real time -- is an exciting outcome in its own right. I look forward to reading more about the teams as they are announced and begin their qualification rounds in June 2015.

 

 
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.