DARPA Cyber Defense Challenge: $2 Million Prize - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
10:50 AM

DARPA Cyber Defense Challenge: $2 Million Prize

Defense research agency's Cyber Grand Challenge aims to close the gap between vulnerability discovery and remediation.

One of the biggest problems facing computer network administrators is the lag between the discovery of a cyber-vulnerability or an attack and the time it takes before the incident is remedied across the entire network. The Defense Advanced Research Projects Agency (DARPA) is looking to address that by sponsoring a Cyber Grand Challenge.

First announced in October, the agency has released new details for potential participants in the tournament. DARPA is trying to advance the development of automated cyber-reasoning by having competing teams develop systems capable of evaluating software, identifying flaws, creating patches, and deploying them on a network in real-time.

According to a broad agency announcement, competitors can choose one of two tracks: an unfunded track, where competitors will underwrite the cost of the competition themselves; and a funded track, in which teams can apply for funding. DARPA will make a determination of teams' qualifications and select competitors.

[Keep up with DARPA's latest initiatives. See 10 Cool DARPA Projects In Development.]

This kind of automated system, called program analysis, "has been around for quite a while. The feeling is that it's on the verge of a breakthrough and ready to move out of the lab and into the field," said Mike Walker, the DARPA program director for the challenge, in a Dec. 6 telephone conference call with reporters. The unmanned cyberdefense tournament will last more than two years; the overall winner will receive a first-place prize of $2 million, with the second-place finisher receiving $1 million, and third place getting $750,000. 

Walker said there is "a lot of interest" in the security community, but he declined to say how many teams have registered to date. The field of competitors will compete in a qualification round, currently scheduled for June 2015. The final round is planned for July 2016.

DARPA is designing a custom environment for the competition, to provide "a field of their own," Walker said. "The software written just for the competition is given to the competitors at the same time." The point is not to test the teams' knowledge of existing software, operating systems, and bugs, but to test the analytical skills of the teams' automated products, he told us.

"Analysis of code will work on known and unknown protocols. We want to make sure our measurement is not polluted -- if I know there are unknown protocols in there, I will focus entirely on adaptation capability."

Walker said the challenge would be based on the C-language family, with binaries created just for the challenge. The broad agency announcement includes a list of known defect types published by Mitre, a nonprofit, federally funded research and development firm, so that teams will have an idea of the kinds of realistic flaws the challenge will require them to find and fix.

While the long-term goal is to develop a deployable network defense that can protect military networks, Walker said the agency is not expecting that outcome by the end of this competition

"If we look at the 2004 Vehicle Grand Challenge," for teams to build self-driving vehicles to negotiate a 150-mile desert course, "those prototypes were not ready to roll out of the competition and onto America's highways," he said. "I think that what we're going to transition out of this is the lessons of competition, the ideas, and the correct application of how to build [this]."

Moving email to the cloud has lowered IT costs and improved efficiency. Find out what federal agencies can learn from early adopters in The Great Email Migration report. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Author
12/10/2013 | 9:36:59 AM
Really big challenge and will be fun to watch
As if the prize-money is not incentive enough, DARPA's goal -- development of an automated network defense that can evaluate software, identify patches and deploy them in real time -- is an exciting outcome in its own right. I look forward to reading more about the teams as they are announced and begin their qualification rounds in June 2015.


COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll