The culmination of the world’s first tournament of automated computer security systems is set to take place in Las Vegas, Nevada on August 4. The Cyber Grand Challenge (CGC) will be hosted by DARPA (Defense Advanced Research Projects Agency) in the Paris Hotel, where seven security teams will put their automated systems to the test for a chance to win almost $4 million in prizes.
“Today's approach to cybersecurity depends on computer security experts: experts identify new flaws and threats and remediate them by hand. This process can take over a year from first detection to the deployment of a solution, by which time critical systems may have already been breached,” according to information on the event Web site.
The goal of the CGC is to promote the automation of cyber defense. The event will field the first generation of machines that can discover, prove and fix software flaws in real-time, without any assistance. If successful, the speed of autonomy could someday blunt the structural advantages of cyber offense, according to the CGC.
Capture the Flag
The contest is being held in conjunction with DEF CON, one of the world’s largest computer security and hacking conferences. The event will consist of seven prototype automated defense systems squaring off against each other in a game of Capture the Flag.
Although it sounds like the schoolyard game played at recess, Capture the Flag is actually considered one of the ultimate test of wits in the field of computer security. Hackers and other system security experts regularly use the game, which consists of finding, proving, and fixing bugs and vulnerabilities planted in systems, to train and hone their skills.
To win, competitors have to reverse-engineer software, probe its weaknesses, search for deeply hidden flaws and create securely patched replacements. While Capture the Flag contests are regular occurrences in the cybersecurity sector, CGC will be the first such contest in which all of the contestants are computer systems.
Rise of the Machines
The CGC finalists consist of the top seven scoring teams from from the first year of the CGC. On June 3, 2015, each finalist fielded an autonomous system that found and fixed enough vulnerabilities to gain an invitation to the final event. The seven teams consist of large private sector groups, university off-shoots, startups, academic researchers, and hacker community competition veterans.
The ability of automated systems to address vulnerabilities and malware represents a major opportunity for cybersecurity. At the moment, the job of finding and fixing vulnerabilities rests entirely in human hands. As more devices become connected and attacks grow more sophisticated, the small number of people with the skills to protect computer systems is becoming increasingly overwhelmed.
While automated systems already have the speed and the scale to protect sensitive networks, they currently lack the expertise and intelligence necessary to discover, prove, and fix system vulnerabilities. If the seven prototype systems competing at CGC are able to hang with the best human experts, it will be a big step forward in automated security.