In-brief: A hacker capture the flag tournament will take place without any human intervention. It’s the final competition in DARPA’s Cyber Grand Challenge, a contest to spur developments in automation and artificial intelligence to solve cyber security problems.
Advancements in automation and artificial intelligence will be on display in Las Vegas next month as the Department of Defense’s Advance Research Projects Agency (DARPA) uses the upcoming Black Hat and DEF CON hacker conferences in Las Vegas to promote its latest audacious bid: building computers that can compete with the best hackers in the world in a game near and dear to any aspiring hacker: capture the flag.
The CGC final event is billed as an all computer cyber defense tournament intended to showcase advancements in automated threat detection and response. Seven teams from the private sector and leading universities will compete for $3.75 million in prize money at an event staged at The Paris Hotel and Casino in Las Vegas, in the shadow of the Black Hat and DEF CON conferences.
The goal of the Cyber Grand Challenge (CGC) is to stimulate research on autonomy in cyber security. The program dates to October, 2013, when DARPA posted a challenge to develop autonomous cyber reasoning systems. More than 100 initial respondents to that call have been winnowed in three qualifying events. The final seven teams will go at it next month in Las Vegas. With $2 million for the first place finisher, $1 million for the second place finisher and $750,000 for the third place finisher.
Behind the event is growing concern that cyber “offense” of the kind carried out by sophisticated cyber criminal syndicates and nation states is moving well ahead of “defense” – teams of overburdened information security professionals charged with protecting sensitive networks and data. Hacks at the federal Office of Payroll Management (OPM) and, as recently disclosed, the Federal Deposit Insurance Corporation (FDIC), which a new report says was compromised for years by hackers believed to be working on behalf of the China.
[Read more Security Ledger coverage of DARPA here.]
Experts see computers – armed with artificial intelligence and automation – as a possible solution to the problem. If computers can be trained to identify and respond to computer intrusions in ways that are both subtle and effective, it could alleviate the burden on short-staffed information security teams.
“Right now machines have the speed and scale but not the expertise. People have the expertise but they don’t have the speed or scale,” said Mike Walker, DARPA Program Manager for the CGC.
Scale will be particularly important as the Internet segues into The Internet of Things and the population of endpoints in need of security explodes.
“The cyber world moves so fast that it’s really impossible for humans to react. We have to come up with automated defenses,” said Dr. Jack Davidson of Team TechX, which includes experts from the University of Virginia and the private firm GrammaTech.