"But what if that system of finding and fixing flaws were just as fast and automated as the computer systems they are trying to protect? What if cyber defense were as seamless, sophisticated, and scalable as the internet itself?" Those are questions the Cyber Grand Challenge seeks to answer.

Cyber Grand Challenge Taking Place This Week

The Aug. 4 event in Las Vegas in collaboration with DEF CON 24 is the culmination of a multiyear DARPA competition: Seven high-performance computers will compete live in the world's first all-machine game of Capture the Flag.

This is a big week for the hacker community, with both DEF CON 24 and DARPA's Cyber Grand Challenge taking place at the Paris Hotel & Conference Center in Las Vegas (and at Bally's, in the case of DEF CON). DARPA calls its event "the ultimate test of wits in computer security," an open competition and "the world's first all-computer Capture the Flag tournament." It is a final event on Aug. 4 featuring seven prototype systems competing for nearly $4 million in prizes in a live network competition.

In Capture the Flag contests, experts reverse-engineer software to find deeply hidden flaws and create securely patched replacements; DARPA modeled the Cyber Grand Challenge on thes tournaments in order to "create public proof that it's possible to automate the cyber defense process with machines that can discover, confirm and fix software flaws in real-time," according to the agency.

"The Heartbleed security bug existed in many of the world's computer systems for nearly two-and-a-half years before it was discovered and a fix circulated in the spring of 2014, by which time it had rendered an estimated half a million of the internet’s secure servers vulnerable to theft and other mischief," DARPA notes. "And while Heartbleed was in some respects an outlier, long-lived critical flaws in widely deployed bedrock internet infrastructure are not rare. Analysts have estimated that, on average, such flaws go unremediated for 10 months before being discovered and patched, giving nefarious actors ample opportunity to wreak havoc in affected systems before they move on to exploit new terrain. The reason for these time lags? In contrast to the sophistication and automation that characterize so much of today's computer systems, the process of finding and countering bugs, hacks and other cyber infection vectors is still effectively artisanal. Professional bughunters, security coders, and other security pros work tremendous hours, searching millions of lines of code to find and fix vulnerabilities that could be taken advantage of by users with ulterior motives.

"But what if that system of finding and fixing flaws were just as fast and automated as the computer systems they are trying to protect? What if cyber defense were as seamless, sophisticated, and scalable as the internet itself?" Those are questions the Cyber Grand Challenge seeks to answer.

"Playing in a specially created computer testbed laden with an array of bugs hidden inside custom, never-before-analyzed software, the machines will be challenged to find and patch within seconds—not months—flawed code that is vulnerable to being hacked, and find their opponents' weaknesses before the defending systems do. The entire event will be elaborately visualized on giant monitors in the Paris Las Vegas Hotel's 5,000-person-capacity auditorium while expert 'sportscasters' document the historic competition. And it may not end there," according to the agency’s outline of the event. "The organizers of DEF CON CTF have boldly invited the winning automated system to compete against the world's best human hackers in their Capture the Flag competition the following day, Aug. 5. That would be the first-ever inclusion of a mechanical contestant in that event, and could presage the day when, as eventually happened with chess and Jeopardy!, a computer proves to be the Grand Master of cyber defense."

Download Center

HTML - No Current Item Deck
  • Free Safety Management Software Demo

    IndustrySafe Safety Management Software helps organizations to improve safety by providing a comprehensive toolset of software modules to help businesses identify trouble spots; reduce claims, lost days, OSHA fines; and more.

  • Comply with OSHA’s Electronic Recordkeeping Requirements

    Collect relevant incident data and generate accurate OSHA 300, 300A, and 301 regulatory reports, including 300A CSV files for easy electronic submission to OSHA.

  • Complete Online Safety Training Courses

    Deliver state-of-the art, online safety training courses to your organization with IndustrySafe Training Management Software. Generate reports to track training compliance and automatically notify learners of upcoming or overdue classes.

  • Easy to Use Safety Inspection App

    Conduct inspections on the go with IndustrySafe’s mobile app. Complete safety audits at job sites and remote locations—with or without web access.

  • Track Key Safety Performance Indicators

    IndustrySafe’s Dashboard Module allows organizations to easily track safety KPIs and metrics. Gain increased visibility into your business’ operations and safety data.

  • Industry Safe
comments powered by Disqus