DARPA Announces Grand Challenge for Automated Cyber-Defense
The DOD's research arm wants companies to make network defense automated and easy, creating a competition for a $2 million top prize.The technology research arm of the U.S. Department of Defense has launched a cyber-security grand challenge—a contest to take on a fundamental problem in cyber-security—tasking teams to create a system capable of automatically defending a network by generating security patches. Modeled after the grand challenges for the development of automated vehicles and cheap space flight, the Defense Advanced Research Projects Agency (DARPA) contest aims to help give companies, academic institutions and government agencies the ability to react to vulnerabilities in near real time. DARPA envisions the winning system as one that finds vulnerable software, generates a patch for the issue and plugs the holes. The top-three teams in the event will split $3.75 million in prize money, with the top team taking home $2 million. "The growth trends we've seen in cyber-attacks and malware point to a future where automation must be developed to assist IT security analysts," Dan Kaufman, director of DARPA's Information Innovation Office, said in a statement. The announcement of the Grand Challenge came three weeks after noted computer scientist Eugene Spafford, a lamented the lack of progress in computer security since the Morris Internet worm on Nov. 2, 1988. A decade ago, the Computer Research Association and the National Science Foundation created a list of four Grand Challenges in cyber-security, none of which has had appreciable progress in the past 10 years, Spafford wrote in a blog post. The challenges were to stop epidemic-style worm and virus attacks, develop highly trustworthy systems capable of securely handling critical functions, create security risk management systems that are as good as financial risk management systems, and deliver to end users the ability to easily control their privacy and security.
"I would argue—without much opposition from anyone knowledgeable, I daresay—that we have not made any measurable progress against any of these goals, and have probably lost ground in at least two," he wrote. "Why is that? Largely economics, and bad understanding of what good security involves."