December 6, 2013
In the wake of an alleged hack that stole the passwords of two million Facebook, Google and other Internet users, Pentagon officials are plugging a new contest to build a Watson-like system that can find and eradicate Achilles heels in software.
The Defense Advanced Research Projects Agency, the test tube branch of the Pentagon, announced the Cyber Grand Challenge on Oct. 22. The winning team will take home $2 million for creating an unmanned hacker-halter that finds and repairs bugs in software connected to a network, without disrupting the software program.
"As the lessons of how to do this emerge -- what we're hoping for is that we will have automated systems that can recognize novel flaws, novel threats, in networks and remediate them in real-time," DARPA program manager Mike Walker told reporters on Friday. Software flaws that let in hackers include, among other things, weak verification of data, user interface errors and authentication problems.
The two-year race will finish too late to stop hackers from weaponizing the 60-some software bugs in Microsoft and other popular software that boutique companies find and sell every day. But the goal is for the match itself to jumpstart industry investment in robotic analysis.
DARPA has tried this gambit before. Previous grand challenge contests dared scientists to invent robotic vehicles, spurring what Walker called "the dawn of the self-driving car revolution." Everybody failed the first year in 2004. But during the 2005 grand challenge, four autonomous vehicles made it through a 132-mile desert route within the 10-hour time limit. And now a smattering of states nationwide are allowing Google’s driverless cars on roads.
At the end of the vehicle challenges, "those prototypes were not ready to roll off the contest raceway and on to American highways, but what did transition out of that first race was the dream that vehicles could actually pilot themselves on complex courses," Walker said.
Programmers in need of financial support for the cyber challenge have until Jan. 14, 2014 to submit a grant proposal. This money -- $750,000 per year -- is separate from the prize money and funding is limited. An unlimited number of self-funded participants can enter. Walker would not disclose the number of registrants but said officials "have seen a lot of interest."
Workshops for potential entrants were held in Arlington, Va., on Tuesday and Wednesday. On Monday, West Coast coders can attend a session in San Francisco.
Web companies for years have been working on manual and piecemeal mechanized systems for identifying bugs. Using a tool called SAGE, Microsoft researchers found and fixed one-third of the flaws in Windows 7 before the operating system was released.
Walker compared DARPA's project to the development of automated chess systems in the 1970s. "By playing each other, chess systems were able to figure out what approaches work," he said. The cyber challenge will "hopefully follow in the footsteps of systems like Deep Blue, like Watson, and let these systems someday play the experts at their own game."
An earlier version of this story misstated the deadline for grant proposals. Submissions are due Jan. 14, 2014.
December 6, 2013