June 3, 2014
The Defense Advanced Research Projects Agency is expected to announce on Tuesday a deal with DEF CON to hold the final round of DARPA’s two-year Cyber Grand Challenge at the organization’s 2016 Las Vegas conference.
The aim of the competition is to build a Watson-like machine that can detect and deflect cyberattacks without any help from humans.
DARPA officials put it this way: "The first computer security tournament designed to test the wits of machines, not experts."
Last August, DEF CON did not want any machines or experts from the government in attendance.
"FEDS, WE NEED SOME TIME APART," stated the event’s home page, after details emerged about the National Security Agency's domestic spying program. For years, leaders, including the NSA director, had hung out at DEF CON to recruit cyber warriors. But not after ex-federal contractor Edward Snowden disclosed sweeping NSA surveillance programs. "When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a 'time-out' and not attend DEF CON this year," organizers stated.
Now, the military, along with white hat and black hat hackers, will play games together, at the site of the longest-running annual cyber "capture the flag" event. Capture the flag, at DEF CON, involves a quest to defend a server against hacks by competitors and collect flags for successfully breaching rival servers.
So far, 35 teams of mostly self-funded corporate and academic programmers have entered DARPA's automated version of capture the flag, agency officials said. Officials on Tuesday named five companies and two research institutions that will receive federal funding to participate until June 2015.
The private sector grant recipients include For All Secure, GrammaTech, Lekkertech, SIFT and Trail of Bits, and the academic organizations are SRI and the University of California at Berkeley.
The winner of the final match in Vegas will collect $2 million in cash.
“Today’s security methods involve experts working with computerized systems to identify attacks, craft corrective patches and signatures and distribute those correctives to users everywhere—a process that can take months from the time an attack is first launched,” DARPA program manager Mike Walker said in a statement. “The only effective approach to defending against today’s ever-increasing volume and diversity of attacks is to shift to fully automated systems capable of discovering and neutralizing attacks instantly.”
Walker is scheduled to host a six-hour conversation with aspiring participants and other Internet users on Reddit, starting at 10:00 am on Tuesday.
DARPA also is anticipated to release a safe practice environment for the competing machines. Dubbed "DECREE," the open-source extension for the Linux operating system is not compatible with any other software and is built for operating small, isolated software test samples, officials said.
June 3, 2014