Modern field guide to security and privacy

High-stakes DARPA hacking contest pits computer against computer

The Pentagon's research wing this week will stage an unprecedented digital battle in Las Vegas in which machines will attempt to autonomously find and fix computer security flaws. 

|
DARPA

Jim Alves-Foss probably isn't the only competitor dealing with pregame jitters ahead of the Pentagon's inaugural machine versus machine hacking contest in Las Vegas on Thursday.

As part of one of seven teams that will vie for supremacy in the high-stakes Defense Advanced Research Projects Agency (DARPA) Cyber Grand Challenge, his team's supercomputer will attempt to look for software flaws and defend digital networks in front of a live audience – along with blow-by-blow commentary from announcers – in something of a virtual gladiator battle royale.

But Mr. Alves-Foss' machine is hardly combat tested. The computer science professor at the University of Idaho is used to running his machines inside labs at the Center for Secure and Dependable Systems (CSDS) – not in front of cheering techies. And the anxiety of preparing for the contest, which DARPA designed to spur more innovation in cybersecurity automation, almost knocked him out of running ahead of Thursday's digital kickoff.

Just before his team submitted the software flaws they had found in the final qualifying round of DARPA's challenge, he made a near fatal error. "I deleted half the work our machines had done in the past 23 hours," he said. "I was so mad at myself."

But for his team to win Thursday's $2 million purse, the CSDS team will need to operate flawlessly. In the DARPA Cyber Grand Challenge, engineers and researchers aren't allowed to intervene. Thursday's contest is meant to see how computers can perform on their own. One simple glitch or piece of bad code could spell the end for any one of the seven teams.

"Cyber Grand Challenge is an attempt to tie all of [the research] into a system that does everything and makes all of the decisions," says Mike Walker, DARPA’s program manager for the competition. "It's a huge jump for the field that we’re asking them to make."

DARPA has been working on its challenge for the past three years and held a series of preliminary contests to whittle down the competition to the best teams, which are comprised of experts at defense contractors such as Raytheon and researchers at prestigious university computer labs such as Carnegie Mellon University and the University of California, Berkeley.

DARPA hopes that computers will eventually find bugs – and fix them – much faster than humans. Currently, software flaws similar to those that Grand Challenge competitors will attempt to find and patch often go unnoticed in the real world for many months, says DARPA's Mr. Walker, giving attackers the chance to steal financial data, valuable personal information, or health records. And even when a patch is discovered, it can take days for security professionals to fix the flaws.

"We want to build autonomous systems that can arrive at their own insights, do their own analysis, make their own decisions of when to patch and how to manage that process," Walker said in a conference call with reporters last week.

If that sounds ambitious, that's because it is. DARPA has a history of shooting for the moon. The US government launched the agency in height of the Cold War to ensure that US military technology would keep ahead of the Soviet Union and other adversaries. The small department was involved with the earliest version of the internet, an array of advanced weapons systems, nuclear test detection technology, and, more recently, bionic limbs.

To foster the development of smarter computers to autonomously defend themselves, DARPA has invested $55 million on the Cyber Grand Challenge. Some of that money went to the seven teams who were selected to compete in Las Vegas. DARPA awarded each team $750,000 to prepare for Thursday's contest.

As if there wasn't enough for the team to prepare for ahead of the Grand Challenge, DARPA regularly surprised them with pregame challenges and asked teams to implement new pieces of critical software on their computers leading up to the main event. 

"In my business, you often have software projects do demos and the last thing you want to do is change the demo the night before, because it’s probably sure to break while you’re doing it," said Jack Davidson, a University of Virginia computer science professor and the co-leader of the TechX team. 

A few weeks before the contest, Mr. Davidson said, "I'm a little worried here, because we’re getting to the point where it's time to deliver and we’re still making pretty serious changes."

And that anxiety probably won't subside until one supercomputer is left standing on Thursday. As Davidson said, "Somebody better check my blood pressure before this thing starts."

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to High-stakes DARPA hacking contest pits computer against computer
Read this article in
https://www.csmonitor.com/World/Passcode/Security-culture/2016/0801/High-stakes-DARPA-hacking-contest-pits-computer-against-computer
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe