Humans will never be fast enough. That’s the theory behind the Defense Advanced Research Projects Agency’s (DARPA) upcoming DEF CON hacking contest, the Cyber Grand Challenge (CGC).
According to Softpedia, the government agency is willing to shell out $4 million in prize money to the top teams fielding automated systems able to uncover network weaknesses, devise better protection strategies and disrupt cyberattacks.
Is this the future of digital defense?
Fight to the DEF CON
CGC got its start two years ago with qualification rounds. At this year’s DEF CON in Las Vegas, seven security teams will test their mettle to see who comes out on top.
As CGC project manager Mike Walker noted in a recent MIT Technology Review piece, there’s a need for this kind of security evolution, since “the comprehension and reaction to unknown flaws is entirely manual today.” Flaws can take up to a year to find and fix, giving attackers plenty of time to exploit software and services.
The goal of DARPA’s capture-the-flag contest is to “bring that response down to minutes or seconds.” According to CIO, the ultimate objective is to create automated systems that can match the expertise and knowledge of the best human experts with a significant speed advantage.
DEF CON Hacking Contest Rules and Prizes
Finalists have just 24 hours to break into and/or secure 10 software packages using only their automated systems.
In previous rounds, the teams defended and cracked more than 131 software versions and patched almost 600 flaws. The final will most likely up the stakes since teams have had more than a year to prepare.
DARPA requires that these new tools not only be able to hack themselves and other systems, but also reverse engineer software and develop patches on the fly. New iterations should be able to determine the ideal security release schedule and predict attacks before they happen.
It’s not a winner-take-all scenario: All finalists take home $750,000, but the best of the best could walk away with a cool $2 million.
A Real-Life Skynet?
DARPA’s challenge isn’t just an intellectual exercise. According to Inverse, cybercriminals are now the biggest threat to the financial stability of the U.S. The federal government considers digital threats extremely worrisome — no surprise, since the Federal Reserve came under cyberattack more than 50 times in the last five years.
But are autonomous systems the answer? Innovator Elon Musk says no. As noted by a recent TechWorm article, Musk said that events like the CGC could eventually spawn a real-life version of Skynet, a malicious global computer network made famous in the “Terminator” movie series.
This isn’t Musk’s first warning about too-intelligent AI. While his previous tweets were largely tongue in cheek, he might have a point: What if software gets smart enough to suspend human oversight?
Hacking the Status Quo
Less apocalyptic worries, however, may be more immediate: Since DARPA requires that all CGC competitors make their code open source, isn’t it possible for malicious actors to simply turn these sophisticated defense bots on their head and use them as a new threat vector?
DARPA’s counterpoint is that widely used, democratized technology should have a net positive effect since “the bugs that will be found will already be patched,” the MIT Technology Review noted.
The final word on DARPA going for broke with a big DEF CON hacking payday: It’s better than the status quo. Right now, cybercriminals are ahead of the game because human experts simply can’t keep up. Malicious supercomputers aside, improved autonomous solutions may be the best way to keep systems safe and let IT pros go toe to toe with cyberattackers.