July 26, 2016 By Douglas Bonderud 2 min read

Humans will never be fast enough. That’s the theory behind the Defense Advanced Research Projects Agency’s (DARPA) upcoming DEF CON hacking contest, the Cyber Grand Challenge (CGC).

According to Softpedia, the government agency is willing to shell out $4 million in prize money to the top teams fielding automated systems able to uncover network weaknesses, devise better protection strategies and disrupt cyberattacks.

Is this the future of digital defense?

Fight to the DEF CON

CGC got its start two years ago with qualification rounds. At this year’s DEF CON in Las Vegas, seven security teams will test their mettle to see who comes out on top.

As CGC project manager Mike Walker noted in a recent MIT Technology Review piece, there’s a need for this kind of security evolution, since “the comprehension and reaction to unknown flaws is entirely manual today.” Flaws can take up to a year to find and fix, giving attackers plenty of time to exploit software and services.

The goal of DARPA’s capture-the-flag contest is to “bring that response down to minutes or seconds.” According to CIO, the ultimate objective is to create automated systems that can match the expertise and knowledge of the best human experts with a significant speed advantage.

DEF CON Hacking Contest Rules and Prizes

Finalists have just 24 hours to break into and/or secure 10 software packages using only their automated systems.

In previous rounds, the teams defended and cracked more than 131 software versions and patched almost 600 flaws. The final will most likely up the stakes since teams have had more than a year to prepare.

DARPA requires that these new tools not only be able to hack themselves and other systems, but also reverse engineer software and develop patches on the fly. New iterations should be able to determine the ideal security release schedule and predict attacks before they happen.

It’s not a winner-take-all scenario: All finalists take home $750,000, but the best of the best could walk away with a cool $2 million.

A Real-Life Skynet?

DARPA’s challenge isn’t just an intellectual exercise. According to Inverse, cybercriminals are now the biggest threat to the financial stability of the U.S. The federal government considers digital threats extremely worrisome — no surprise, since the Federal Reserve came under cyberattack more than 50 times in the last five years.

But are autonomous systems the answer? Innovator Elon Musk says no. As noted by a recent TechWorm article, Musk said that events like the CGC could eventually spawn a real-life version of Skynet, a malicious global computer network made famous in the “Terminator” movie series.

This isn’t Musk’s first warning about too-intelligent AI. While his previous tweets were largely tongue in cheek, he might have a point: What if software gets smart enough to suspend human oversight?

Hacking the Status Quo

Less apocalyptic worries, however, may be more immediate: Since DARPA requires that all CGC competitors make their code open source, isn’t it possible for malicious actors to simply turn these sophisticated defense bots on their head and use them as a new threat vector?

DARPA’s counterpoint is that widely used, democratized technology should have a net positive effect since “the bugs that will be found will already be patched,” the MIT Technology Review noted.

The final word on DARPA going for broke with a big DEF CON hacking payday: It’s better than the status quo. Right now, cybercriminals are ahead of the game because human experts simply can’t keep up. Malicious supercomputers aside, improved autonomous solutions may be the best way to keep systems safe and let IT pros go toe to toe with cyberattackers.

More from

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today