Competition drives development of automated security systems

US defence research organisation, DARPA, has kicked off a two year competition that will see over 30 teams of computer security experts from around the world work to develop automated security systems designed to defend against digital attacks as quickly as they are launched.

DARPA, the organisation that gave birth to the internet, plans to hold its Cyber Grand Challenge (CGC) final competition in conjunction with DEF CON, one of the world's largest computer security conferences, in 2016.

For DARPA's program manager, Mike Walker, the CGC might be a competition, but it is being held in the pursuit of technology designed to combat online attacks automatically and in real-time.

"Today's security methods involve experts working with computerised systems to identify attacks, craft corrective patches and signatures and distribute those correctives to users everywhere — a process that can take months from the time an attack is first launched," said Walker.

"The only effective approach to defending against today's ever-increasing volume and diversity of attacks is to shift to fully automated systems capable of discovering and neutralising attacks instantly," he said.

According to DARPA, the first-of-its-kind competition takes aim at a security problem that is becoming increasingly serious, particularly with the increasing number of networked devices flooding into the marketplace as part of the Internet of Things phenomenon.

The organisation anticipates that the two-year competition and its culmination in 2016 will not only accelerate the development of capable, automated network defence systems, but also encourage the diverse communities now working on computer and network security issues in the public and private sectors to work together in new ways.

"This dynamic is crucial if information security practitioners are to pull ahead of adversaries persistently looking to take advantage of network weaknesses," DARPA said in a statement.

During a kick-off event this week, DARPA released DECREE, an open-source extension built on the Linux operating system, and constructed from the ground up as a platform for operating small, isolated software test samples. DECREE is aimed to provide a safe research and experimentation environment for the CGC.

As of June 3, 35 teams from around the world had registered with DARPA to construct and program high-performance computers capable of competing in the challenge.

Those teams represent a mix of participants from industry and academia and will receive seed funding from DARPA until their performance is tested in open competition involving all teams at a major qualification event scheduled for June 2015.

The challenge plans to follow a "capture the flag" competition format that experts have used for decades to test their cyber defence skills. The approach requires that competitors reverse engineer software created by challenge organisers and locate and heal its hidden weaknesses in a live network competition.