Does DARPA’s Cyber Challenge Go Far Enough?

The Defense Advanced Research Projects Agency (DARPA) is launching what it calls a Cyber Grand Challenge. ItEUs a tournament, of sorts, to develop fully automatic network defense systems.

DARPA envisions teams creating automated systems that would compete against each other to evaluate software, test for vulnerabilities, generate security patches and apply them to protected computers on a network. A whopping $2 million goes to the team that can bridge the expert gap between security software and cutting-edge program analysis research.

DARPA expects the competition to draw teams of experts from across a wide range of computer security disciplines including reverse engineering, formal methods, program analysis and computer security competition. Second place wins $1 million and third place takes home $750,000.

EUToday, our time to patch a newly discovered security flaw is measured in days," said Mike Walker, DARPA program manager. EUThrough automatic recognition and remediation of software flaws, the term for a new cyber attack may change from zero day to zero second.EU

What About the Attacker?

We caught up with Michael Davis, CTO of cyber attack detection service CounterTack, to get his take on the DARPA challenge. He told us heEUs excited about the challenge because it drives more awareness of the problem, which he sees growing larger, more complex, and more costly to defend.

Davis applauds DARPA for wanting to change that, but he doesnEUt feel the agency is going far enough. That, he said, is because based on the details heEUs read DARPA wants to focus on the automatic identification of vulnerabilities and then patches for those vulnerabilities.

EUI believe they are missing the largest part of the problem: the attacker,EU Davis said. EUHistory has shown us that cybersecurity is an arm's race and while the DARPA challenge will raise the bar, I believe it is akin to providing soldiers with...

Comments are closed.