The Defense Advanced Research Projects Agency (DARPA) revealed on Tuesday that the final competition for its automated security systems development challenge will take place in 2016 at DEF CON.
DARPA announced the tournament, the Cyber Grand Challenge, back in October 2013, with the goal to develop of a fully automatic network defense system. The solutions developed by participants will go head-to-head in a Capture the Flag (CTF) style competition at the 2016 DEF CON hacking conference in Las Vegas.
“Today’s security methods involve experts working with computerized systems to identify attacks, craft corrective patches and signatures and distribute those correctives to users everywhere—a process that can take months from the time an attack is first launched,” noted DARPA Program Manager Mike Walker.
“The only effective approach to defending against today’s ever-increasing volume and diversity of attacks is to shift to fully automated systems capable of discovering and neutralizing attacks instantly.”
A total of 35 teams from around the world have already signed up for the Cyber Grand Challenge. Most of them are self-funded, but DARPA also runs a “proposal track” for teams that want to be partially funded by the agency. Registration is open until November 2, 2014, with a major qualification event scheduled to take place in June 2015.
The winning team will take home a cash prize of $2 million. The prize for the second place is $1 million, while the team that finishes third gets $750,000.
It’s worth noting that Cyber Grand Challenge participants will not be using commercial operating systems to conduct their tests. DARPA has built an open source operating system specifically for cyber security experiments and research. Dubbed the DARPA Experimental Cybersecurity Research Evaluation Environment (DECREE), the platform is not compatible with any other systems, and has its own executable format.
DECREE is also characterized by simplicity ─ it only has seven OS interface methods ─, and high determinism and reproducibility, which are both crucial aspects for a scientific platform.
DEF CON is one of the largest security conferences in the world and it has defined CTF competitions over the past two decades, so it’s not surprising that DARPA would want to host its event there. However, last year, DEF CON organizers announced that feds were no longer welcome following numerous reports about the National Security Agency’s surveillance programs leaked by Edward Snowden.
