Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Network Security

Final Round of DARPA’s Cyber Grand Challenge to Take Place at DEF CON 2016

The Defense Advanced Research Projects Agency (DARPA) revealed on Tuesday that the final competition for its automated security systems development challenge will take place in 2016 at DEF CON.

The Defense Advanced Research Projects Agency (DARPA) revealed on Tuesday that the final competition for its automated security systems development challenge will take place in 2016 at DEF CON.

DARPA announced the tournament, the Cyber Grand Challenge, back in October 2013, with the goal to develop of a fully automatic network defense system. The solutions developed by participants will go head-to-head in a Capture the Flag (CTF) style competition at the 2016 DEF CON hacking conference in Las Vegas.

“Today’s security methods involve experts working with computerized systems to identify attacks, craft corrective patches and signatures and distribute those correctives to users everywhere—a process that can take months from the time an attack is first launched,” noted DARPA Program Manager Mike Walker.

 “The only effective approach to defending against today’s ever-increasing volume and diversity of attacks is to shift to fully automated systems capable of discovering and neutralizing attacks instantly.”

A total of 35 teams from around the world have already signed up for the Cyber Grand Challenge. Most of them are self-funded, but DARPA also runs a “proposal track” for teams that want to be partially funded by the agency. Registration is open until November 2, 2014, with a major qualification event scheduled to take place in June 2015.

The winning team will take home a cash prize of $2 million. The prize for the second place is $1 million, while the team that finishes third gets $750,000.

It’s worth noting that Cyber Grand Challenge participants will not be using commercial operating systems to conduct their tests. DARPA has built an open source operating system specifically for cyber security experiments and research. Dubbed the DARPA Experimental Cybersecurity Research Evaluation Environment (DECREE), the platform is not compatible with any other systems, and has its own executable format.

Advertisement. Scroll to continue reading.

DECREE is also characterized by simplicity ─ it only has seven OS interface methods ─, and high determinism and reproducibility, which are both crucial aspects for a scientific platform.

DEF CON is one of the largest security conferences in the world and it has defined CTF competitions over the past two decades, so it’s not surprising that DARPA would want to host its event there. However, last year, DEF CON organizers announced that feds were no longer welcome following numerous reports about the National Security Agency’s surveillance programs leaked by Edward Snowden.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.