The first all-machine hacking competition is taking place today in Las Vegas.
Seven teams, each running a high-performance computer and autonomous systems, are going head-to-head to see which one can best detect, evaluate and patch software vulnerabilities before adversaries have a chance to exploit them.
It’s the first event where machines – with no human involvement – are competing in a round of "capture the flag, according to DARPA (Defense Advanced Research Projects Agency), which is sponsoring and running the event. DARPA is the research arm of the U.S. Defense Department.
The teams are vying for a prize pool of $3.75 million, with the winning team receiving $2 million, the runner-up getting $1 million and the third-place team taking home $750,000. The winner will be announced Friday morning.
The winning autonomous system also will have the opportunity to take on the world’s best human hackers in the annual DefCon Capture the Flag competition set for Friday.
“Capture the flag is a speed-driven, bug-hunting contest on binary code,” said Mike Walker, DARPA program manager for the event known as the Cyber Grand Challenge. “People who can succeed at the top level of capture the flag are the world’s great bug hunters. And they can use that skill to hunt for bugs in the code that runs our civilization.”
The competition was first announced in October 2013 when DARPA first put out a call for competitors. More than 100 teams from around the world took up the challenge.
After three qualifying events over the last several years, seven finalists were announced.
The teams competing today are: Code Jitsu from Berkeley, Calif.; CSDS, the University of Idaho; Deep Red, Arlington, Va.; Disekt, Athens, Ga.; For All Secure, Pittsburgh; ShellFish, University of California, Santa Barbara; and TechX from Ithaca, N.Y. and the University of Virginia.
With the competition, DARPA wants to encourage research into autonomous systems that can be used in cybersecurity. With the growing Internet of Things, more devices are being connected to each other without human involvement.
Devices with IoT technology, such as a coffee maker, a car or a personal-assistant robot could be hacked, leaving users open to a security threat.
“The whole world is moving toward computers. We know this,” David Brumley, a member of the For All Secure team, said in a DARPA video interview. “Everything is becoming automated. Pace makers. Refrigerators. Everything is connected to the Internet one way or another these days.”
That means cybersecurity needs to move beyond laptops and tablets, but it’s an overwhelming job for human hackers to tackle on their own.
According to DARPA, computer systems, which can work autonomously and with greater speed than the best human hacker, are what’s needed.
“Right now, we know that machines have the speed and the scale but do not have the expertise,” said DARPA's Walker. “People have the expertise, but they are too slow and they do not scale.”