DARPA kicks off two-year long autonomous cybersecurity tournament

It’s not out of the norm for young adults around the U.S. to gather in their spare time — maybe even as their professions — to digitally battle in networked video game tournaments. But what if instead of playing just a game, the tournaments featured real-world cyber battlefields, ones with national security implications and big-time prize money on the line?

In a broad sense, that’s the concept behind the Defense Advanced Research Projects Agency’s Cyber Grand Challenge, a new tournament pitting more than 30 teams of cybersecurity experts from academia, industry and the greater security community against one another to crown the automated security system best at responding to cyber attacks as quickly as they occur. And with capture the flag style competition, it’s not so different from your typical video game tournament. Well, except that the victorious team of cyber experts in the DARPA tournament will walk away with $2 million.

DARPA officially kicked off the two year competition Tuesday, announcing the 35 teams that will compete in the first ever Cyber Grand Challenge, which will conclude in Las Vegas along side the 2016 Def Con Conference, the longest-running capture the flag cybersecurity tournament. Also, DARPA launched a new open-source extension called DECREE, which will give participating teams a secure platform to test their software.

Different from Def Con, the Cyber Grand Challenge will showcase the automated systems at work, not the humans who built them. According to the release, competitors will “reverse engineer software created by challenge organizers and locate and heal its hidden weaknesses in a live network competition.” While the efforts and intelligence of the teams will surely be apparent, during the competitions, there will be no human involvement. The computer systems they built prior to the tournament will be tasked with automatically responding to a cyber attack and repairing any damages.


A major catalyst for this tournament is the increasing number of interconnected devices, according to the CGC website. Cyber threats “pose greater risks than ever as more and more devices, including vehicles and homes, get networked,” DARPA said in a release.

“Today’s security methods involve experts working with computerized systems to identify attacks, craft corrective patches and signatures and distribute those correctives to users everywhere—a process that can take months from the time an attack is first launched,” said Mike Walker, DARPA program manager, in a statement. “The only effective approach to defending against today’s ever-increasing volume and diversity of attacks is to shift to fully automated systems capable of discovering and neutralizing attacks instantly.

Of the 35 teams currently registered in the competition, most entered through a self-funded option. However, DARPA also offered a funded option in which the agency backs teams with seed funding awards based on their ability to demonstrate plans for quality automated network defense systems in a proposal. DARPA has funded seven teams so far, and will continue to do so until a qualifying event June 2015. Teams can register until November.

Those teams that successfully qualify will be invited to move forward to the final tournament in conjunction with Def Con. DARPA-funded teams will continue to receive funding, and non-funded teams will receive prizes of $750,000, with the chance of winning $2 million as a grand prize, or $1 million for second place and $750,000 for third place in the final Grand Cyber Challenge competition.


Latest Podcasts