- iPhone overloaded? Here’s how to cancel app subscriptions Monday 11:02 PM
- Fan-created ‘app’ lets users experience the final moments of the ill-fated Jeremy Renner app Monday 10:00 PM
- Milo Yiannopoulos receives lifetime ban from furry convention Monday 7:49 PM
- Snapchat just made all political ads purchased publicly available Monday 6:12 PM
- How to stream Barcelona vs. Borussia Dortmund in Champions League action Monday 5:39 PM
- How to stream Liverpool vs. Napoli in Champions League action Monday 5:19 PM
- How to make real money with Amazon’s Mechanical Turk Monday 5:03 PM
- How to stream Chelsea vs. Valencia in the Champions League group stage Monday 4:47 PM
- ‘SNL’ fires Shane Gillis for racist, homophobic comments Monday 4:41 PM
- Ben Shapiro wants accusers to describe Brett Kavanaugh’s penis Monday 4:30 PM
- Twitch suspends streamer for wearing Chun-Li cosplay Monday 4:11 PM
- Report: 8 years of Trump tax returns subpoenaed by prosecutors Monday 3:45 PM
- Netflix lands exclusive streaming rights to ‘Seinfeld’ Monday 3:34 PM
- Jenny Slate sets first comedy special at Netflix Monday 3:05 PM
- #EndSmearFear is aiming to save lives Monday 2:54 PM
DARPA will give you $2 million to create a fully automated cybersecurity system
This technology can’t arrive soon enough.
When it comes to cybersecurity, often the weakest link in the chain isn’t antivirus programs or firewalls. It’s the humans involved in the process.
Such was the case in the Target hack last December in which some 40 million credit card numbers and other valuable pieces of personal information were stolen. A subsequent investigation into the incident revealed that Target’s recently installed, state-of-the-art cybersecurity system accurately identified the security breach before the thieves absconded with the information. However, a delayed reaction from the humans overseeing the security system allowed the attackers enough time to successfully make their getaway.
With Web systems becoming increasingly integrated into everyday life, the U.S. military is keenly aware of the havoc cyberattackers can potentially wreak.
That’s why the Defense Advanced Research Projects Agency (DARPA) has just launched a two-year scientific development competition, encouraging top security researchers to come up with a new, fully automated defense system that can immediately identify and neutralize threats without human intervention.
“Today’s security methods involve experts working with computerized systems to identify attacks, craft corrective patches and signatures and distribute those correctives to users everywhere—a process that can take months from the time an attack is first launched,” said Mike Walker, DARPA program manager, in a written statement. “The only effective approach to defending against today’s ever-increasing volume and diversity of attacks is to shift to fully automated systems capable of discovering and neutralizing attacks instantly.”
DARPA wants to jumpstart scientific development in this area by offering a $2 million grand prize to the team that can come up with the most effective automated defense system. So far, more than 30 teams have signed up to participate in the so-called Cyber Grand Challenge. Most of the teams are comprised of university or private researchers. The competition will take place over the next two years, with the finals being held as a capture-the-flag style tournament at the Def Con hacker conference in Las Vegas in 2016.
Similar past competitions have been used to spur scientific development in other areas. In the late 1990s and early 2000s, for example, the Ansari X-Prize helped fuel the development of private spacecrafts.
In addition to the $2 million grand prize, DARPA will also be giving out $1 million and $750,000 awards for second and third place finishing teams, respectively.
It’s understandable why DARPA and other agencies would want a speedier response to cyber attacks. However, there are skeptics who question the wisdom of removing humans from the cyber defense equation altogether.
Back in March, Edward Kiledjian, the chief information security officer for Bombardier Aerospace, another firm that uses FireEye, told Bloomberg Businessweek that it was not uncommon for security teams to turn off such automatic response features in order to maintain total control. However, that comes with the added pressure of making sure human responses are quick and diligent.
“Typically, as a security team, you want to have that last decision point of ‘what do I do,'” Kiledjian said.
Still, having a human manning the controls is not a fool-proof plan. In the Target case, security team members could have automatically neutralized the attack, had they not turned off an automatic response feature in the company’s recently-installed, $1.6 million FireEye security program.
Tim Sampson is a reporter who focused on the technology, business, and politics beats. He's also an established comedy writer, with work on Comedy Central and in The Onion and ClickHole.