Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
United States Security The Almighty Buck

DARPA Issues $2mil Cyber Grand Challenge 67

First time accepted submitter Papa Fett writes "DARPA announced the Cyber Grand Challenge (CGC)--the first-ever tournament for fully automatic network defense systems. International teams will compete to build systems that reason about software flaws, formulate patches and deploy them on a network in real time. Teams would be scored against each other based on how capably their systems can protect hosts, scan the network for vulnerabilities, and maintain the correct function of software. The winning team would receive a cash prize of $2 million , with second place earning $1 million and third place taking home $750,000." Also at Slashcloud.
This discussion has been archived. No new comments can be posted.

DARPA Issues $2mil Cyber Grand Challenge

Comments Filter:
  • by Anonymous Coward

    Chump change for a project like this. No one with the skills to build a good solution will give it away for two million.

    • Re:Two million? (Score:4, Insightful)

      by Chrisq ( 894406 ) on Thursday October 24, 2013 @06:59AM (#45221673)

      Chump change for a project like this. No one with the skills to build a good solution will give it away for two million.

      Who said give it away? They'll probably take the 2,000,000 then sell the system as the "DARPA Cyber Challenge winner". There is no requirement for the software to be free or open source.

    • I'm more along the line of: How much time do I have to make this ? But It looks like unless you make it it through a qualifying round, you need an invitation to join. and I have been unable to find anything that resembles information about a due date.

      Even given that I can get enough of my programming friends to go along with the idea, and we can find a design we can work with, it will take maybe 5-10 manpower years to get something this size going (look at the requirements). Winning becomes mandatory, if 10

  • by Anonymous Coward on Thursday October 24, 2013 @05:39AM (#45221413)

    I thought they already have it running. Did their crash and lost the backup?

  • by LMariachi ( 86077 ) on Thursday October 24, 2013 @05:54AM (#45221465) Journal

    This may be why the kids don't want those "potentially secure" cybersecurity jobs.

  • length or end string packet match iptables -I INPUT-s $SRCIP -j DROP
  • by Anonymous Coward on Thursday October 24, 2013 @07:19AM (#45221737)

    If you could "build systems that reason" you'd be able to get a whole lot more than $2mil - why would anyone divulge this technology to the government when they could license it to Google, Apple, Microsoft, IBM, and everyone else? If I had this technology, my first stop would be the patent office and I would patent it out the wazoo and start licensing it. If the government wants it, they can get in line.

    • Wait in line? Hah! They'd just strip your name off, make an ACA healthcare exchange server out of it, and LOL at your insignificance.

    • If I had this technology, my first stop would be the patent office

      If I had tech that's that advanced, I'd stay clear of the patent office. I'd make sure that it remains secret and would let it work for me.

      Also, you seem to have the illusion that a patent protects you from the government. If the government really wants it, it can simply declare it a matter of national security and bypass the patent office. Sorry, no money for you.

  • I'd like to see a software system effectively deal with social engineering as well as other criminal vectors. Software is only going to be able to protect its own silo of information.

    Also, we see a lot of programmers relying on code from outside sources. They don't typically debug someone else's code which is a ripe area for exploit vectors.

    Combine these elements and you have our present day situation. I don't see any of this addressed in the competition.

    They appear to be assuming the network is not corrupt

  • laughable (Score:2, Interesting)

    by Gravis Zero ( 934156 )

    if you can make a system like this, you can make billions in the private sector. why would you give it to DARPA for a lousy two million?

    if the DoD is going to spend 12 billion a year making a jet that we dont need [wikipedia.org], why not give two billion to the group that comes up with a solid working solution? i assure you, two billion dollars will get you a hell of a lot of attention from the best people out there, with teams of hundreds of experts. a global challenge would result in a much better chance of success

    • Re:laughable (Score:5, Informative)

      by malakai ( 136531 ) on Thursday October 24, 2013 @10:48AM (#45223475) Journal

      We go through this every time there is a DARPA challenge:

      5 Intellectual Property
      DARPA claims no rights to software developed by Open Track competitors as a result of participation in the CGC. DARPA does not intend to disclose the CQE and CFE Technical Papers outside the Government, with the following exception: CGC Technical Papers may be handled by DARPA support contractors for administrative purposes and/or to assist with technical evaluation. All DARPA support contractors performing this role are bound by nondisclosure agreements. DARPA does not intend to disclose CGC Technical Papers to contractors to duplicate, commercialize, or for reprocurement or reverse engineering purposes.

      Do you think all the participants of the past DARPA grand challenges relating to autonomous vehicles have given away their IP? Of course not. Those teams that pushed through have made lucrative deals with car manufacturers and others.

      All DARPA want's to do is spur innovation. A challenge like this is essentially a heads up that in 5 years they'd like to spend a lot of money on procuring services like these. In the past, they'd just give someone the money to build it, and maybe it worked, maybe it didn't. At least now it's a bit more market driven.

  • iptables -A INPUT -j DROP
    iptables -A OUTPUT -j DROP

  • by Skapare ( 16644 ) on Thursday October 24, 2013 @10:58AM (#45223619) Homepage

    You cannot have cyber security by having some software (or hardware) around to just do it for you. Real security is about HOW you do everything else. It appears someone thinks all security exploits are just badly implemented API calls?

  • by s_p_oneil ( 795792 ) on Thursday October 24, 2013 @12:27PM (#45224769) Homepage

    The title of my contest entry will be called the MCP (Master Control Program). It will enslave all other programs on the network.

Testing can show the presense of bugs, but not their absence. -- Dijkstra