DARPA Issues $2mil Cyber Grand Challenge

First time accepted submitter Papa Fett writes "DARPA announced the Cyber Grand Challenge (CGC)--the first-ever tournament for fully automatic network defense systems. International teams will compete to build systems that reason about software flaws, formulate patches and deploy them on a network in real time. Teams would be scored against each other based on how capably their systems can protect hosts, scan the network for vulnerabilities, and maintain the correct function of software. The winning team would receive a cash prize of $2 million , with second place earning $1 million and third place taking home $750,000." Also at Slashcloud.

Two million?

Chump change for a project like this. No one with the skills to build a good solution will give it away for two million.

Re:Two million?

[Chrisq]

Chump change for a project like this. No one with the skills to build a good solution will give it away for two million.

Who said give it away? They'll probably take the 2,000,000 then sell the system as the "DARPA Cyber Challenge winner". There is no requirement for the software to be free or open source.

Re:Two million?

[twisteddk]

I'm more along the line of: How much time do I have to make this ? But It looks like unless you make it it through a qualifying round, you need an invitation to join. and I have been unable to find anything that resembles information about a due date.

Even given that I can get enough of my programming friends to go along with the idea, and we can find a design we can work with, it will take maybe 5-10 manpower years to get something this size going (look at the requirements). Winning becomes mandatory, if 10 people are to take a year of from work to do this. Ofcourse, it could be a good way to start up as independant again, but frankly, it's too much of a hassle. My guess is some young company that already HAS a similar tech will just adapt theirs to fit the requirements, and win while doing their jobs. I'd love to be on that team though.

What happened to Skynet?

I thought they already have it running. Did their crash and lost the backup?

$2 Million as a bait

[Taco+Cowboy]

Darpa's intention is not to build a secured system, but rather, finding fresh international talents to enable NSA to break more systems all over the world.

I am an American, and it is not that I do not trust my own country.

I do trust my country.

I simply have lost all trust to my own government.

Re:$2 Million as a bait

In other words, you have absolute trust in your government to misbehave.

No.

I have absolute confidence that as long as lobbyist's intentions are to fight for private entities to maximize revenue streams as the #1 priority at all times, it will all but guarantee absolute corruption, which is what we have today.

You're kidding yourself if you think Congress runs the show around here. They are the lobbyist's bitch.

Re:$2 Million as a bait

[fatphil]

Has your country thought of wresting things back from its out-of-control government? Perhaps with the support of the 2nd amendment? Forget the stupid cyber-everything prefices - "security" (of a mythical free state, for example) is a far more fundamental concept.

Re:$2 Million as a bait

[mrbester]

Bonus being that the winner can then be arrested for hacking with a fine of $2 million...

Re:$2 Million as a bait

[Joining+Yet+Again]

Exactly. The worst mistake America is making right now is thinking that it's "private sector vs public sector".

It's usually "public sector and private sector vs you".

Re:$2 Million as a bait

[GTRacer]

Ugh. Stupid stupid non-changeable voting control. Posting to undo. Meant as Insightful!

Re:$2 Million as a bait

[Sockatume]

Which lobby does the NSA serve?

Re:$2 Million as a bait

[somersault]

Maybe the Slashdot moderation system is meant to inspire people who have realised that their votes were "wrong" to speak out? :p

Re:$2 Million as a bait

All of them, including conflicting ones, prioritized by money received.

Re:$2 Million as a bait

[iserlohn]

As a respresentative democracy, the government is who we vote in. However, as long as billionaires and their corporations control political funding, there is no chance that we will be able to vote in people that can make a real difference. It also does not help that they fund polarizing news organizations that discourages debate and promotes ridgid ideological agendas.

Overthrowing the government is useless. Any new government that forms will immediately be under the influence of vested interests. We need real political finance reform in order to have lasting effect.

Re:$2 Million as a bait

[LordLimecat]

However, as long as billionaires and their corporations control political funding, there is no chance that we will be able to vote in people that can make a real difference.

Thats not really true. The votes still have to come from the people; all the funding does is get the word out.

We need real political finance reform in order to have lasting effect.

To my eyes the problem is that restricting the things an organization may say (in advertising, for example) seems to run directly afoul of the first amendment.

Seems to me youre saying you think the indirect influence of lobbying / campaign contributions has a sufficiently negative effect that it outweighs directly attacking the right of free speech. Im not really comfortable with that notion, the first amendment seems pretty core to a functioning democracy.

Re:$2 Million as a bait

[iserlohn]

If shouting 'FIRE' in a crowed theater is a acceptable limitation of free speech, so is campaign finance limitations. The first amendment is important to a functioning representative democray, but it is not the be-all-and-end-all of a democratic republic.

The first amendment guarantees your right to speak and express yourself freely, but not to buy influence by directly or indirectly funding candidates in voting.

Re:$2 Million as a bait

[Wookact]

So you believe that money = free speech. Doesn't it stand to reason that those with more money will be given more speech? Do you feel that is the correct course of action, that those with more money can influence the results of elections just by dumping more money into it?

Your defense of the first is admirable, but try to remember that there are reasonable limits on the freedom of speech. No shouting fire in a crowded theater for example.

Re:$2 Million as a bait

[AHuxley]

Yes they want to see the unique filesystems, the new thoughts on a simple OS that seem to alter as they are discovered. The NSA and CIA have told the world they watch, now they want to see the home brew solutions. How do we respond to been told we are all running ENIGMA....

Re:$2 Million as a bait

[iserlohn]

If enough people recognize this and vote for their own interests and the interests of the community (and the country), then we have a jab at making it happen. It's a lot easier to flight for a new system than to fight to improve the existing system, but it's rather reckless to overthrow a established, relatively stable, relatively well-designed political system for something that can be fixed with a Act of Congress isn't it?

Re:$2 Million as a bait

[LordLimecat]

If shouting 'FIRE' in a crowed theater is a acceptable limitation of free speech,

Shouting fire in a crowded theatre has a sufficiently negative outcome, and such an insignificant worth as political speech, that restricting it isnt really a problem.

so is campaign finance limitations.

Youre now talking about restricting political speech which is EXACTLY what the first amendment was designed to protect. It is such an important thing that we have the right to say anything without restriction in the political arena, that Im not really comfortable

but not to buy influence by directly or indirectly funding candidates in voting.

You can attempt to word it however you like, but the first amendment makes it clear that congress may not regulate speech in any way shape or form, nor may any state legislature. There are some exceptions, and as I recall one of the criteria for those exceptions was that the speech being restricted must have no political value.

You talk of "buying influence" but theres no way around it; unless you want to make it illegal to be paid to state your opinion (which would kill commercials and would also seem to be a serious compromise), any attempt I can think of to control campaign advertising would be a dangerous attack on political speech.

Re:$2 Million as a bait

[LordLimecat]

So you believe that money = free speech.

No. But how you spend your money on advertising is as much "speech" as is paying a printing press to publish your opinion.

In other words, "money" isnt exactly the same as speech, but the two are often tied together; if make it illegal to use your money to state your political view, then for all practical purposes you have abolished free speech.

Re:$2 Million as a bait

[fatphil]

The "enemy" of the government in such a situation isn't in a couple of cities. Like "Anonymous", they are thinly distributed anywhere. Indiscriminate violent action against mostly innocent citizens in a couple of cities would do nothing but steel the resolve of millions elsewhere, it would be a futile gesture. Unless their goal was simply to get in the history books.

Re:$2 Million as a bait

[fatphil]

We had an election here last week. Out of a firm belief that there's no democracy in the UK, I've not bothered voting for the last 20 years (and to those who did vote, you are validating the system, and I have a right to blame you for the outcome, no matter for whom you voted); but now I'm in a different, young, country, I thought it was worth a shot, to see if democracy works here. The party polled enough votes for 3.2 seats on the 79-seat council, and as we have proportional representation, we got 0 seats in reality. Yup, rounding down 3.2 gives you 0.

OK, I won't be voting here again, as there's no way that the 4 big parties are going to change the 5% cutoff that keeps those who have an interest in the community and the country out of being represented. Ironically (not really), the platform of this 5th party included a "the 4 big parties are a cartel" statement.

Duverger's law has started to kick in, and from that there is no way back.

So no, you don't have a jab at making it happen. Sorry.

Re:$2 Million as a bait

[Sockatume]

It's a tricky balance. A corporation speaks with the combined resources of the entire organisation, but often only in the direction that a handful of senior managers choose. This means that said managers have a disproportionately large voice in the political sphere. On the other hand, the same could be said of things like labour unions, although those (ostensibly) talk with the democratically-selected voice of their members.

Re:$2 Million as a bait

[ebh]

Repeat after me: Money is not speech. Corporations are not people.

Re:$2 Million as a bait

[iserlohn]

You talk of "buying influence" but theres no way around it; unless you want to make it illegal to be paid to state your opinion (which would kill commercials and would also seem to be a serious compromise), any attempt I can think of to control campaign advertising would be a dangerous attack on political speech.

Dangerous? to whom? The only danger is that we end up with a fairer system.

There's no slippery slope argument here at all, so why are people insisting that there is. We have always had limits on free speech, for a variety of mainly very good reasons. Political speech is already relatively deregulated - which is causing the problems we are seeing now.

Most of the wealth in the US is owned by a relatively small number of people. A great majority of these people want this situation to remain.

Re:$2 Million as a bait

[LordLimecat]

Dangerous? to whom? The only danger is that we end up with a fairer system.

Do you understand why we have free political speech? The "danger" is you end up with a system where the government can arbitrarily decide that your speech is not allowed -- without any of the current restraints we place on their ability to do so. The entire point of a democracy is that the people can be heard; allowing those in power to decide WHAT may be heard undermines that.

There's no slippery slope argument here at all, so why are people insisting that there is

Yes, there is, because every test we have for whether speech may be restricted by the government hinges on the question of whether it has political value. If you get rid of that restraint, there is absolutely no check on what speech may be curtailed, and you might as well rip "freedom of the press" and "freedom of speech" right on out of the constitution.

You may think that the problems we have are bad enough that its worth the risk that we end up with a CPC-style regime, I do not. Many of the stipulations in the Bill of Rights are inconvenient, but they are very important, even if slashdotters want to question the protections against double jeopardy, self-incrimination, political repression, etc. Our founders understood what a too-powerful government was capable of; its a little disheartening that so many today dont.

Re:$2 Million as a bait

[iserlohn]

The system right now is skewed towards those with the mean necessary to drown out reasonable voices. Instead of the government arbitrarily deciding who gets to run in an election, you have rich individuals and corporations that decide. It this situation any better than the alternative? Unlike government, we the people, have no oversight of these private parties because it's all done in the shadows with money being moved all over the place to obscure who the benefactors are.

The whole idea of the US constitution is to create a system of government which can be controlled by the people. In order to do this, we need to decide upon a fair way to set the ground rules for campaign funding. That's all that's required.

The big difference between your POV and mine is that you feel government, and government alone, is not to be trusted. Whereas I feel that power is no to be trusted. Government is not to be trusted, but only because it has power. However, government is not the only source of power and we need to use our system of government to keep the sources of power (ie. individuals and organizations that have wealth and influence) in check within our society in order to keep it falling corrupt and tyrannical.

Cybersecurity

[LMariachi]

This may be why the kids don't want those "potentially secure" cybersecurity jobs.

On unknown, illegal response string or

[hairy_texas_milf]

length or end string packet match iptables -I INPUT-s $SRCIP -j DROP

Re:Impossible

[somersault]

What is described in the summary isn't "impossible" at all. It doesn't say it has to delivery 100% security. This system itself will probably introduce some nice new vectors of attack too.

Re:Why do people work on these competitions?

[Joining+Yet+Again]

Because single-minded buffoons who have immense skills in one area but no skills elsewhere are suckers for this sort of thing.

And that's just the sort of person big businesses/government (but I repeat myself) want for grunt work.

Re:Impossible

[Joining+Yet+Again]

Indeed.

The human mind's greatest privilege is not having to reveal how it's working.

Egads! "build systems that reason" ???

If you could "build systems that reason" you'd be able to get a whole lot more than $2mil - why would anyone divulge this technology to the government when they could license it to Google, Apple, Microsoft, IBM, and everyone else? If I had this technology, my first stop would be the patent office and I would patent it out the wazoo and start licensing it. If the government wants it, they can get in line.

Re:Egads! "build systems that reason" ???

[game+kid]

Wait in line? Hah! They'd just strip your name off, make an ACA healthcare exchange server out of it, and LOL at your insignificance.

Re:Egads! "build systems that reason" ???

[maxwell+demon]

If I had this technology, my first stop would be the patent office

If I had tech that's that advanced, I'd stay clear of the patent office. I'd make sure that it remains secret and would let it work for me.

Also, you seem to have the illusion that a patent protects you from the government. If the government really wants it, it can simply declare it a matter of national security and bypass the patent office. Sorry, no money for you.

Re:Why do people work on these competitions?

[Sockatume]

The pleasure of applying one's abilities to an interesting problem. Those are the people you have to watch out for, the ones who would do the work even if they weren't getting told to or paid to.

All threats?

[mfh]

I'd like to see a software system effectively deal with social engineering as well as other criminal vectors. Software is only going to be able to protect its own silo of information.

Also, we see a lot of programmers relying on code from outside sources. They don't typically debug someone else's code which is a ripe area for exploit vectors.

Combine these elements and you have our present day situation. I don't see any of this addressed in the competition.

They appear to be assuming the network is not corrupted from within.

laughable

[Gravis+Zero]

if you can make a system like this, you can make billions in the private sector. why would you give it to DARPA for a lousy two million?

if the DoD is going to spend 12 billion a year making a jet that we dont need, why not give two billion to the group that comes up with a solid working solution? i assure you, two billion dollars will get you a hell of a lot of attention from the best people out there, with teams of hundreds of experts. a global challenge would result in a much better chance of success.

Re:laughable

[malakai]

We go through this every time there is a DARPA challenge:

5 Intellectual Property
DARPA claims no rights to software developed by Open Track competitors as a result of participation in the CGC. DARPA does not intend to disclose the CQE and CFE Technical Papers outside the Government, with the following exception: CGC Technical Papers may be handled by DARPA support contractors for administrative purposes and/or to assist with technical evaluation. All DARPA support contractors performing this role are bound by nondisclosure agreements. DARPA does not intend to disclose CGC Technical Papers to contractors to duplicate, commercialize, or for reprocurement or reverse engineering purposes.

Do you think all the participants of the past DARPA grand challenges relating to autonomous vehicles have given away their IP? Of course not. Those teams that pushed through have made lucrative deals with car manufacturers and others.

All DARPA want's to do is spur innovation. A challenge like this is essentially a heads up that in 5 years they'd like to spend a lot of money on procuring services like these. In the past, they'd just give someone the money to build it, and maybe it worked, maybe it didn't. At least now it's a bit more market driven.

I win

[connor4312]

iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP

Re:Why do people work on these competitions?

[AHuxley]

The gift of been an insider later in life. You get your name in the system and are guided up the gov contracting structure.

Re:Why do people work on these competitions?

[Sockatume]

You don't actually know how a DoWhatever grand challenge works, do you?

Totally wrong idea

[Skapare]

You cannot have cyber security by having some software (or hardware) around to just do it for you. Real security is about HOW you do everything else. It appears someone thinks all security exploits are just badly implemented API calls?

I've got an idea!

[s_p_oneil]

The title of my contest entry will be called the MCP (Master Control Program). It will enslave all other programs on the network.