Pittsburgh-based team wins $2M DARPA Grand Cyber Challenge
LAS VEGAS — A team from Pittsburgh took home the $2 million first prize in DARPA’s Grand Cyber Challenge, culminating years of work that aimed to to see if a high performance computer system could discover and patch security systems automatically — without human intervention.
For All Secure’s “Mayhem” computer bested six other competitors in front of 5,000 computer security professionals Thursday at the Paris hotel in Las Vegas. The computers were measured in a “Capture the Flag” exercise, defending systems from an array of bugs hidden inside custom, never-before-analyzed software. The machines were challenged to find and patch flawed code within seconds and find their opponents’ weaknesses before the defending systems did.
“I’m enormously gratified that we achieved CGC’s primary goal, which was to provide clear proof of principle that machine-speed, scalable cyber defense is indeed possible,” said Mike Walker, the DARPA program manager who launched the challenge in 2013. “The effort by the teams, the DARPA leadership and staff, and all the hundreds of people who helped make this unique, open-to-the-public test happen was enormous. I’m confident it will speed the day when networked attackers no longer have the inherent advantage they enjoy today.”
Second place went to TechX, a team made up of experts from the University of Virginia and New York-based software company GrammaTech. Third place went to Superphish, a team based out of the University of California—Santa Barbara. Those teams won $1 million and $750,000 respectively.
Marc Brown, the chief marketing officer for GrammaTech, says he expects the technology used in the tournament to have a quick turn-around time, possibly hitting the commercial market in three to five years.
“I really think this is going to lay the foundation for many new techniques that people are going to want to employ,” Brown told FedScoop. “The techniques around perimeter security are just not scalable and too expensive. We need these self-learning, self-protecting systems that are policy driven, because when we get there, we can move on to full A.I.”
Mayhem took home the top prize by defending their systems from malicious software that mimicked some of the worst bugs in history. The supercomputers defended against bugs similar to the Morris worms, SQL Slammer, and Crackaddr.
Mayhem also got the chance to compete in the human-led version of Capture The Flag, which kicked off the DEF CON conference on Friday.