In 1997, the greatest living human chess player was beaten in a best-of-three match by a supercomputer.
Since Gary Kasparov’s defeat by IBM’s Deep Blue 17 years ago, humans have essentially been playing chess for second place -- and it may not be long before they are relegated to the benchwarmer status in the fields of cyberspace.
“I believe the world series of hacking will soon be won by a machine,” said Mike Walker, a program manager at the Defense Advanced Research Projects Agency.
Walker, speaking at a Dec. 9 Bloomberg cybersecurity event in Washington, D.C., said automated machines are catching up to their human counterparts in examining software or networks for vulnerabilities.
Traditionally, “automation always loses in a battle of wits with attackers,” but the capabilities of computerized systems have improved immensely in just a few years and the battles are getting closer. In many instances, automated machines with clever human-authored algorithms find previously undiscovered software bugs in programs that teams of programmers miss.
It’s not unlike the high-profile man-versus-machine chess matches that took place in the mid-1990s, when the sport’s best grandmasters gleefully and routinely check-mated their CPU-powered counterparts.
That is, until computers replaced them at the top of the chess food chain.
IBM’s Deep Blue could calculate 200 million chess moves per second, and while the human brain is capable of 20 million billion calculations per second, a computer can focus the entirety of its processing power on a singular task, like identifying the next best move. Subsequently, IBM’s Watson would later relegate humanity to second best at trivia game shows, besting the top human competition in Jeopardy.
In this era of increasing connectivity that could see 70 billion Internet-connected devices by 2020 – 10 per person – Walker said automated machines are the only chance people have to defend networks that will grow vastly in size and risk as more connections come in.
Even today, cyber adversaries – some using hijacked “zombie machines” or bots to do their bidding – “are winning more often” against programmers, coders and information security experts.
“Not only are attackers winning more often, but they’re getting faster and pulling away,” Walker said.
Automated machines represent the only hope of securing networks in the coming Internet of Things era, Walker said, because they actually have the computational capacity to, for example, peruse millions of lines of code for flaws or examine a packet-traffic log in real-time for anomalous behavior. The decision-making process to mitigate flaws and fix them in real-time is the next step forward for those machines.
A sneak preview of the near future – and our potential machine overlords – will be demonstrated in DARPA’s Cyber Grand Challenge in 2016. The computer security tournament will test the wits of machines – not people – in reverse-engineering software created by organizers. Machines will have to locate and heal weaknesses in software in a live network competition. The results could determine just how soon the battlefields of cyberspace star automated machines, with humans playing for second place.