recommended reading

Hacker Conference Will Invite Feds Back – In 2016

Hackers participate in a competition at the DefCon conference Friday, Aug. 5, 2011.

Hackers participate in a competition at the DefCon conference Friday, Aug. 5, 2011. // Isaac Brekken/AP File Photo

The Defense Advanced Research Projects Agency is expected to announce on Tuesday a deal with DEF CON to hold the final round of DARPA’s two-year Cyber Grand Challenge at the organization’s 2016 Las Vegas conference. 

The aim of the competition is to build a Watson-like machine that can detect and deflect cyberattacks without any help from humans.  

DARPA officials put it this way: "The first computer security tournament designed to test the wits of machines, not experts."

Last August, DEF CON did not want any machines or experts from the government in attendance.

"FEDS, WE NEED SOME TIME APART," stated the event’s home page, after details emerged about the National Security Agency's domestic spying program. For years, leaders, including the NSA director, had hung out at DEF CON to recruit cyber warriors. But not after ex-federal contractor Edward Snowden disclosed sweeping NSA surveillance programs. "When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a 'time-out' and not attend DEF CON this year," organizers stated.

Now, the military, along with white hat and black hat hackers, will play games together, at the site of the longest-running annual cyber "capture the flag" event. Capture the flag, at DEF CON, involves a quest to defend a server against hacks by competitors and collect flags for successfully breaching rival servers.

So far, 35 teams of mostly self-funded corporate and academic programmers have entered DARPA's automated version of capture the flag, agency officials said.  Officials on Tuesday named five companies and two research institutions that will receive federal funding to participate until June 2015.

The private sector grant recipients include For All Secure, GrammaTech, Lekkertech, SIFT and Trail of Bits, and the academic organizations are SRI and the University of California at Berkeley. 

The winner of the final match in Vegas will collect $2 million in cash.

“Today’s security methods involve experts working with computerized systems to identify attacks, craft  corrective patches and signatures and distribute those correctives to users everywhere—a process that can take months from the time an attack is first launched,” DARPA program manager Mike Walker said in a statement. “The only effective approach to defending against today’s ever-increasing volume and diversity of attacks is to shift to fully automated systems capable of discovering and neutralizing attacks instantly.”

Walker is scheduled to host a six-hour conversation with aspiring participants and other Internet users on Reddit, starting at 10:00 am on Tuesday.

DARPA also is anticipated to release a safe practice environment for the competing machines. Dubbed "DECREE," the open-source extension for the Linux operating system is not compatible with any other software and is built for operating small, isolated software test samples, officials said.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.