recommended reading

DARPA Plugs Contest for Watson-like System to Deflect Hackers

Pavel Ignatov/

In the wake of an alleged hack that stole the passwords of two million Facebook, Google and other Internet users, Pentagon officials are plugging a new contest to build a Watson-like system that can find and eradicate Achilles heels in software. 

The Defense Advanced Research Projects Agency, the test tube branch of the Pentagon, announced the Cyber Grand Challenge on Oct. 22. The winning team will take home $2 million for creating an unmanned hacker-halter that finds and repairs bugs in software connected to a network, without disrupting the software program.

"As the lessons of how to do this emerge -- what we're hoping for is that we will have automated systems that can recognize novel flaws, novel threats, in networks and remediate them in real-time," DARPA program manager Mike Walker told reporters on Friday. Software flaws that let in hackers include, among other things, weak verification of data, user interface errors and authentication problems. 

The two-year race will finish too late to stop hackers from weaponizing the 60-some software bugs in Microsoft and other popular software that boutique companies find and sell every day. But the goal is for the match itself to jumpstart industry investment in robotic analysis. 

DARPA has tried this gambit before. Previous grand challenge contests dared scientists to invent robotic vehicles, spurring what Walker called "the dawn of the self-driving car revolution." Everybody failed the first year in 2004. But during the 2005 grand challenge, four autonomous vehicles made it through a 132-mile desert route within the 10-hour time limit. And now a smattering of states nationwide are allowing Google’s driverless cars on roads. 

At the end of the vehicle challenges, "those prototypes were not ready to roll off the contest raceway and on to American highways, but what did transition out of that first race was the dream that vehicles could actually pilot themselves on complex courses," Walker said. 

Programmers in need of financial support for the cyber challenge have until Jan. 14, 2014 to submit a grant proposal. This money -- $750,000 per year -- is separate from the prize money and funding is limited. An unlimited number of self-funded participants can enter. Walker would not disclose the number of registrants but said officials "have seen a lot of interest." 

Workshops for potential entrants were held in Arlington, Va., on Tuesday and Wednesday. On Monday, West Coast coders can attend a session in San Francisco. 

Web companies for years have been working on manual and piecemeal mechanized systems for identifying bugs. Using a tool called SAGE, Microsoft researchers found and fixed one-third of the flaws in Windows 7 before the operating system was released.  

Walker compared DARPA's project to the development of automated chess systems in the 1970s. "By playing each other, chess systems were able to figure out what approaches work," he said. The cyber challenge will "hopefully follow in the footsteps of systems like Deep Blue, like Watson, and let these systems someday play the experts at their own game."

An earlier version of this story misstated the deadline for grant proposals. Submissions are due Jan. 14, 2014. 

Threatwatch Alert

Network intrusion / Spear-phishing

Researchers: Bank-Targeting Malware Sales Rise in Dark Web Markets

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.