On August 4, 2016, DARPA challenged seven fully autonomous systems to hack and defend previously unseen computer code without any human assistance. The grand prize was $2M, and the goal was to prove a concept previously relegated to cyberpunk fiction: network security AI that could detect and understand zero-day attacks. This is the story of DARPA’s Cyber Grand Challenge (CGC), a global contest to develop first-generation autonomous cyber defense systems over an aggressive two-year competition timeline. During the final event, the competing autonomous systems proved machines could discover, prove, and patch zero-day software flaws in just a few minutes, a feat beyond the capabilities of any human network defense team.
Michael Walker explores the capabilities of these systems, discusses what they achieved, and explains what this automation revolution means for the future of computer security. As human civilization moves to depend on connected software to control cars, medical devices, homes, and businesses, the promises we make and keep about the safety of software are more important than ever. Michael outlines why the automation pioneered at CGC challenges conventional wisdom about the structural advantages of cyberattack and is poised to change the way we defend the code that runs our world.
Mike Walker is a program manager in DARPA’s Information Innovation Office. Mike’s research interests relate to machine reasoning about software in situ and the automation of application security life-cycles. Previously, Mike was a security software developer, red team analyst, enterprise security architect, and research lab leader. As part of the CSC “Strikeforce” red team, he helped develop the HEAT Vulnerability Scanner and performed red team engagements. As a principal at the Intrepidus Group, he worked on red teams that tested America’s financial and energy infrastructure for security weaknesses. As part of the DARPA SAFER red team, he discovered flaws in prototype communications technologies. Mike has participated in various roles in numerous applied computer security competitions: he contributed challenges to DEF CON Capture the Flag (CTF) and competed on and led CTF teams at the highest levels of international competition. Mike was formerly a mentor of the Computer Security Competition Club at Thomas Jefferson High School for Science & Technology (TJHSST).
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org