In the world of computer security, the bad guys are always 10 steps ahead of the good guys. But next month the mad scientists at the government’s Defense Advanced Research Projects Agency (DARPA) will bring together a group of the world’s best computer security experts to see if they can tip the scales in the good guys’ favor for once.
Dubbed the Cyber Grand Challenge (CGC), the event will determine if an self-governing program can hunt for security vulnerabilities that hackers can exploit to attack a computer, create a fix that patches that vulnerability and distribute that patch — all without any human interference.
“The idea here is to start a technology revolution,” said DARPA program manager for the CGC, Mike Walker.
What does that mean for you? Well, if all goes well, the CGC could mean a future where you don’t have to worry about viruses or hackers attacking your computer, smartphone or your other connected devices. At a national level, this technology could help prevent large-scale attacks against things like power plants, water supplies and air-traffic infrastructure.
At this point, you’re probably wondering why this is such a big deal. After all, your computer’s anti-virus program finds and fixes security holes all the time, right?
Yes and no. It’s true your own in-home anti-virus software can find security flaws and deal with them. But it takes real-live humans to design software to detect and fix those flaws.
Yes, people — albeit super smart people — are currently responsible for finding and fixing the security problems that make things like viruses and malware possible.
There are two ways companies can find security problems: proactively, that is, they actually search out flaws in operating systems or other programs; and reactively, where researchers learn about a security issue and get to work fixing it.
According to Walker, it takes security researchers an average of 312 days to discover security vulnerabilities in computer programs. During that time, hackers have the ability to do whatever they please with that flaw, whether that includes stealing Social Security information or breaking into your social media account. Even when security researchers actually know of a critical security flaw, Walker said, it takes up to 24 days to patch it.
Why does it take researchers so long to find and fix this stuff? Because the operating systems and programs you’re reading this very article on are created using millions of lines of code. And a single mistake in that code can be used to attack a computer system. To say finding those flaws is akin to finding a needle in a haystack is an incredible understatement.
Get weekly science updates in your inbox!