DARPA challenge seeks self-healing code for IoT future

18 Jul 2016

DARPA, the advanced military research wing of the US government, issued a challenge to coders to develop software for the internet of things (IoT) that could heal itself and seal up any vulnerabilities.

In a world where cyberattacks are increasing at a phenomenal rate with little sign of abating, the fact that DARPA is operating a new cybersecurity challenge, called the Cyber Grand Challenge (CGC), is of no great surprise.

Based on this upcoming competition, DARPA is fixated on an IoT future where billions of connected devices are all talking amongst each other and, worryingly, able to transmit one vulnerability to another.

Computer vs computer showdown

Many in the cybersecurity field are wary that one mistake could have devastating repercussions in the home, smart cities or industry, and now DARPA is aiming to make IoT security completely autonomous.

Speaking with Yahoo, DARPA’s programme manager for CGS, Mike Walker, has called such competitions as a start to a technological revolution, particularly given his claim it takes the security researchers over 300 days on average to locate coding vulnerabilities.

Even then, it usually takes over three weeks before a vulnerability can be patched and, within that time, hackers aware of this back-door will gladly exploit it.

At the upcoming CGC event, the typical ‘capture the flag’ security competition – which asks researcher to locate and report a vulnerability as fast as possible – has been ramped up a gear.

Now, researchers are being asked to pit autonomous systems against one another to not only report proof that their systems were able to discover vulnerabilities, but also that they were able to patch them without any human interaction.

Considering the difficulty this will pose to researchers, there’s nearly $4m in prizes up for grabs to develop such a system and competitors will get access to advanced supercomputers capable of actually tackling such challenging tasks.

From discovery to patch in 30 seconds

Posing a future scenario where such an autonomous code exists, Walker said: “Imagine a hacker in the future sitting at a keyboard armed with an unknown flaw they just discovered. They connect to a computer, they break in, and then 30 seconds later their connection is cut. When they try to get into a computer using the same hack and it won’t work.”

Of course, with supercomputers being involved, the work that will be done at CGC is in its very earliest stages with commercial applications and use in the wider IoT world not be expected for some time.

But Walker has said it could have some other applications, particular in larger-scale business ventures.

“It’s difficult to think of this technology anywhere in the near-term on anything but a supercomputer,” he said. “It could be used in the cloud, because there is an enormous amount of computing power required.”

Coding image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic