Cyber

In the world of network cyber security, the weak link is often not the hardware or the software, but the user. Passwords are often easily guessed or possibly written down, leaving entire networks vulnerable to attack. Mobile devices containing sensitive information are often lost or stolen, leaving a password as the single layer of defense.

What if computers had a “check engine” light that could indicate new, novel security problems? What if computers could go one step further and heal security problems before they happen?

Computer security experts from academia, industry and the larger security community have organized themselves into more than 30 teams to compete in DARPA’s Cyber Grand Challenge—a first-of-its-kind tournament designed to speed the development of automated security systems able to defend against cyberattacks as fast as they are launched. DARPA also announced today that it has reached an agreement to hold the 2016 Cyber Grand Challenge final competition in conjunction with DEF CON, one of the largest computer security conferences in the world.

Across the United States, 3200 separate organizations own and operate electrical infrastructure. The widely dispersed nature of the nation’s electrical grid and associated control systems has a number of advantages, including a reduced risk that any single accident or attack could create a widespread failure from which it might take weeks to recover. Since the late 1990’s, however, cost pressures have driven the integration of conventional information technologies into these independent industrial control systems, resulting in a grid that is increasingly vulnerable to cyber-attack, either through direct connection to the Internet or via direct interfaces to utility IT systems.

The Heartbleed security bug existed in many of the world’s computer systems for nearly two-and-a-half years before it was discovered and a fix circulated in the spring of 2014, by which time it had rendered an estimated half a million of the internet’s secure servers vulnerable to theft and other mischief. And while Heartbleed was in some respects an outlier, long-lived critical flaws in widely deployed bedrock internet infrastructure are not rare.