On the Way to Autonomous Cybersecurity Solutions

This post is also available in: עברית (Hebrew)

The present approach to cybersecurity depends on computer security experts, who identify new flaws and threats and remediate them by hand. This process can take over a year from first detection to the deployment of a solution, by which time critical systems may have already been breached.

The  Cyber Grand Challenge (CGC) that opens this week in Las Vegas seeks to automate this cyber defense process, fielding the first generation of machines that can discover, prove and fix software flaws in real-time, without any assistance. If successful, the speed of autonomy could someday blunt the structural advantages of cyber offense.

The US agency DARPA (Defence Advanced Research Projects Agency) organized the Challenge within the framework of its efforts to bring autonomy to cybersecurity.

According to the Grand Challenge website, the goal is to accelerate research in the field and create public proof that it’s possible to automate the cyber defense process.

DARPA’s program manager for the Challenge, Mike Walker, said they “want to build autonomous systems that can arrive at their own insights about unknown flaws, do their own analysis, make their own risk-equity decisions about when to field a patch and how to manage that patching process autonomously.. and bring that entire timeline down from a year to minutes or seconds.”

He added the need for quick fixes would become more pressing as the world became populated by billions of small, smart net-connected devices – the so-called internet of things. “without automation we just will not be able to field any effective network defence.”