Improving Cybersecurity on a Global Scale
UI computer scientists in the running for $2 million Cyber Grand Challenge prize
As electronic devices and people are becoming more and more connected, cybercrime — and in turn, cybersecurity — are growth industries.
Cybercrime impacts all levels of society, from individuals to businesses to governments. Recent high-profile data breaches at Sony Entertainment, Target and the U.S. Office of Personnel Management and the recall of 1.4 million Fiat Chrysler Automobile vehicles susceptible to cyberattacks underscore the breadth and seriousness of the problem. Intel Security subsidiary McAfee estimates that the annual cost to the global economy from cybercrime is more than $400 billion.
The National Academy of Engineering (NAE), together with input from an international group of leading technological thinkers, has identified “securing cyberspace” as one of the 14 Grand Challenges facing engineers in the 21st century. The NAE notes that the “critical challenge is engineering more secure software. One way to do this may be through better programming languages that have security protection built into the ways programs are written. And technology is needed that would be able to detect vulnerable features before software is installed, rather than waiting for an attack after it is put into use."
The UI College of Engineering announced earlier this spring in conjunction with the White House that it will join 122 U.S. engineering schools leading a transformative movement in engineering education preparing students to address the 14 Grand Challenges facing society.
Two researchers at the UI’s Center for Secure and Dependable Systems (CSDS) are leading that charge. For more than a year, CSDS Director Jim Alves-Foss and postdoctoral research fellow Jia Song have been engaged in a complex, large-scale digital capture the flag tournament. Sponsored by the Pentagon’s Defense Advanced Research Projects Agency (DARPA), the Cyber Grand Challenge began with over 100 teams of hackers, IT security professionals and computer scientists from around the world vying to create an automated cybersecurity system to detect and stop threats without human assistance.
Alves-Foss and Song are among the top seven finalists. They will compete for a grand prize of $2 million at DEF CON 2016, one of the world's largest hacker conventions, in Las Vegas. Second place receives a $1 million prize and third place $750,000.
Alves-Foss and Song have been described as an “unlikely” finalist in a crowd that includes academic and industry heavyweights such as University of California, Berkeley and Raytheon Company. This has not deterred Alves-Foss — while he recognizes his team is an underdog and does not have the same resources of his competitors, he believes his team’s approach toward automating defenses against cyber-attacks is its greatest strength.
"We have extensive experience developing tools and techniques that simplify the design, analysis and development of secure software,” he said. “Our approach takes those lessons learned and uses them to guide the development of our tools, to focus on security vulnerability analysis and patching where it most matters.”
Alves-Foss and Song will use this next year to devote more time and effort to prepare for the DEF CON competition.
“As a small team we are able to be agile and adapt,” said Alves-Foss, noting that in the earlier challenge rounds they left “a lot on the table” and have several innovative ideas still to implement.