When it comes to spotting cyber vulnerabilities and repelling cyber attacks, humans and machines are good at different things. Human cybersecurity experts do well with abstract thought and comprehensive assessment. Autonomous and semi-autonomous cyber systems excel at hard math and rigid logic.
What happens when you put the two together—do they add up to more than the sum of their parts? The Defense Advanced Research Projects Agency (DARPA) wants to know. So DARPA has started an initiative called Computers and Humans Exploring Software Security (inevitably, CHESS).
According to Joseph Marks at Defense One, the whole thing began when Shellphish, a team of computer science grad students from UC Santa Barbara, entered their autonomous cybersecurity system into a competition at DEF CON, a hacker conference. The competition was intended for humans, but the students spotted a vulnerability—the rules didn’t explicitly prohibit non-human competitors. At that point, a DARPA official said to himself “Hmm, I wonder…”
DARPA, which focuses on long-horizon technologies, just held a “Proposers Day” for CHESS this month, so the program probably won’t produce results very soon. Then again, one wonders why nobody tried this approach sooner.
Read in The Bulletin of the Atomic Scientists' Archive
Publication Name: Defense One
To read what we're reading, click here
The Bulletin elevates expert voices above the noise. But as an independent nonprofit organization, our operations depend on the support of readers like you. Help us continue to deliver quality journalism that holds leaders accountable. Your support of our work at any level is important. In return, we promise our coverage will be understandable, influential, vigilant, solution-oriented, and fair-minded. Together we can make a difference.