Autonomous Hacking ?

DARPA held their cyber grand challenge in Las Vegas last week.  The challenge pitted 7 autonomous security systems against each other in a Capture The Flag Competition.  The winning system then went on to compete in DEFcon’s regular CTF against human competition and did as well as was expected (dead last). The job of commentating 7 server towers connected to a network for hours on end requires the sort of creativity, stamina and energy that we normally reserve for the Olympics.  

A few things stand out about this competition, apart from the pomp and flair with which it was conducted.


1)The resources that are being pumped into this. The funding laid out combined with the prize money, plus the costs of running, hosting and publicizing the event would put the total easily over 10 million.  That is quite a bit for what amounts to a side exercise and a bit of publicity

2) How unprepared we are for the discussion about when, where and how this technology and could and should be used.  The ethics of secret wars are not well suited for public debate.  This conversation can only get more complex when the only human actors in a conflict are effectively bystanders, friendly fire or collateral damage.


3) How prepared is Canada for when these things get let off the chain?  


If a maintenance contractor is an attack vector for a nuclear processing facility and a power supply station a vector for an airline control system, how widely do we need to deploy intelligent dynamic patching technologies ( I will let someone who knows contribute what these are actually called) to slow them down ?  


4) Is the type of training we delivering producing people who can out perform these machines ?