Category Archives: Cyber Security

Doomsday Clock Reset

This year is the 70th anniversary of the Doomsday Clock, which the Bulletin of the Atomic Scientists describes as follows:

“The Doomsday Clock is a design that warns the public about how close we are to destroying our world with dangerous technologies of our own making. It is a metaphor, a reminder of the perils we must address if we are to survive on the planet.”

You’ll find an overview on the Doomsday Clock here:

http://thebulletin.org/overview

The Clock was last changed in 2015 from five to three minutes to midnight. In January 2016, the Doomsday Clock’s minute hand did not change.

On 26 January 2017, the Bulletin of the Atomic Scientists Science and Security Board, in consultation with its Board of Sponsors, which includes 15 Nobel Laureates, decided to reset the Doomsday Clock to 2-1/2 minutes to midnight. This is the closest it has been to midnight in 64 years, since the early days of above ground nuclear device testing.

Two and a half minutes to midnight

The Science and Security Board warned:

“In 2017, we find the danger to be even greater (than in 2015 and 2016), the need for action more urgent. It is two and a half minutes to midnight, the Clock is ticking, global danger looms. Wise public officials should act immediately, guiding humanity away from the brink. If they do not, wise citizens must step forward and lead the way.”

You can read the Science and Security Board’s complete statement at the following link:

http://thebulletin.org/sites/default/files/Final%202017%20Clock%20Statement.pdf

Their rationale for resetting the clock is not based on a single issue, but rather, the aggregate effects of the following issues, as described in their statement:

A dangerous nuclear situation on multiple fronts

  • Stockpile modernization by current nuclear powers, particularly the U.S. and Russia, has the potential to grow rather than reduce worldwide nuclear arsenals
  • Stagnation in nuclear arms control
  • Continuing tensions between nuclear-armed India and Pakistan
  • North Korea’s continuing nuclear development
  • The Iran nuclear deal has been successful in accomplishing its goals in its first year, but its future is in doubt under the new U.S. administration
  • Careless rhetoric about nuclear weapons is destabilizing; for example, the U.S. administration’s suggestion that South Korea and Japan acquire their own nuclear weapons to counter North Korea

The clear need for climate action

  • The Paris Agreement went into effect in 2016
  • Continued warming of the world was measured in 2016
  • S. administration needs to make a clear, unequivocal statement that it accepts climate change, caused by human activity, as a scientific reality

Nuclear power: An option worth careful consideration

  • Nuclear power a tempting part of the solution to the climate change problem
  • The scale of new nuclear power plant construction does not match the need for clean energy
  • In the short to medium term, governments should discourage the premature closure of existing reactors that are safe and economically viable
  • In the longer term, deploy new types of reactors that can be built quickly and are at least as safe as the commercial nuclear plants now operating
  • Deal responsibly with safety issues and with the commercial nuclear waste problem

Potential threats from emerging technologies

  • Technology continues to outpace humanity’s capacity to control it
  • Cyber attacks can undermining belief in representative government and thereby endangering humanity as a whole
  • Autonomous machine systems open up a new set of risks that require thoughtful management
  • Advances in synthetic biology, including the Crispr gene-editing tool, have great positive potential, but also can be misused to create bioweapons and other dangerous manipulations of genetic material
  • Potentially existential threats posed by a host of rapidly emerging technologies need to be monitored, and to the extent possible anticipated and managed.

Reducing risk: Expert advice

  • The Board is extremely concerned about the willingness of governments around the world— including the incoming U.S. administration—to ignore or discount sound science and considered expertise during their decision-making processes

Prior to the formal decision on the 2017 setting of the Doomsday Clock, the Bulletin took a poll to determine public sentiment on what the setting should be. Here are the results of this public pole.

Results of The Bulletin Public Poll

How would you have voted?

DARPA Cyber Grand Challenge (CGC)

DARPA launched the Cyber Grand Challenge (CGC) in 2014. This is a competition in which each competitor team attempts to create an automatic IT network defense system that can analyze its own performance during attacks by an intelligent adversaries, identify security flaws, formulate patches, and deploy the patches in real-time on the network being protected. This DARPA competition will “give these groundbreaking prototypes a league of their own, allowing them to compete head-to-head to defend a network of bespoke software.”

The longer-term DARPA goal is to promote technology that leads to operational, automatic, scalable, adaptive, network defense systems operating at machine speed to protect IT networks against intelligent adversaries.

The CGC Challenge Competitor Portal is at the following link:

https://cgc.darpa.mil

The Master Schedule for CGC is shown in the following chart:

CGC Master ScheduleSource: DARPA

A slide presentation reporting the lessons learned from the first year of the CGC is available at the following link:

https://www.usenix.org/sites/default/files/conference/protected-files/sec15_slides_walker.pdf

This is a complex slide presentation that benefits greatly from seeing it along with a video of the actual presentation made by Mike Walker at the 12 – 14 August 2015 24th USENIX Security Symposium. You will find this rather long (1 hour 17 min) video at the following link:

https://www.usenix.org/node/190798

In the 2015 Challenge Qualification Event, seven finalists were qualified. The finals will be held from 54 August 2016 at the Paris Hotel & Convention Center in Las Vegas, Nevada. The Award Ceremony will be held at the beginning of DEF CON 24 on Friday, 5 August 2016.

CGCEventFirstAutomatedNetDefense  Source: DARPA

This is exciting stuff! The results are certain to be very interesting.

8 August 2016 Update: Carnegie Mellon’s Mayhem computer system won DARPA’s CGC

Seven invited teams competed for $4 million in prizes at the DARPA CGC. The $2 million grand prize winner was the Mayhem computer system designed by Carnegie Mellon’s team ForAllSecure. The $1 million second place prize was awarded to the Xandra computer system designed by team TECHx of Ithaca, NY, and Charlottesville, VV. Third place and a $750K prize was awarded to the Mechanical Phish computer system developed by the Shellphish team of Santa Barbara, CA.

You can read details on the DARPA website at the following link:

http://www.darpa.mil/news-events/2016-08-05a

Also see the following article on the TechCrunch website for more details on the CGC Finals competition.

https://techcrunch.com/2016/08/05/carnegie-mellons-mayhem-ai-takes-home-2-million-from-darpas-cyber-grand-challenge/