Geeks and security freaks are my favorite kind of people; it's a compliment, the same as being a hacker. They may not have always been considered cool labels, but most who fall in that category are not concerned about what people think. Instead of public opinion, these types of people apply their curiosity to other more important matters. 700 such security-minded individuals, ranging from DOD officials to members of the IT industry, recently met to discuss how to do a better job protecting military and commercial cyberspace. Cyberspace is considered a domain by the DOD and needs offensive and defensive protections the same as air, land, sea and space.
The U.S. Department of Defense reported on the mindboggling and perhaps migraine-inducing job to protect networks from attackers and cyberspies. DARPA Director Regina E. Dugan said, "The potential capability for cyber mayhem makes cyber security 'one of the most intense challenges of our time.'...Malicious cyberattacks are not merely an existential threat to our bits and bytes. They are a real threat to an increasingly large number of systems that we interact with daily, from the power grid to our financial systems to our automobiles and our military systems."
Army Gen. Keith B. Alexander, commander of U.S. Cyber Command and Director of the NSA, added, "When you look at the vulnerabilities that we face in this area, it's extraordinary. What we see is a disturbing trend, from exploitation to disruption to destruction." The DOD wants to "create special 'hunter teams' to actively look for computer viruses and malware" as part of "a 'dynamic' perimeter-defense network."
Alexander said cloud computing could manage serious cyber threats, but that's not the end of it. From protecting this nation from tech tainted with Trojans and embedded with malware, to keeping counterfeit or defective mission-critical hardware out of the ballistic missile defense system, America faces huge security challenges daily. According to the National Counterintelligence Executive Report to Congress [PDF], China and Russia cyberspies are hell-bent on espionage and trying to steal U.S. secrets in cyberspace. Last year there were said to be 440 million new hackable points on the smart grid and this year DHS warned that hacktivists might point, click, destroy industrial control systems.
Have skills and need a job in this cruddy economy? There's been a desperate need for hackers for a long time, hackers as in white hats, pen testers, and cyberwarriors. Earlier this year, DHS was facing "a trio of potential nightmares" which included cybersecurity, homegrown terrorists and intelligence sharing. There's "a shortage of sophisticated hackers to fill the cybersecurity gap." DARPA announced the DOD research wing was ready and willing to pay hackers to help block cyber threats. This year's Spot the Fed at DefCon wasn't too hard, being that about every acronym you could name was there: FBI, IRS, DOD, DHS, NASA, NSA all looking to recruit cyberwarrirors. And DARPA is still asking for hackers to help them.
Yeah, yeah, I know, it's an unpopular thing to say and much less attention-grabbing than say Antisec hackers mangling and pwning defense contractor Booz Allen Hamilton. The hacker label has become a bit tarnished in the age of AntiSec and Anonymous hacking like it's the 90s again. "It's a trap" seems to be the mindset of many hackers when asked if they might ever consider working for the government. This is not unique to the USA.
The Chaos Computer Club (CCC) in Germany turned 30 and OWNI interviewed Andy Müller-Maguhn who has been a part of the Chaos Club since 1985 when he was 14. The conversation turned from 30 years of political hacking, to former CCC hackers who were linked to intelligence agencies - sometime against their will. But after visiting a hacking conference in America, Müller-Maguhn was surprised to see how openly the U.S. government recruits hackers. "If you came here and asked someone to hack for the government, they will send you on your way," he said. "But if you entice them with a technical challenge that's relevant to their field, and a little money, it's not so clear cut. They do that very well. It's like the story of the boiling frog."
But instead of being flipped from the darkside into an FBI informant, or finding out you are indeed a boiling frog caught in a trap, would you consider hacking for Uncle Sam? Cybersecurity is one of the few fields that is "somewhat immune to spending and budget cuts." Input/Deltek estimated that security is growing by 9% yearly. "Federal government contracts alone amount to over $9 billion today and are projected to grow to $13.3 billion by 2015."
Jeff Moss, aka @TheDarkTangent, told the New York Times, "With the rise of hacktivism, now the people who break into you tell you they break into you. A little bit of public humiliation is going to go a long way in helping the security industry clean up." And The Atlantic quoted Moss as saying, "They need people with the hacker skill set, hacker mind-set. It's not like you go to a hacker university and get blessed with a badge that says you're a hacker. It's a self-appointed label -- you think like one or you don't."
All I can add to that is amen!
This story, "Uncle Sam Wants You, Hackers: Cyberwarriors Needed to Stop Cyberspies" was originally published by Computerworld.