GAMBIA-L Archives

The Gambia and Related Issues Mailing List

GAMBIA-L@LISTSERV.ICORS.ORG
Options: Use Forum View

Use Monospaced Font
Show HTML Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Fw: Educating Elite Hackers
From:
oko drammeh <[log in to unmask]>
Reply To:
The Gambia and Related Issues Mailing List <[log in to unmask]>
Date:
Tue, 20 Jul 2010 10:50:41 -0700
Content-Type:
multipart/alternative
Parts/Attachments:
text/plain (9 kB) , text/html (21 kB) 







Subject: USA Africa Dialogue Series - Educating Elite Hackers

Educating Elite Hackers
Inside the rush to recruit, train, and deploy a new generation of cybersecurity 
experts to protect and defend our digital borders.
It started with Michael Coppola taking things apart at the age of five: the 
remote control, his mother's house lamps, the family's VCR. He was curious about 
how things worked. By the time he was in fourth grade, he moved on to software. 
After building Web sites for his parents and their friends, Coppola, now 17, 
decided to try his hand at hacking. "When you have this passion for technology, 
you're not satisfied with knowing how to use something, you want to know how it 
works," he says. What started out as mere curiosity now makes this Connecticut 
high-school senior a rare—and highly valued—commodity: a hacker in the making.
While billions of dollars are being spent to secure U.S. cyberspace, the number 
of elite cybersecurity experts needed to protect and traffic this area for the 
government and the private sector is dangerously inadequate. The Comprehensive 
National Cybersecurity Initiative (CNCI)launched by President George W. Bush 
lists the need for better cybereducation and more experts as part of 12 core 
initiatives, but its large-scale implementation will take time. According to 
national-security authorities, time is something we don't really have. By one 
estimate the United States currently has about 1,000 elite experts. It needs 
20,000. Until now, the formal recruiting and training of a national cybercorps 
has been haphazard at best. Fortunately, for the Michael Coppolas among us, 
private companies and government agencies are amping up their efforts to find 
and educate a new generation of cyber whiz kids. By sponsoring national cyber 
competitions akin to American Idol, the goal is to quickly bring at least 10,000 
young tech minds into the fold. Among the organizers leading the way is Alan 
Paller, cofounder and research director of the Sans Institute, a cybersecurity 
school.
Paller is kind of a real-life version of Professor Charles Xavier, 
the X-men comic-book character who heads a school designed to find and nurture 
young mutants with supernatural powers. Early in his career, he cofounded a 
major graphics company and was an original member of President Bill Clinton's 
National Infrastructure Assurance Council, which was setup to address threats to 
the country's critical infrastructure. Since then, the cyber veteran has 
invested about 20 years helping to mold some of the brightest cyber minds in the 
world at Sans, and in doing so, keeping their skills on the right side of the 
law. He only decided to co-host a cyber challenge in 2008, after meeting with 
computer-security leaders from the White House, the NSA, and other agencies. 
"Simply put, we find ourselves in the same situation we did during the 1950s and 
1960s when we took on the space race," he says. "That [period] inspired young 
people to consider careers in math and science. Today, we need to approach 
cybersecurity the same way."
To Paller, that means looking for talent in unconventional places. It was the 
first Cyber Challenge, in 2009 and sponsored in part by Paller's organization, 
that piqued Coppola's interest. The cybersecurity simulation (titled "Netwars") 
required the 240 contestants to hack into 12 servers. Each server was worth 
points and whoever had the highest tally at the end of the game would be 
declared the winner. But instead of going from server to server, Coppola decided 
to hack the scoreboard and give himself the most points. Naturally, he won. "It 
wasn't part of the initial plan," he says. "I just happened to come across the 
vulnerability and decided to focus my time on that."
Perhaps this is what makes Paller's Netwars, one of the three cyber challenges 
he and others promote, the most interesting. It's a game that effectively 
focuses on finding vulnerabilities in a system and exploiting them to gain 
access. Some argue that such games are encouraging the kind of skills once 
relegated to the bad guys. But with a medium where there's a thin virtual line 
between those that exploit and those that protect, Paller is a big believer in 
having both a good defense and a good offense. "If we're going to outwit them, 
then we have to know how they work," says Paller of malicious hackers.
There is something to be said for that argument. Other countries, like China and 
Russia, have been hosting similar contests for years. Their motivation lies in 
how often and increasingly their governments are the targets of hacking attacks. 
Not that the U.S. fares much better. According to the Senate's Sergeant at Arms 
office, Congress and other government agencies are now under cyberattack an 
average of 1.8 billion times a month, compared with an average of 8 million 
times a month in 2008. Businesses are in the same situation. One report suggests 
that downtime from a cyberattack already costs a company an estimated $6.3 
million per day on average.
And the reality is that both the government and private sector can expect the 
situation to get worse. Dickie George, information assurance technical director 
of the National Security Agency (NSA), says he could easily use 1,000 qualified 
cyberexperts in the next year. And going through conventional channels won't do. 
"When I go to schools, there are more recruiters at the schools than there are 
people to recruit," he says. "Right now it's a losing game." George points to a 
recent visit where a student gave a riveting cyber presentation. "There was a 
line of people there, with me in the front saying, 'I want to hire you,' and a 
guy from a company behind me saying, 'I want to hire you, too, and I want to 
hire you for twice as much as he does.'" According to Indeed.com, the average 
cybersecurity expert makes roughly $102,000 per year, with the highly talented 
making more.
A large part of this shortage problem is education, George says. While several 
programs at colleges teach the basics of cybersecurity, there are few that can 
be considered state of the art. That limits the pool of bright graduates who are 
properly trained to deal with the shape-shifting nature of security. The NSA has 
made some efforts to partner with colleges across the country to better prepare 
those interested in a cyber career with the organization. And Steven Chabinsky, 
deputy assistant director at the FBI's Cyber Division, says every new agent must 
take 40 hours of cyber training. But he acknowledges that they too are actively 
looking to beef up the number of cyberexperts. Jim Lewis, director of technology 
and public-policy programs at CSIS, a public-policy research institution, which 
helped host the cyber challenge, agrees that the broader problem is deeply 
rooted in education, but there are other issues too. "Yes, part of it is that we 
have academic programs that don't produce the kind of people we need, but part 
of it is that the U.S. stopped funding computer sciences for about 10 years and 
a part of it is that until recently we really didn't understand just what kind 
of people we needed."
This is why Coppola finds himself in a sweet position.After having won the 
Netwars challenge, he's been offered a scholarship to take courses at the Sans 
Institute to fine-tune his skills. He's also helping the organization design 
classes for high-school students.
Several other players also did well. The NSA was able to recruit eight 
contestants for summer internships. Not a bad gig considering that 85 percent of 
those who intern are offered permanent jobs. And the FBI plans to partner on a 
challenge later this year and offer internships to the winners. Even the Air 
Force, which helped co-host last year's event, will offer five college 
scholarships to the winners of an upcoming competition.
On concerns about turning any of these kids to the dark side, Paller concedes it 
may be a little true. "Look, when the military trains young men and women to 
handle weapons, there's no guarantee some of them won't use that talent 
inappropriately," he says. "The truth is, I don't see a way to defend a country 
without growing these skills."
Paller and the other organizers plan to continue to expand the number of 
competitions and will add a series of weeklong cyber camps, the equivalent of 
soccer camp, starting in July. He'll be looking for the next kid who gets a 
thrill from taking things apart ... and who one day may be on the front lines 
protecting America's cyberspace.-- 




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
To unsubscribe/subscribe or view archives of postings, go to the Gambia-L Web interface
at: http://listserv.icors.org/archives/gambia-l.html

To Search in the Gambia-L archives, go to: http://listserv.icors.org/SCRIPTS/WA-ICORS.EXE?S1=gambia-l
To contact the List Management, please send an e-mail to:
[log in to unmask]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

ATOM RSS1 RSS2