Faced with growing fears of potentially crippling cyber attacks and not enough skilled technicians to combat the threat, the Defense Department has launched a massive recruitment drive that’s tapping an unlikely group: computer hackers.
The Pentagon plans to dramatically boost the ranks of U.S. cybersecurity forces, expanding its number of cyber warriors more than five-fold, the Washington Post reported Sunday. But that strategy immediately confronts a critical shortage of those with the required skills.
“The people do not exist at all,” said Alan Paller, director of the SANS Institute, a training organization for computer security professionals. “A program is underway to build a pipeline of the needed people very rapidly.”
To meet its own demand, the Defense Department has begun a massive cyber recruiting effort that some have called this generation’s Manhattan Project. Pentagon officials and defense contractors have established cyber camps, competitions, scholarships and internships for high school and college students and created cybersecurity training programs for veterans returning from Iraq and Afghanistan. In addition, a growing number of colleges now offer programs focused on cybersecurity.
Yet despite these efforts, the urgent need for cyber experts remains. So military officials and contractors have also recruited hackers to fill the void.
Each summer at DefCon, the world’s largest hacker conference, officials from the Defense Department and other federal agencies mingle with 10,000 of the world’s best code crackers to persuade them to work for the government. Raytheon, which holds government cybersecurity contracts, once hired a high school dropout who spent his nights displaying his hacker skills online.
(Are you a hacker who’s been recruited by the government? HuffPost would love to hear from you. Email email@example.com.)
Hiring enough cyber experts will prove challenging for the Pentagon. Working for the private sector often pays much more than government service, and the Defense Department is competing over the limited pool of experts with other federal agencies, including the Department of Homeland Security, the CIA and the FBI, Paller said.
The push to build a cybersecurity force is the latest sign that the United States is preparing for a cyber war. The Defense Department has spent months trying to determine what defines an act of war online and when to retaliate in a conflict where bombs are replaced with bytes and the enemy can be difficult to identify. Last fall, Defense Secretary Leon E. Panetta said the United States was facing the possibility of a “cyber-Pearl Harbor,” in which foreign hackers could derail passenger trains, contaminate the water supply or shut down the power grid with the click of a mouse.
“The department recognizes this growing danger and is working with a sense of urgency to put the right policies and structures in place to enable us to carry out our role,” a Pentagon official told the Huffington Post on Monday.
But the United States is not only playing defense. Along with Israel, the U.S.reportedly launched a series of cyber attacks to cripple Iran’s nuclear program.
The Pentagon’s new cyber experts will work to both prevent attacks against the nation’s computer networks and to launch attacks on other countries’ networks,according to the Washington Post. Their jobs would not just involve writing code, but also understanding how to reverse-engineer malware, identify cyber threats and probe computer systems for vulnerabilities, known as “penetration testing,” Paller said. The Pentagon is also looking for people who can disable an enemy’s command-and-control system before a conventional attack takes place, according to the Post.
Other countries — namely China and Russia — are well ahead of the United States in building up their cyber armies. Russia created its first cybersecurity training program in 1995 and has trained “hundreds of thousands” of cyber experts since then, Paller said. In 2005, Tan Dailin, a graduate student at China’s Sichuan University, won several government-sponsored hacking competitions. He was later caught breaking into U.S. Department of Defense networks and stealing thousands of sensitive documents.
Meanwhile, a 2010 report published by the Center for Strategic and International Studies found that “well under 200” people with the cybersecurity skills needed to work for the government were graduating each year in the United States.
“We are way behind,” Paller said.