Time.com March 18, 2010
By Mark Thompson, Washington
“More than 100 foreign intelligence organizations are trying to hack into U.S. systems,” Deputy Defense Secretary William Lynn warned last month. “Some governments already have the capacity to disrupt elements of the U.S. information infrastructure.” So the Pentagon recently modified its regulations to allow military computer experts to be trained in computer hacking, gaining designation as “certified ethical hackers.” They’ll join more than 20,000 such good-guy hackers around the world who have earned that recognition since 2003 from the private International Council of E-Commerce Consultants (also known as the EC-Council).
Phi Beta Iota: The Pentagon continues to disappoint. In 1994 we told Marty Harris he needed to invest $1 billion a year in cyber-security, and we opened Hackers on Planet Earth (HOPE) calling for the government to embrace the US self-taught hackers. Today 16 years later, the Pentagon still does not get it. The industry certified “good guy” hackers are chimeras on multiple levels. First, hackers are self-made and this is not something that can be taught–like native language speakers of the 183 languages the Pentagon still does not speak, hackers are free spirits. Second, hackers are by definition ethical and good-guys, to try to distinguish government hackers as being different from real hackers demonstrates an ignorance that is profound. Commercially-certified “hacker” courses are a contradiction in philosophy, practice, and outcome. Third, the Pentagon is about to spend $12 billion a year on vapor-ware, and the Secretary of Defense and his minions appear completely oblivious to the fact that the best defense is rock solid code, and that there are exactly 63 people in the USA qualified and engaged in deep code research, only 12 of them focused on defensive code. In short, the Pentagon is retarded–by about 16 years on average. First on Open Source Intelligence (OSINT) from 1988, then on cyber-security from 1994, and still to come, on multinational information-sharing and sense-making from 2004 (only five years ago, but on their present path, the Pentagon will not “get” this either until 2025). Hard to win wars when you fight stupid from the inside. Newsflash for the Pentagon: the real hackers are meeting again in July, they are now adults with baby and children hackers, you can still make nice–show up in force, treat them as civil affairs assets not as intelligence assets, and everything will be fine. Or not.
By the way, external threats are less than 10% of the problem. The below graphic from Mich Kabay still applies. The failure to be responsible on the inside is vastly more costly to the taxpayer than any possible combination of attacks from the outside. One word fixes everything: INTEGRITY.