Another interesting and pleasantly surprising story by Nicole Perlroth of The New York Times. A fascinating portrait of how this nation is trying to shore up its cyber defenses.
If only H2o2 had been focused on helping the US instead of doing what he did on behalf of his foreign masters, he would still be alive . . . in my new novel, 404.
Luring Young Web Warriors Is a U.S. Priority. Itâs Also a Game.
Virginia high school students competed in a digital defense simulation at the Virginia Governorâs Cup Cyber Challenge at George Mason University.
WASHINGTON â In the eighth grade, Arlan Jaska figured out how to write a simple script that could switch his keyboardâs Caps Lock key on and off 6,000 times a minute. When friends werenât looking, he slipped his program onto their computers. It was all fun and games until the program spread to his middle school.
âThey called my parents and told my dad I was hacking their computers,â Mr. Jaska, 17 years old, recalled. He was grounded and got detention. And he is just the type the Department of Homeland Security is looking for.
The secretary of that agency, Janet Napolitano, knows she has a problem that will only worsen. Foreign hackers have been attacking her agencyâs computer systems. They have also been busy trying to siphon the nationâs wealth and steal valuable trade secrets. And they have begun probing the nationâs infrastructure â the power grid, and water and transportation systems.
So she needs her own hackers â 600, the agency estimates. But potential recruits with the right skills have too often been heading for business, and those who do choose government work often go to the National Security Agency, where they work on offensive digital strategies. At Homeland Security, the emphasis is on keeping hackers out, or playing defense.
âWe have to show them how cool and exciting this is,â said Ed Skoudis, one of the nationâs top computer security trainers. âAnd we have to show them that applying these skills to the public sector is important.â
One answer? Start young, and make it a game, even a contest.
This month, Mr. Jaska and his classmate Collin Berman took top spots at the Virginia Governorâs Cup Cyber Challenge, a veritable smackdown of hacking for high school students that was the brainchild of Alan Paller, a security expert, and others in the field.
With military exercises like NetWars, the competition had more the feel of a video game. Mr. Paller helped create the competition, the first in a series, to help Homeland Security, and likens the agencyâs need for hackers to the shortage of fighter pilots during World War II.
The job calls for a certain maverick attitude. âI like to break things,â Mr. Berman, 18, said. âI always want to know, âHow can I change this so it does something else?â â
Itâs a far different pursuit â and a higher-minded one, enlightened hackers will say â than simply defacing Web sites.
âYou want people who ask: How do things work? But the very best ones turn it around,â said Mr. Paller, director of research at the SANS Institute, a computer security training organization.
Itâs no coincidence that the idea of using competitions came, in part, from China, where the Peopleâs Liberation Army runs challenges every spring to identify its next generation of digital warriors.
Tan Dailin, a graduate student, won several of the events in 2005. Soon afterward he put his skills to work and was caught breaking into the Pentagonâs network and sending reams of documents back to servers in China.
âWe have no program like that in the United States â nothing,â Mr. Paller said. âNo one is even teaching this in schools. If we donât solve this problem, weâre in trouble.â
At Northern Virginiaâs acclaimed Thomas Jefferson High School for Science and Technology, which both Mr. Jaska and Mr. Berman attend, there are five computer science teachers, but none focused on security.
When eight students expressed interest in starting a security club, they had to persuade a Raytheon employee to meet with them once a week. (One idea for a name, the Hacking Club, didnât last.
âWe donât want people who are going to go around defacing sites,â Mr. Berman said. They recently rebranded from the Cybersecurity Club to the Computer Security Club. The group dropped the âCyberâ because âit sounds like youâre trying to be cool but youâre not,â clarified Mr. Jaska.)
Mr. Jaska and Mr. Berman heard about the Virginia competition through their school. To qualify, they had to identify bad passwords and clean up security settings â a long way from a Caps Lock program.
Some 700 students from 110 Virginia high schools applied, but only 40, including Mr. Jaska and Mr. Berman, made the cut.
So, three weeks ago, the pair traveled to the Governorâs Cup Cyber Challenge at George Mason University.
There, they found something they rarely encounter in high school â a thriving community of like-minded teenagers, the best and brightest of a highly specialized task.
âFor some of the kids, who tended to be a little bit loners, this was the first time they had a peer group,â Mr. Paller said. âThey were having excited conversations about arcane technical issues â something they never get to do â and their parents exalted in it.â
The students faced the same five-level test that the military uses to test its own security experts. They earned points for cracking passwords, flagging vulnerabilities and breaking into a Web site administratorâs account where, had they changed any settings or defaced a site, they would have been eliminated. Their scores were displayed in real time on a leader board.
After several hours, the winners were announced. A third of the students had made it to Level 3 â a level that Rear Adm. Gib Godwin, chairman of the Governorâs Cup, said typically requires someone with seven to 10 years of experience to achieve. Mr. Jaska won, earning a $5,000 scholarship. Mr. Berman won $1,500 for third place.
The idea for such competitions is nothing new. For years, a hacking conference called DefCon has hosted games like Capture the Flag in which teams earn points for hacking into each otherâs computers. The Air Force started a Cyber Patriot competition in which hackers defend against a âRed Teamâ trying to steal data. And the Defense Department has its own Digital Forensics Challenge. But none of these was meant for high school students.
âThe goal is to create a continuum, similar to the way kids go to junior high, high school, college and get their Ph.D.,â Admiral Godwin said. âWe want to create the same flow for kids in the cyber domain.â
This summer, Mr. Jaska is hoping to be an intern at Northrop Grumman. Mr. Berman is considering an internship at Homeland Security. But Ms. Napolitano still has some convincing to do.
But asked about their dream job, both said they wanted to work in the private sector. âThe problem with going into the government is youâre going to make a lot less,â said Mr. Berman.
âEverythingâs slower, thereâs budget cuts and bureaucracy everywhere and you canât talk about what you do,â Mr. Jaska added. âIt just doesnât seem like as much fun.â
Recent Comments