Cyberwarrior Shortage Threatens US Security 394
An anonymous reader writes "US security officials say the country's cyberdefenses are not up to the challenge. In part, it's due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries. The protection of US computer systems essentially requires an army of cyberwarriors, but the recruitment of that force is suffering. 'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."
waves (Score:1, Interesting)
and yo know if you had not of tricked those two russians into the usa and hten arrested them....you might just not have this issue
2002 onwards
united hackers association
CHRoNoSS
( offered loads a jobs in usa but after the Russian incident will never go to the usa again )
Funny how.. (Score:4, Interesting)
Yet we have sufficiently bright people who can create a system that rapes the stock market.
Maybe this man's ideas are misplaced... (Score:3, Interesting)
'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."
I wonder whether this gentleman has thought about the idea that his "national security objectives" cannot be achieved by computer science at all. In other words, those objectives are misplaced...simply put.
Could I be right?
Re:Stupid tags (Score:5, Interesting)
I'm not allowed to tag stories, but the moron who managed to misspell "cyberwarfare" as "cyberwarefare" is free and clear, huh? Nice job, Slashdot.
I can't seem to tag stories either and I have no idea why. I can add a tag and it appears to work, but I have never once refreshed the Slashdot main page and seen any tag I have applied. That is, they seem to just go straight to /dev/null. Tags I try to apply do seem to show up on my user page, however.
Re:Funny how.. (Score:5, Interesting)
Why do you rob banks, Mr. Sutton?
That's where the money is.
A bad deal (Score:5, Interesting)
The federal government has a habit of imposing soul-crushing bureaucracies on its workers.
Probably only a very small fraction of citizens are talented and inclined to do cyberwarfare and are willing to put up with the bureaucracy.
Shortages (Score:5, Interesting)
I'd believe in stuff like
1. Shortages of people who patch their systems
2. Shortages of companies who are willing to pay security specialists a decent wage
3. Shortages of CTO's willing to pay for migration away from IE6 to something standards-compliant
4. Shortages of armed services who'd take overweight computer professionals over 30
5. The tooth fairy
6. Unicorns
But a shortage of cyberwarriors? That seems a bit far fetched.
Re:Duh, they are in jail. (Score:4, Interesting)
I'm here in Canada - and I've tested the waters on controversial legal issues with computers - and I've considered going into the definately illegal waters just to see what would happen with the law.
There was a case a long while back where a high schooler in Montreal or somewhere in the East Coast of the United States (I heard the story second hand from someone so I'm sketchy on the details) where he basically set up a botnet, and then to test it out he had it perform a DOS attack while he was at school, I think he ended up taking down CNN.com or Yahoo for a bit or something.
Anyways, they hauled him off to juvee or some low security prison for a few years, and when he got out he was hired almost immediately for a security specialist job. (I believe at one of the websites he took down)
I'd try it myself but I'm too old to go to Juvee...
Working for the goverment blows (Score:5, Interesting)
People who are typically drawn to computers are often not very good canidates for the military lifestyle. And to become good at Securing systems or hacking them.. you need be breath, eat and sleep computers (especially hacking them).
Hacking skills are not taught in schools and working for the goverment pays c@rp.. why would someone who spent years developing highly saught after skills work for the latest cyberwarfare agency when they could make big bucks in the private sector.
There are plenty of highly skilled security folks out there "Defend the nation" to. I dont see any real recruitment efforts going on that are worth while.
Poor Recruiting (Score:3, Interesting)
Where are the recruiting posters, TV spots, and in-game adverts? I know the Marines and Army are looking. Where the heck does one sign up for cyber-warrior boot camp? What's the web site, email address or 1-800 number? Even the article leaves out that information. What a missed opportunity.
Hint: hire a marketing team first.
Re:Duh, they are in jail. (Score:3, Interesting)
You need to read Where Have All The Hackers Gone [blogspot.com]. The guy who wrote it got a bronze Olympic medal returned to the US with a Google search. Worth reading.
Working on the wrong tasks (Score:2, Interesting)
Re:H1b? (Score:2, Interesting)
Gee, why don't we just outsource the entire military, including the pentagon? In fact, let's outsource everything so we can just sit and munch Chitos all day? Of course we could treat people with respect, you know, like their rights, and maybe they'll come looking for the job.
Re:Stupid tags (Score:3, Interesting)
For me, in both FF and IE, the tag interface is simply static, I can't even try to add a tag. If I log out and clear my cookies (on either browser) the interface starts working again, and I can even post a tag if I carefully use the interface to add a tag and *then* log in as it prompts me to do so... and it will become a tag that appears on the main page.
I have to think this is some sort of poorly implemented tag-ban, as I used to be able to (and did) tag stories up until a few months ago.
Not enough incentive (Score:2, Interesting)
Re:Duh, they are in jail. (Score:3, Interesting)
This is a pitfall of democracy. The great majority of voters are unimaginative, and will gladly trade ingenuity (which they don't possess) for perceived safety.
And it becomes even worse in a litigation-based society, where companies and individuals don't dare to take risks, lest they be sued into oblivion.
So yes, we breed and reward mediocrity.
That said, the US government also excludes people by discrimination:
If you're too old, they don't want you (the age limit for joining the bureau is 37, IIRC)
If you have physical handicaps or just plain bad health, they don't want you.
If you have an undesired sexual orientation and backbone enough not to hide it, they don't want you.
If you have an arrest record (not even convicted, but arrested!), you fail security clearance, and they don't want you
If you've been a member of or have associated with members of a communist party, you also fail security clearance, and they don't want you
If you won't pledge an oath of allegiance (e.g. for religious reasons, or refuse to commit perjury), they don't want you.
If you want more money than half of what the private sectors pays, they don't want you
It's not easy to get into the airforce. (Score:3, Interesting)
In fact getting into the military is very difficult right now precisely because there is no shortage of people trying to enlist. So to tell people to enlist or talk to a recruiter is not that simple. Also most hackers probably wear glasses or have other issues which will completely rule them out from the military service. So unless the military somehow makes exceptions, the vast majority of hackers just aren't going to get accepted into the army nevermind the airforce.
USA jobs? That's useless as well. Unless they are lucky enough to come from a military family and be born with top secret clearance, they aren't going to have top secret clearance and without that they wont be hired for the vast majority of jobs at USAjobs. On top of that, veterans have preference at USAjobs so even if the job does not require clearance if someone is a veteran they'll be chosen for the job instead. On top of all of this there is no shortage of people trying to get jjobs on USA jobs. So there is a very slim possibility of getting a job from USA jobs and probably not worth the time of applying unless you want to take a gamble.
This story is a crock (Score:3, Interesting)
This story is the biggest bunch of BS.
I listened to this story on NPR. Instead of actually relying on hard data, the reporter simply found someone who estimated there are only 1,000 qualified "cyber" professionals in the US. The source presented no hard data, just a gut feel that there aren't enough people. This figure is about as well-sourced as the claim (often repeated) that the underground malware economy is bigger than the market for illegal drugs.
Meanwhile, instead of calling outside the beltway, NPR also called up Alan Paller, the head of the SANS Institute, who parroted the same line. How Paller can say that there are less than 1,000 qualified security professionals with a straight face is beyond me. SANS claims to have trained over 150,000 people. Does that mean that 99% of their "graduates" are therefore unqualified?
The worst part about this is that NPR did not even bother to disclose Paller's blatant conflict of interest. Contrary to popular belief, SANS is NOT a non-profit. It's in business to make a buck. I can't think of a better way to plump up the attendance rolls than to manufacture scare stories about "shortages" of professionals.
I've got no real issues with Paller other than the fact that he's just another garden-variety huckster. I've got a bigger problem with NPR, who was just plain sloppy.
Re:Jail time? (Score:3, Interesting)
I agree completely. However, this [slashdot.org] student was suspended for creating a way around that piece of crap known as CCA, which is not illegal in any way though it may be against university policy. This [slashdot.org] student was arrested and faced 10 years in jail for offering to modify the hardware his friends owned for money (yes the modification was illegal, but that in no way means it was unethical or wrong). This [slashdot.org] student was charged with a couple of felonies for finding and reporting an unsecured file on the school network that included several pieces of private information, which is not illegal.
It's not about the laws; it's about this attitude some people have that computers are witchcraft (which is what I was alluding to in my post), and anyone who has any power over the computer that they don't understand should be shut down as hard as possible. We should nurture curiosity and exploration in all their forms, not ban them - even if it means accepting responsibility for not know what the hell you're doing with computers.
Re:Culture (Score:2, Interesting)
That's pretty funny, you used the words, 'work' and 'government job' in the same sentence.
Years ago, a friend of mine got a civie job at a heavily secured military base. The pay was good, (better than mine) and he had full benefits. He had to pass a background check, drug check and a lie detector just to get the required security clearance. He bragged to me, "Man this is some intense (stuff) I'm getting into" and I'll admit I was a bit envious.
Once he got there he found out what the job entailed:
At 0800 he went to the motor pool and requisitioned a hand cart, which he pushed to the supply depot. There, he signed for 3 boxes of white, 5000 page, continuous form, tractor-feed printer paper, which he carted to secured building 'A'.
At the door, his clearance was checked, the boxes inspected to ensure they actually contained paper, and then he was escorted to a heaviliy secured, windowless room by two Marines; one wearing a sidearm, the other brandishing an M-16. (I should mention that none of the marines had any rank insignia.)
The guards at the door let them in and he proceeded to replace the paper in the three printers in the room. After each change, he was required to press the button to print a single test page (ABCDEF...12345... etc.) and pass it to the sidearm-wearing Marine.
The Marine would inspect the page, apparently checking that the margins hadn't been messed with and then the page was shredded on the spot.
He did this for each printer and when finished, he was escorted back to the entrance, where he was signed out of the building.
At this point, he was supposed to take the three (unused, mind you) boxes of paper he had just replaced to the secure document destruction building, dump them down a chute, and go pick up three new boxes of paper to be taken to building 'B', where the same proccess was followed. And then do the same for buildings 'C' and 'D'.
That was his entire morning shift and his afternoon shift was exactly the same. Changing printer paper, five days a week.
He soon figured out that none of these printers ever printed anything except the test pages. He marked the edge of the top page with his thumbnail when he installed the paper and the next time he went in to replace it, there was the mark, right where he had left it.
No one at the supply depot was cleared to know what he was doing so they had no idea how many boxes of paper he was supposed to be getting each day, only that if he asked for paper, they were to give it to him.
So he started taking the 'used' boxes of paper from building 'A' and installing them in building 'B', 'B' to 'C', 'C' to 'D' and then he'd stop over at the commisary for coffee and a snack and watch TV. As well as chat with other civie contractors, flirt with the gals behind the counter, shoot some pool or play video games (all free) and then have lunch.
At 1300, (he wasn't allowed to start earlier) he'd take his cart of 'used' paper from building 'D' to building 'A' to start the whole process over again.
After he finished with the second paper change at 'D' he'd take the three practically unused boxes to the shredder building, return the cart to the motor pool and go home, at least 2 hours early every day!
He did this for nearly eight years and ended up buying a Corvette with all the money he made. But his IT skills were nearly useless by the time he left there and he had to go back to school to get back up to speed before he could get another job.
Your military tax dollars at work.