Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Bug The Military

DARPA Training Cadets and Midshipmen As Cyber Warriors 65

Posted by Unknown Lamer
from the reverse-engineering-is-acrime dept.
An anonymous reader writes "DARPA officials say the Defense Department must train 4,000 cybersecurity experts by 2017. Meeting that goal requires building a pipeline for training and education, especially for future officers who'll oversee protection of the cyber domain. During a winter weekend in Pittsburgh, more than 50 cadets and midshipmen from three service academies sat elbow to elbow at nine round tables in a packed room. They'd been training since November to compete in a pilot program of the Defense Advanced Research Projects Agency called the Service Academy Cyber Stakes. From the article: 'This involves skills such as being able to reverse engineer binary, or machine-readable, files and, Ragsdale said, finding source-code-level vulnerabilities that could be exploited, and doing so with software source-level analysis and with automated tools that perform functions such as fuzzing, the informal name for automatic bug finding."
This discussion has been archived. No new comments can be posted.

DARPA Training Cadets and Midshipmen As Cyber Warriors

Comments Filter:
  • or future officers?
    • by tomhath (637240)
      Those are not mutually exclusive, if that's what you're asking.
      • by khasim (1285) <brandioch.conner@gmail.com> on Monday February 17, 2014 @08:27PM (#46272417)

        While not mutually exclusive, they are not convergent in training.

        So you cannot, usually, take the average military academy cadet and include some programming classes and some network security classes and expect to get an officer who is competent in computer security.

        The exceptions being those cadets who were already programming while they were in high school (or earlier).

        The problem with those early programmers is that they were immature kids back then so many of them will be excluded from the academies because of broken laws or group associations.

        • by feedayeen (1322473) on Monday February 17, 2014 @09:53PM (#46272945)

          We need to kill the dumbass myth that the best programmers started when they're in diapers. The exception isn't the kid who've been making simple games for the last 6 years before academy or college, that's simply a kid who has 6 years more experience with loops, conditionals, and a handful of calls that can draw sprites onto the screen. A good student should be able to understand and properly apply those concepts in a few months and now their at the same level here. A great student is one who knows how to learn things that have not been taught to him. While the kid who taught himself programming in middle-school has this attribute, he's not the only one in the world who does.

          • by khasim (1285)

            We need to kill the dumbass myth that the best programmers started when they're in diapers.

            They didn't start "in diapers". They are the ones that have put a couple thousand hours in already.

            A good student should be able to understand and properly apply those concepts in a few months and now their at the same level here.

            I think that the easiest counter to that is the Linux kernel and the people who have been working on that for more than a two decades.

            There is no way that someone with "a few months" of class

          • We need to kill the dumbass myth that the best programmers started when they're in diapers.

            You aren't going to kill that myth until you can beat the kid who grew up programming. I think anyone can become competent. But the people who push boundaries are naturally curious at a young age. Those people who reverse engineered their computer games. People like Steve Wozniak for instance -- he didn't learn most of what he knows in schools. He was hacking cable boxes and tricking long distance dial tones.

            Especially when it comes to cyber security. A person has to get down and not take for granted what s

        • The US military academies are engineering schools (though they offer other majors as well) and ROTC cadets are also often science or engineering majors. I don't think that achieving a reasonable level of effectiveness over four years is that big of a hurdle, especially if there is follow-on training either over the summers or after graduation.

        • That was my first thought. The truly great hackers and programmers are going to be people who have been poking sticks into electronics since they were kids.

          Sure, someone who can read binary and train and do what they are wanting them to learn can get much better -- but that will be a few thousand people covering the same skills as the instructor -- what you want is people who are looking at things nobody else is looking at. 4,000 people who can find the same exploit is 3,999 to many.

          On the plus side, this m

        • What you said is probably true for the *average* cadet or midshipman. However, I'm assuming this was a volunteer competition, thus the competitors likely skewed toward the technical majors. It appears that at least Annapolis has a CS curriculum.

          I'd recommend DARPA expand the scope of this competition to ROTC cadets and middies. There are plenty of top-tier CS schools that either host an ROTC unit (e.g. Berkeley) or have a cross-campus agreement with one (e.g. Stanford).

          Some obvious problems with any appr

  • by ark1 (873448) on Monday February 17, 2014 @08:19PM (#46272361)
    I hope they will offer pay equivalent to the skill level they seek.
    • by Guppy06 (410832)

      By being in a federal academy, their pay is "free college" and they are expected to put in a number of years of service after graduation because of it.

      • by dave562 (969951)

        Before they then rotate out into the private sector and start making the big bucks.

        • Exactly. I ended up working for the airforce as an intern (civilian contractor) during my college years, studying computer science. I learned more on the job than my years in school and with the references and resume builder to boot. I left with the experience and credentials to enter the private sector with a huge advantage over other new graduates. I would highly recommend the same path to any young person.

    • by Anonymous Coward

      A H-1B with a full CCIE will work for $16,000 a year and be damn happy with that salary. That is not a good thing to hope for...

    • by AmiMoJo (196126) *

      I imagine a lot of people will be signing up so they can get military grade training and then after a few years move into a well paid private sector job,

  • by MindPrison (864299) on Monday February 17, 2014 @08:41PM (#46272503) Journal
    For the same reasons you won't find real hackers in the police force, you won't find them anytime soon in the military either. The best hackers don't do it for political reasons, they do it because they enjoy a challenge. Generally, hackers tend to hate warmongers AFAIK.

    I've never ever encountered a REAL knowledgeable hacker in the police force, not even in their cybercrime division. This is due to the fact that most of them, are schoolboys who have a degree in computer science & programming...unfortunately - the most difficult stuff, can't be taught in classes, this comes from YEARS of actual real-life practice and experience.

    I do believe NSA have some serious badboys working for them however, but these are probably semi-skilled hackers who bragged too much, made a few mistakes - and are held captive by their own past. But you'll never ever find the best ones, because they don't brag about their achievements.
    • I've never ever encountered a REAL knowledgeable hacker in the police force, not even in their cybercrime division. This is due to the fact that most of them, are schoolboys who have a degree in computer science & programming...unfortunately - the most difficult stuff, can't be taught in classes, this comes from YEARS of actual real-life practice and experience.

      And there it is, and why the civilian force will always be ahead of the curve.

    • Look at the sock puppets we get on slashdot :)
      Pentagon Spokesman: Public Affairs Must Change With Times (Jul. 25, 2013)
      http://www.defense.gov/News/Ne... [defense.gov]
      "We must communicate with the American public in crisp and memorable lines that deliver a clear and accurate message,”"
      Expect to see a lot of hints of new options to shape the flow of information and public opinion in the next few years.
      Blocking select servers, the turning of online activists into "busy work" or traps
      "Jeremy Hammond: FBI dire
    • For the same reasons you won't find real hackers in the police force, you won't find them anytime soon in the military either.

      The first problem is that their recruitment/training policies aren't designed for that.

      Stephen Hawking would have difficult time being accepted to any military academy.

      I do believe NSA have some serious badboys working for them however, but these are probably semi-skilled hackers who bragged too much, made a few mistakes - and are held captive by their own past.

      The NSA does not discr

      • Agree, two of the main things that get into conflict, in having goverment cyberwarriors, are mindset & physical fitness.

        Even than the goverment could built a goverment a desk job cyber unit, sooner, or later, may need a cyberwarrior unit, where people does know how to hack a network, run some miles carring 40 lbs, and, so on, Geek soldiers, that does do geek stuff, and does do military stuff, at the same time (not just playing Medal of Honor video games).

        As a geek whom got interested in the military, ca

    • by tomhath (637240)
      However, it appears that the NSA (and presumably other three-letter agencies) are pretty good at it.
    • I personally disagree on matching "Hacker equals Good Programmer", there are several things that may match, while others don't.

      I consider myself a good programmer, I hate the hacker stereotype, yet, I constantly get labeled as a Hacker, even, if I have never cracked a password, and never enter on a network, or any of that kind of stuff.

      But, I agree than both hackers & bright programmers, require certains skills that a Collegue or University, cannot provide. And the "out of the box" or "Daredevil" mental

  • It is good to see that they are teaching them real subject matter, like binary disassembly and source code analysis. When I first read the headline, I was afraid that they were just turning out script kiddies.

    • by ark1 (873448)
      Historically, the military in many areas is not far from script kiddies if you think about it. Private sector creates weapons, the military points and pulls the trigger. Good to see them training in what is definitely not easy to learn (reversing/crypto).
  • Really? Now we're surprised that part of a college Comp Sci degree at a military academy includes training in military applications of coding?

    I've got a hot tip for you: they also teach them to shoot guns in college. I know - fucking insane, isn't it? It's like there's a whole secret government department that does nothing but think up ways to kill and disable people and infrastructure! Except, you know, it's not really secret.

  • Or... they could just not build insecure systems directly connected to the internet?

    Ok, ok, I know that nothing is ever totally safe and the Natanz reactor in Iran was hacked without being connected to the internet but surely, better design, better systems management and better monitoring, etc, would reduce the need for such an astronomical number of heads, just sitting in a chair all day watching logs or looking for bugs in code? And you can be quite sure some idiot will still run an out of date flash or
  • by king neckbeard (1801738) on Monday February 17, 2014 @10:48PM (#46273223)
    Why not focus those efforts on helping secure platforms from those same techniques? You know, so we can help avoid the next Target debacle and the economic damages that come with it. I know it's not as sexy, but it will be better for everyone.
  • A bit Enders Game feeling to this...

  • Please stop with the 'cyber' shit. It's already difficult enough to take you seriously without your use of this nonsensical prefix for all things computer and network related.

  • MCITP Training, Online CCIE Training, Online Ethical Hacking Training, Online CCNP Training, Online MCSE Training, Online CCNA Training, Online Linux Training, Online Cisco Training, Online VMware Training and more offered by Zoom Technologies by highly proficient CISCO certified experts - Hyderabad, India. Visit http://zoomgroup.com/ [zoomgroup.com]

If you're not careful, you're going to catch something.

Working...