[Infowarrior] - US Looks to Hackers to Protect Cyber Networks

Richard Forno rforno at infowarrior.org
Sat Apr 18 12:12:40 UTC 2009 

US Looks to Hackers to Protect Cyber Networks
By THE ASSOCIATED PRESS
Published: April 18, 2009

Filed at 4:34 a.m. ET

http://www.nytimes.com/aponline/2009/04/18/business/AP-US-Cyber-Security.html?_r=2

WASHINGTON (AP) -- Wanted: Computer hackers.

Buffeted by millions of digital scans and attacks each day, federal  
authorities are looking for hackers -- not to prosecute them, but to  
pay them to secure the nation's networks.

General Dynamics Information Technology put out an ad last month on  
behalf of the Homeland Security Department seeking someone who could  
''think like the bad guy.'' Applicants, it said, must understand  
hackers' tools and tactics and be able to analyze Internet traffic and  
identify vulnerabilities in the federal systems.

And in the Pentagon's budget request submitted last week, Defense  
Secretary Robert Gates hung out his own help-wanted sign, saying the  
Pentagon will increase the number of cyber experts it can train each  
year from 80 to 250 by 2011.

Amid dire warnings that the U.S. is ill-prepared for a cyber attack,  
the White House conducted a 60-day study of how the government can  
better manage and use technology to protect everything from the  
nation's electrical grid and stock markets to tax data, airline flight  
systems, and nuclear launch codes.

President Barack Obama appointed former Bush administration aide  
Melissa Hathaway to head the effort, and her report was delivered  
Friday, the White House said.

While the country had detailed plans for floods, fires or errant  
planes drifting into protected airspace, there is no similar response  
etched out for a major computer attack.

David Powner, director of technology issues for the Government  
Accountability Office, told Congress last month that the U.S. has no  
recovery plan for a digital disaster.

''We're clearly not as prepared as we should be,'' he said.

The U.S., administration officials say, has not kept pace with  
technological innovations needed to protect its computer networks  
against emerging threats from hackers, criminals or other nations  
looking for national security secrets.

U.S. computer networks, including those at the Pentagon and other  
federal agencies, are under persistent attack, ranging from nuisance  
hacking to more nefarious assaults, possibly from other nations, such  
as China. Industry leaders told Congress during a recent hearing that  
law enforcement and other protections are too outdated to fend off  
threats from criminals, terrorists and unfriendly foreign nations.

Just last week, a former government official revealed that spies had  
hacked into the U.S. electric grid and left behind computer programs  
that would let them disrupt service. The intrusions were discovered  
after electric companies gave the government permission to audit their  
systems, said the ex-official, who was not authorized to discuss the  
matter and spoke on condition of anonymity.

Cyber threats are also included as a key potential national security  
risk outlined in a classified report put together by Adm. Mike Mullen,  
chairman of the Joint Chiefs of Staff. And Pentagon officials say they  
spent more than $100 million in the last six months responding to and  
repairing damage from cyber attacks and other computer network problems.

Nadia Short, vice president at General Dynamics Advanced Information  
Systems, said the job posting for ethical hackers fills a critical  
need for the federal government.

The analysts keep constant watch on the government networks as part of  
a surveillance programs called Einstein that was initiated by the Bush  
administration under the U.S. Computer Emergency Readiness Team. US- 
CERT is a partnership of the Homeland Security Department, other  
public agencies and private companies. The Einstein program is an  
automated process for collecting and sharing security information.

Short said the $60 million, four-year contract with US-CERT uses the  
so-called ethical hackers to analyze threats to the government's  
computer systems and develop ways to reduce vulnerabilities.

Faced with such cyber challenges, Obama ordered the 60-day review to  
examine how federal agencies manage and protect their massive amounts  
of data and what the government's role should be in guarding the vast  
networks that control the country's vital utilities and infrastructure.

Over the past two months, Hathaway met with hundreds of industry  
leaders, Capitol Hill staff and other experts, seeking guidance on  
what the federal government's role should be in protecting information  
networks against an attack. And she sought recommendations on how  
officials should define and report cyber incidents and attacks; how  
the government should structure its cyber oversight and how the nation  
can increase security without stifling innovation.

A task force of technology giants, including representatives from  
General Dynamics, IBM, Lockheed Martin and Hewlett-Packard Co. urged  
the administration to establish a White House-level official to lead  
cyber efforts and to develop ways to share information on problems  
more quickly with the private sector.

The administration has struggled with the basics, such as who should  
control the nation's cyberspace programs. There appears to be some  
agreement now that the White House should coordinate the overall  
effort, rejecting suggestions that the National Security Agency take  
it on -- a plan that triggered protests on Capitol Hill and from civil  
liberties groups worried about giving such control to U.S. spy agencies.

More information about the Infowarrior mailing list