[Infowarrior] - Contractors Vie for Plum Work, Hacking for the United States
Richard Forno
rforno at infowarrior.org
Sat May 30 20:15:55 UTC 2009
May 31, 2009
Cyberwar
Contractors Vie for Plum Work, Hacking for the United States
By CHRISTOPHER DREW and JOHN MARKOFF
http://www.nytimes.com/2009/05/31/us/31cyber.html?_r=2&partner=rss&emc=rss&pagewanted=print
MELBOURNE, Fla. — The government’s urgent push into cyberwarfare has
set off a rush among the biggest military companies for billions of
dollars in new defense contracts.
The exotic nature of the work, coupled with the deep recession, is
enabling the companies to attract top young talent that once would
have gone to Silicon Valley. And the race to develop weapons that
defend against, or initiate, computer attacks has given rise to
thousands of “hacker soldiers” within the Pentagon who can blend the
new capabilities into the nation’s war planning.
Nearly all of the largest military companies — including Northrop
Grumman, General Dynamics, Lockheed Martin and Raytheon — have major
cyber contracts with the military and intelligence agencies.
The companies have been moving quickly to lock up the relatively small
number of experts with the training and creativity to block the
attacks and design countermeasures. They have been buying smaller
firms, financing academic research and running advertisements for
“cyberninjas” at a time when other industries are shedding workers.
The changes are manifesting themselves in highly classified
laboratories, where computer geeks in their 20s like to joke that they
are hackers with security clearances.
At a Raytheon facility here south of the Kennedy Space Center, a hub
of innovation in an earlier era, rock music blares and empty cans of
Mountain Dew pile up as engineers create tools to protect the
Pentagon’s computers and crack into the networks of countries that
could become adversaries. Prizes like cappuccino machines and stacks
of cash spur them on, and a gong heralds each major breakthrough.
The young engineers represent the new face of a war that President
Obama described Friday as “one of the most serious economic and
national security challenges we face as a nation.” The president said
he would appoint a senior White House official to oversee the nation’s
cybersecurity strategies.
Computer experts say the government is behind the curve in sealing off
its networks from threats that are growing more persistent and
sophisticated, with thousands of intrusions each day from organized
criminals and legions of hackers for nations including Russia and China.
“Everybody’s attacking everybody,” said Scott Chase, a 30-year-old
computer engineer who helps run the Raytheon unit here.
Mr. Chase, who wears his hair in a ponytail, and Terry Gillette, a 53-
year-old former rocket engineer, ran SI Government Solutions before
selling the company to Raytheon last year as the boom in the
military’s cyberoperations accelerated.
The operation — tucked into several unmarked buildings behind an
insurance office and a dentist’s office — is doing some of the most
cutting-edge work, both in identifying weaknesses in Pentagon networks
and in creating weapons for potential attacks.
Daniel D. Allen, who oversees work on intelligence systems for
Northrop Grumman, estimated that federal spending on computer security
now totals $10 billion each year, including classified programs. That
is just a fraction of the government’s spending on weapons systems.
But industry officials expect it to rise rapidly.
The military contractors are now in the enviable position of turning
what they learned out of necessity — protecting the sensitive Pentagon
data that sits on their own computers — into a lucrative business that
could replace some of the revenue lost from cancellations of
conventional weapons systems.
Executives at Lockheed Martin, which has long been the government’s
largest information-technology contractor, also see the demand for
greater computer security spreading to energy and health care agencies
and the rest of the nation’s critical infrastructure. But for now,
most companies remain focused on the national-security arena, where
the hottest efforts involve anticipating how an enemy might attack and
developing the resources to strike back.
Though even the existence of research on cyberweapons was once highly
classified, the Air Force plans this year to award the first publicly
announced contract for developing tools to break into enemy computers.
The companies are also teaming up to build a National Cyber Range, a
model of the Internet for testing advanced techniques.
Military experts said Northrop Grumman and General Dynamics, which
have long been major players in the Pentagon’s security efforts, are
leading the push into offensive cyberwarfare, along with the Raytheon
unit. This involves finding vulnerabilities in other countries’
computer systems and developing software tools to exploit them, either
to steal sensitive information or disable the networks.
Mr. Chase and Mr. Gillette said the Raytheon unit, which has about 100
employees, grew out of a company they started with friends at Florida
Institute of Technology that concentrated on helping software makers
find flaws in their own products. Over the last several years, their
focus shifted to the military and intelligence agencies, which wanted
to use their analytic tools to detect vulnerabilities and intrusions
previously unnoticed.
Like other contractors, the Raytheon teams set up “honey pots,” the
equivalent of sting operations, to lure hackers into digital cul-de-
sacs that mimic Pentagon Web sites. They then capture the attackers’
codes and create defenses for them.
And since most of the world’s computers run on the Windows or the
Linux systems, their work has also provided a growing window into how
to attack foreign networks in any cyberwar.
“It takes a nonconformist to excel at what we do,” said Mr. Gillette,
a tanned surfing aficionado who looks like a 1950s hipster in his T-
shirts with rolled-up sleeves.
The company, which would allow interviews with other employees only on
the condition that their last names not be used because of security
concerns, hired one of its top young workers, Dustin, after he won two
major hacking contests and dropped out of college. “I always approach
it like a game, and it’s been fun,” said Dustin, now 22.
Another engineer, known as Jolly, joined Raytheon in April after
earning a master’s degree in computer security at DePaul University in
Chicago. “You think defense contractors, and you think bureaucracy,
and not necessarily a lot of interesting and challenging projects,” he
said.
The Pentagon’s interest in cyberwarfare has reached “religious
intensity,” said Daniel T. Kuehl, a military historian at the National
Defense University. And the changes carry through to soldiers being
trained to defend and attack computer and wireless networks out on the
battlefield.
That shift can be seen in the remaking of organizations like the
Association of Old Crows, a professional group that includes
contractors and military personnel.
The Old Crows have deep roots in what has long been known as
electronic warfare — the use of radar and radio technologies for
jamming and deception.
But the financing for electronic warfare had slowed recently,
prompting the Old Crows to set up a broader information-operations
branch last year and establish a new trade journal to focus on
cyberwarfare.
The career of Joel Harding, the director of the group’s Information
Operations Institute, exemplifies the increasing role that computing
and the Internet are playing in the military.
A 20-year veteran of military intelligence, Mr. Harding shifted in
1996 into one of the earliest commands that studied government-
sponsored computer hacker programs. After leaving the military, he
took a job as an analyst at SAIC, a large contractor developing
computer applications for military and intelligence agencies.
Mr. Harding estimates that there are now 3,000 to 5,000 information
operations specialists in the military and 50,000 to 70,000 soldiers
involved in general computer operations. Adding specialists in
electronic warfare, deception and other areas could bring the total
number of information operations personnel to as many as 88,700, he
said.
More information about the Infowarrior
mailing list