[Infowarrior] - Uncle Sam Wants You (To Fight Hackers)

[Richard Forno]

April 6, 2010, 12:07AM EST text size: TT
Uncle Sam Wants You (To Fight Hackers)

The U.S. government is stepping up recruitment of engineers who can  
help wage cyberwar
By Rachael King

http://www.businessweek.com/print/technology/content/apr2010/tc2010041_502327.htm
Kyle Osborn does a good job impersonating a technical support rep. On  
a recent day in Southern California, the 19-year-old is working the  
phones, trying to persuade people on the other end to download  
malicious software.

In cybercrime circles, this is called "social engineering," and  
criminals use the tactics to circumvent companies' Internet security  
software by tricking employees to download harmful software or cough  
up passwords. Osborn doesn't look the part of a hacker, with his short  
blond hair, baby face, and glasses. Yet he's persuasive—after a few  
calls, he finds an employee who agrees to download malicious software  
that will open a door into the computer network and let Osborn break in.

In real life, Osborn isn't a cybercriminal; he's a student  
participating in a cyberdefense competition at California State  
Polytechnic University in Pomona, Calif., that drew about 65 students  
from Western colleges. The campus is situated on a former ranch east  
of Los Angeles. Horses and sheep still graze in the pastures.

Boeing (BA) and the Black Hat computer security conference sponsored  
the regional competition, held Mar. 26 to 28. Cisco Sytems (CSCO) and  
Intel (INTC) donated computer equipment. The goal is to help companies  
recruit students who can assist in bolstering their defenses against  
cyberattacks.

Last year Boeing hired seven students who competed in this event, and  
the company hopes to fill a few slots with talent discovered this  
year, too. "It's about [developing] the next generation of  
cyberwarriors to protect the nation," says Alan Greenberg, technical  
director of cyber and information solutions at Boeing.

Boeing employs about 2,000 cybersecurity workers, up from roughly 100  
in 2004. This year, the company may hire 15 to 30 cybersecurity  
workers, Greenberg says.

Not Enough Applicants
Demand for cybersecurity professionals is growing quickly. Government  
and industry executives say they need more cybersecurity employees but  
struggle to find qualified applicants. Just 40% of government hiring  
managers say they're satisfied with the quality of applicants for  
federal cybersecurity jobs, and only 30% are satisfied with the  
number, according to a July 2009 report by Booz Allen Hamilton.

While the government's scholarship program can fill about 120 entry- 
level cybersecurity jobs, the feds need about 1,000 recent grads to  
fill those spots, according to the report.

Together, the U.S. public and private sectors will need about 60,000  
cybersecurity workers in the next three years, says Greenberg. "There  
will be a shortage."

The number of cyberattacks from organized hackers against the computer  
networks of U.S. companies continues to escalate. "Two recent examples  
have highlighted why companies need to work together: the Conficker  
worm and the Google attack," says Melissa Hathaway, a former  
cybersecurity adviser in the Bush and Obama administrations.

Trouble in China
In one particularly high-profile case, the computer systems of Google  
(GOOG) and more than 30 other companies, including Adobe Systems  
(ADBE), were breached by hackers based in China.The incident  
ultimately led Google to redirect its Chinese users to company servers  
in Hong Kong.

In February, security software vendor NetWitness said it had  
discovered that about 2,500 organizations had their PCs recruited into  
a network of spam-sending computers.

At a computer security conference at Stanford University on Mar. 17,  
government and industry officials said theft of intellectual property  
from hacking endangers the U.S. economy. Richard Schaeffer, director  
of information assurance at the intelligence-gathering National  
Security Agency, said during a panel discussion that the U.S. isn't  
taking theft of intellectual property due to hacking "seriously  
enough." Government and industry need to work together to stop it—or  
risk losing economic leadership, Schaeffer said. "It's not something  
we as a nation can afford to lose."

In 2008, chief information officers of 800 companies estimated that  
they had lost $4.6 billion worth of intellectual property due to  
cybercrime and employee theft, according to a January 2009 report from  
security software vendor McAfee (MFE).

Best Weapons: People
Cyberdefense competitions at Cal Poly Pomona and other universities  
are one example of increased public-private cooperation, as recruiters  
scour contestants for the next generation of cybersecurity talent.

Because cyberattacks happen so quickly and attackers can change  
tactics rapidly, experts say the fight often boils down to people  
skills—which side has the best-trained cyberwarriors. "The weapons of  
the next war will be people," says Alan Paller, director of research  
at SANS Institute, a research and educational organization for  
security professionals.

About 85% of critical U.S. infrastructure, including electric utility  
grids, telecommunications networks, and banking systems, are owned by  
private industry, according to the U.S. Homeland Security Dept. That  
means national security is interwoven with private companies' ability  
to protect their digital networks. "We're all playing defense, and  
we're all doing it for shareholder value, for customer value, for  
economic purposes," says John Stewart, Cisco's chief security officer.

The competition at Cal Poly Pomona is a grueling multiday affair. By 7  
p.m. on Mar. 27, the 19th hour of the event, the cases of Red Bull are  
gone, but the teams are still working in an auditorium on campus, some  
operating mock corporate networks, and others trying to infiltrate them.

The winners will go on to a national competition that begins Apr. 16  
in San Antonio. That conference has drawn such corporate sponsors as  
Microsoft (MSFT), McAfee, and Accenture (ACN). A separate government  
talent search, the U.S. Cyber Challenge, aims to find 10,000 young  
cybersecurity workers through a series of national competitions.

Alluring Pay Scales
Starting salaries in Internet security can reach $100,000, says  
Boeing's Greenberg.

Alisha Kloc, 25, began working as a systems security engineer at  
Boeing last year after competing in the 2009 cyberdefense competition  
at Cal Poly and meeting technical director Greenberg. "The competition  
gave me a good feel for how things work in the real world," she says.

Students said knowing that potential employers were watching the  
conference gave them extra incentive to perform. "We took this very  
seriously," says David Hunter, a member of the winning team from Cal  
Poly Pomona.

Osborn says it's his dream to work in the cybersecurity field. He  
spends evenings and weekends learning what he can on his own. "I've  
been doing this since I was 14," he says. At the end of the  
conference, two people approached him about jobs.

It's another small step in the hunt for fresh talent to bolster the  
nation's computer security defenses.

King is a writer for Bloomberg BusinessWeek in San Francisco.