[ISN] To Battle Computer Hackers, the Pentagon Trains Its Own

From: InfoSec News <alerts_at_private>
Date: Fri, 19 Mar 2010 00:14:55 -0600 (CST)

By Mark Thompson 
March 18, 2010

After years of building firewalls and other defenses against relentless 
hacker attacks, the Pentagon is going over to the dark side of computer 
warfare. But ethically, of course. The Defense Department, like most 
other large organizations, has recognized that no wall is high enough to 
keep out skilled and determined hackers for keeps. Instead, it has 
decided that in order to anticipate and thwart attacks, it needs to know 
what the hackers know.

"More than 100 foreign intelligence organizations are trying to hack 
into U.S. systems," Deputy Defense Secretary William Lynn warned last 
month. "Some governments already have the capacity to disrupt elements 
of the U.S. information infrastructure." So the Pentagon recently 
modified its regulations to allow military computer experts to be 
trained in computer hacking, gaining the designation "certified ethical 
hackers." They'll join more than 20,000 other such good-guy hackers 
around the world who have earned that recognition since 2003 from the 
private International Council of E-Commerce Consultants (also known as 
the EC-Council).

"We are creating cyber-bodyguards," says Sanjay Bavisi, president of the 
council. "We're not creating combat people." But as the world becomes 
increasingly interconnected via the Internet, the stakes have become too 
high to rely on static defenses alone to protect the immense flows of 
vital information that operate the world's financial, medical, 
governmental and infrastructure systems. "The bad guys already have the 
hacking technologies," Bavisi says. "We can say, 'Tough luck. The bad 
guys play by different rules, and you can't do anything about it, so 
just go lock your doors.' Or we can tell the good guys, 'We will arm you 
with the same knowledge as the bad guys, because to defeat the hacker 
you need to be able to think like one.'"

Bavisi and the Pentagon are sensitive to the possibility that the 
tactics taught could be used for other purposes. "We're not training 
Department of Defense guys to become hackers and start hacking into 
China or any other countries," he says. Weeklong courses will train them 
in 150 hacking techniques and technologies, ranging from viruses, worms, 
sniffers and phishing to cyberwarfare. The cost of the course ranges 
from $450 to $2,500, depending on the training involved.


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Thu Mar 18 2010 - 23:14:55 PDT

This archive was generated by hypermail 2.2.0 : Thu Mar 18 2010 - 23:26:10 PDT