'Hackers wanted' ad fed security misconception
I should never be surprised at things related to government security efforts, but I did think the concept of hiring hackers was pretty much dead in government circles. Then comes the recent headline, " U.S. Looks to Hackers to Protect Cyber Networks." Frankly, I think it set the security profession back at least three years.
The story, widely quoted throughout the U.S. and the world, makes people think that hackers are superior to the best security professionals. Now, admittedly, recent stories have made it appear that the government's security efforts are poor at best. We've had foreign intelligence agencies infiltrating the power grid, and The Wall Street Journal recently reported that the F-35 designs have been hacked for years. All of that is something to ponder. But hiring hackers to fix security breaches? Hackers are not security experts. A recent, and most telling, survey from Verizon basically found that hackers' skills reside in the ability to exploit very basic mistakes on the part of their victims.
Some people will contend that this is all a misunderstanding, because "hackers" are not computer criminals by definition. Criminals are "crackers," they will point out. Others will say that the story used the word "hackers" for sensationalist purposes and that the workers actually being sought were people to perform professional penetration tests. There's some truth to that argument, but there's no mistaking the article's implication that hackers are criminals. To quote from the introduction, "Federal authorities are looking for hackers -- not to prosecute them, but to pay them to secure the nation's networks."
It's one thing for moronic CEOs of small companies such as exqSoft Solutions to hire the Twitter hacker for the publicity, but the U.S. government and General Dynamics, its proxy in this case, should know better. And it could be that this ad was just a misstep. But it was a misstep with unfortunate consequences.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Methinks he doth protest too much
Look,Misnomers aside, the government systems and military systems that I have come in contact with have not been "best of the best" in security proficiency. Working for IBM in the S&P practice we often would come in and root systems, networks, etc, and much of the time we could is because the security "professionals" if they had any on site, were not worth their weight in salt.
So, yes, the GD ad took the word "hacker" but really, anyone in the know knows that they would NOT hire a convicted hacker nor would they be hiring just some schlub off the internet wo says he has cred. Most often I think this ad would be for someone who has TS/S credentials or can be cleared before going to work for the GD machine.
You are arguing with a fallacy of naming conventions. Yes, GD would like professionals who can "hack" or rather be a part of a "red team" that they have on site. So in a way, they want hackers... Not crackers... Not "security specialists"
Get over it.. What is plainly needed is a real approach to securing those networks and not just covering things up and hoping that their head in the sand will make all the bad men go away.