by Constantine von Hoffman

U.S. Admits Its Cyber Security Sucks and Hopes White Hat Hackers Will Ride to Its Aid

Nov 08, 20112 mins
CybercrimeData and Information SecurityEncryption

DARPA seeks expert public help to blunt attacks from Russia, China and others

US government seeks help from white hat hackers
Last week, the government admitted that China and Russia have ongoing, aggressive cyber-spying efforts against the U.S. This week DARPA admitted it doesn’t have the expertise to stop them. So it is asking (a select group of) the public for help.

I can’t believe anyone was surprised when the report fingering  Moscow and Beijing was put out by Office of the National Counterintelligence Executive (that’s a long way to go for an acronym of ONCE).

“Chinese actors are the world’s most active and persistent perpetrators of economic espionage. Russia’s intelligence services are conducting a range of activities to collect economic information and technology from U.S. targets.”

Also not surprising: China’s denial.

What was surprising was DARPA’s willingness to publicly ask for help in dealing with this process. That came at yesterday’s “Colloquium on Future Directions in Cyber Security.” The event brought together about 700 experts from the white hat hacker community, academia, labs, non-profits and for-profits whom the agency hopes will work with it and the defense and intelligence communities. Some of those experts will be tapped to join a team of experts to combat online threats. (But will the new group’s jackets be as cool as those given out by The Internet Storm Center? I doubt it.)

According to DARPA director Regina Dugan, the agency wants to be able to set policies which anticipate threats, not just respond to them. She also wants the ability to react immediately when threats appear. This would involve “the efforts of technical experts at unprecedented levels, including at the development of policy and legal frameworks … on timescales that correspond with the dynamic nature of advances in cyberspace.” In other words, she wants to go boldly where no bureaucracy has gone before.

Because cyber security is hot right now, the agency is likely to get increased funding even in a time of budget cuts. Even so, it still won’t be able to match private sector pay. Instead it is going to have to rely on two things to bring geeks on-board: Patriotism and the chance to be on the front lines of real cyber wars.