With the saying, “If you can’t beat them, hire them,” used consistently in the US government and military forces, Uncle Sam is once again looking for a few good hackers. Many of the FBI, CIA, and NSA technical analysts receive job offers from the government because they are the cream of the crop when it comes to cyber security. They are the hackers who beat the government at their own security game, and rather than be arrested, they accept the offers.
Now, the Defense Advanced Research Projects Agency (DARPA), one of the groups that helped create the internet and the military’s branch for technology research, has introduced a new program called “Cyber Fast Track” to fund research into alternative solutions from smaller organizations for the nation’s cyber security. These government-funded groups could include anything from startups to hackers and anyone in-between.
Former L0pht Hacker to Help
Peiter "Mudge" Zatko, a program manager at DARPA and former hacker, stated approximately a year ago when he took the position, "I want revolutionary changes. I don't want evolutionary ones." Cyber Fast Track appears to be just that, a revolutionary change. Zatko was once affiliated with the hacker collective “L0pht” from Boston, which had testified to the Senate in 1998 that it could shut down the Internet in 30 minutes.
Zatko stated, "Since the early '80s there has been some contingent of cyber researchers and hobbyists operating in low-budget settings," and that using limited resources "forces them to be extremely creative.” He noted that it is "really painful" for small organizations to participate with the government because it has been "set up for multimillion-dollar, multiyear-long efforts."
Cyber Fast Track
Cyber Fast Track will compensate researchers for work done in "a matter of months and at a small price tag." Traditional research institutions would not be excluded, but the program would support more “under the radar” work that the government has been noticing. The aim of this new program is to implement cyber security projects faster, and those awarded funding will retain commercial rights over their work. The government and military’s current approach to cyber security involves layering expensive security applications onto large IT infrastructures, of which Zatko says is not sustainable. Total federal spending on cyber security measures is expected to reach $55 billion for the period starting from 2010 and ending in 2015, according to a forecast by Market Research Media.
Cyber Security
Increasing the use of these defensive applications is a necessity for "buying tactical breathing space," but it has proved to be counterproductive on occasion. According to a watch-list created by Joint Task Force-Global Network Operations, at one point, six out of 17 security weaknesses could be tracked to the security software such as antivirus programs installed to correct the system. "You're spending all this effort layering on all this extra security," Zatko said, "and it turns out that's introducing more vulnerabilities." He also pointed out federal mandates requiring uniformity among systems strengthens the chances that bugs are reproduced across all the systems sharing those features. Speaking to the crowd at ShmooCon, an annual security research conference held in Washington January 28 where the program was announced, Zatko said, "I want you guys to stay like you are. You are more valuable doing the kind of work that you're doing the way you're doing it now."
Posting Komentar