Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyberwarrior Shortage Threatens US Security

Posted by CmdrTaco on from the who-wouldn't-want-that-on-their-card dept.

An anonymous reader writes "US security officials say the country's cyberdefenses are not up to the challenge. In part, it's due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries. The protection of US computer systems essentially requires an army of cyberwarriors, but the recruitment of that force is suffering. 'We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,' says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency, and the Energy Department."

22 of 394 comments (clear)

  1. H1b? by Anonymous Coward · · Score: 5, Funny

    if there is such a shortage of talent maybe we can offshore this responsibility? Maybe to China? As a bonus it will be less expensive.

  2. Duh, they are in jail. by tekrat · · Score: 4, Insightful

    The USA has a bad habit of arresting anyone with the skills and curiosity to perform such tasks. Instead of arresting and jailing "hackers" they should employ them, and then maybe we'd have enough people for the "cyberwar" they are talking about

    --
    If telephones are outlawed, then only outlaws will have telephones.
    1. Re:Duh, they are in jail. by Sponge+Bath · · Score: 5, Insightful

      The USA has a bad habit of arresting anyone with the skills and curiosity to perform such tasks.

      ...and refusing the skilled and desperately needed service of anyone who "likes show tunes".

    2. Re:Duh, they are in jail. by causality · · Score: 5, Insightful

      The USA has a bad habit of arresting anyone with the skills and curiosity to perform such tasks. Instead of arresting and jailing "hackers" they should employ them, and then maybe we'd have enough people for the "cyberwar" they are talking about

      It's part of a greater "war on curiosity" that's a fear-based initiative to stamp out any and all behaviors that even slightly deviate from a prescribed norm. Locking up those "evil hackers" is part of this. Another part of this is the way people are getting threatened by cops, security staff, and other jack-booted thugs for legally taking photos in public places. You also can't get a truly good chemistry set anymore, because somebody might use the glassware to make drugs. Now they complain that they can't find good personnel for something that requires initiative, individual thought and a willingness to think outside the box and see things from multiple angles.

      That serves them right. They've been systematically stamping out any kind of unapproved curiosity and exploration in the name of safety for a long time now. They've also done nothing but encourage the outsourcing trend of sending a great deal of IT talent to places like India, and you really do want US citizens to perform this kind of national security work. Then there's the general untrustworthiness of the US government as an institution, the idiocy and abuses and mismanagement that it perpetuates and the moral implications of joining up with them. That might further alienate domestic talent that would otherwise be interested. As far as I am concerned, they are reaping what they have sown.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    3. Re:Duh, they are in jail. by EdIII · · Score: 4, Insightful

      There is another possibility too you know.

      We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in timeWe don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time

      Do *you* support our national security objectives? I know I don't.

      Especially since some people seem to be doing their damnedest to make copyrights a matter of national security. I'm sorry, let me take that back. ACTA negotiations already show that copyrights are a matter of national security.

    4. Re:Duh, they are in jail. by Anonymous Coward · · Score: 5, Insightful

      "The USA has a bad habit of arresting anyone with the skills and curiosity to perform such tasks." ...and refusing the skilled and desperately needed service of anyone who "likes show tunes".

      How is this off-topic? At a certain level of government, homosexuality is enough to get you excluded from the game. That means there are likely some qualified candidates who are excluded based off a fairly arbitrary criteria.

      Most especially amusing is that because they make you hide it, they use the fact that you are hiding it to show that you might be a security risk because someone could blackmail you.

      Seriously, the parent poster makes an insightful point.

    5. Re:Duh, they are in jail. by TheLink · · Score: 5, Insightful

      Y'know, the greatest threat to US security might be the US government.

      1) Who wields the greatest power in the world?
      2) Is the entity in #1 really using it for the benefit of the USA? Or for the benefit of others?

      It's always bogeyman after bogeyman, "The US is under threat" and neverending wars against drugs/terror/whatever.

      --
  3. Jail time? by IICV · · Score: 5, Insightful

    Maybe it's because we call anyone with even the smallest amount of computer knowledge a witch^H hacker, and burn them at the stake^H^H^H^H^H^H put them in jail (or detention, for the juveniles) while banning them from using computers?

    It's pretty simple, guys. If you ban model rockets, you won't get a generation of rocket scientists. If you ban chemistry kits, you won't get a generation of chemical engineers. If you ban playing around with computer systems, you won't get a generation of hackers.

  4. Perception... by mlts · · Score: 5, Insightful

    It is all about perception. I see high school advisors telling kids to stay away from computer science because they will be fighting for jobs against the whole world (programmers from India, sysadmins from the Bay Area, etc.) Instead, they tell them to go law because "there is no such thing as an unemployed lawyer."

    Russia and China, it is different. There, their security guys doing blackhat/white work are viewed with similar respect as Special Forces guys are viewed here, as heroes for their country. Here in the US, a CS/IT person is looked at as someone who is going to be unemployed as soon as the PHB finds some offshore firm.

    Change the perception, make it cool to be a CS/IT person. THEN you will have your "cyberwarriors" that are on par with the Russian/Chinese blackhats. Otherwise, the CS students will be taking their CS degree into law or business school.

    1. Re:Perception... by Animats · · Score: 4, Informative

      Instead, they tell them to go law because "there is no such thing as an unemployed lawyer."

      There are now many unemployed lawyers. See the lawyer layoff list. There's now "legal process outsourcing, and it's not just clerical work any more. You can now send work to cheap lawyers in a Bangalore call center.

      A lawyer I was using was recently laid off by his downsizing law firm. It happens.

  5. Re:Stupid tags by causality · · Score: 4, Interesting

    I'm not allowed to tag stories, but the moron who managed to misspell "cyberwarfare" as "cyberwarefare" is free and clear, huh? Nice job, Slashdot.

    I can't seem to tag stories either and I have no idea why. I can add a tag and it appears to work, but I have never once refreshed the Slashdot main page and seen any tag I have applied. That is, they seem to just go straight to /dev/null. Tags I try to apply do seem to show up on my user page, however.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  6. Re:Funny how.. by frank_adrian314159 · · Score: 4, Interesting

    Why do you rob banks, Mr. Sutton?

    That's where the money is.

    --
    That is all.
  7. A bad deal by DoofusOfDeath · · Score: 4, Interesting

    The federal government has a habit of imposing soul-crushing bureaucracies on its workers.

    Probably only a very small fraction of citizens are talented and inclined to do cyberwarfare and are willing to put up with the bureaucracy.

  8. Re:Funny how.. by Rob+Riggs · · Score: 4, Insightful

    "We don't have sufficiently bright people moving into this field"

    Yet we have sufficiently bright people who can create a system that rapes the stock market.

    Which one pays better?

    --
    the growth in cynicism and rebellion has not been without cause
  9. Shortages by Ukab+the+Great · · Score: 4, Interesting

    I'd believe in stuff like

    1. Shortages of people who patch their systems
    2. Shortages of companies who are willing to pay security specialists a decent wage
    3. Shortages of CTO's willing to pay for migration away from IE6 to something standards-compliant
    4. Shortages of armed services who'd take overweight computer professionals over 30
    5. The tooth fairy
    6. Unicorns

    But a shortage of cyberwarriors? That seems a bit far fetched.

  10. Working for the goverment blows by malice95 · · Score: 4, Interesting

    People who are typically drawn to computers are often not very good canidates for the military lifestyle. And to become good at Securing systems or hacking them.. you need be breath, eat and sleep computers (especially hacking them).

    Hacking skills are not taught in schools and working for the goverment pays c@rp.. why would someone who spent years developing highly saught after skills work for the latest cyberwarfare agency when they could make big bucks in the private sector.

    There are plenty of highly skilled security folks out there "Defend the nation" to. I dont see any real recruitment efforts going on that are worth while.

  11. Skills and knowledge AND... by terrahertz · · Score: 5, Insightful

    In part, it's due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries.

    Based on my own experience, I would argue that there is a severe shortage of computer security specialists and engineers with the skills and knowledge and desire to do battle against would-be adversaries. Whether it's a personal financial concern or a personal ethical concern, there are lots of great reasons for skilled and knowledgeable experts to seek employment elsewhere.

    --
    Slashdot? Oh, I just read it for the articles.
  12. Re:Maybe this man's ideas are misplaced... by fuzzyfuzzyfungus · · Score: 4, Insightful

    The fact that we are using the ridiculous term "cyberwarrior" suggests that, at the very least, the people writing the PR playbooks don't have a fucking clue.

    In addition to being corny as hell, "cyberwarrior" implies a dangerously literal application of traditional military doctrines(ie. you have the civilians, who do whatever, and then you have an army that stands between them and the bad guys and blows things up) to computer security. With networked computers, aside from the specific case of DOD sysadmins, virtually all of "computer security" is about making sure that the (overwhelmingly civilian) software and systems are properly designed and built. That isn't something that you are going to do by having a few "cyberwarriors" to hack through the enemy's code walls, or whatever. That is only doable by, more or less, massively increasing the status(and cost, sorry MBAs...) of programmers, software engineers, sysadmins, etc.

    Obviously, there will be some need for near-black-hats to spook around hostile networks in the service of various sinister three letter agencies; but the vast majority of "computer security" is much closer to being analogous to a civil engineering or public health question than it is to being a military one. Trying to solve "cybersecurity" with a relatively small number of "elite cyberwarriors" is rather like trying to keep a population from dying of cholera by building a few world-class research hospitals(with bed space for like 1% of the cases), rather than having civil engineers knock together a water system...

  13. Ah, better to crack'em down. by alexborges · · Score: 5, Insightful

    Go look for the idiot that started the Hacker's Crackdown in th 90's. The result of this attitude was to either push some kids to the edge where the russian mob recruited them in on form or another, or plain make them corpodrones, albeit very good at typing crap into a cisco console, but perfectly worthless in the underlining of the net.

    Bravo, idiots, might I remind you that here in the net, we forsaw and told you about this. And now you come complainin....

    --
    NO SIG
    1. Re:Ah, better to crack'em down. by Ex-MislTech · · Score: 4, Insightful

      This will just be another case of Problem, Reaction, Solution.

      They already know what they want, this is just their horse and pony
      show to justify what they will do to get it.

      Likely some more Visa workers to drive down wage costs.

      I did a search for CISSP jobs and that ilk and there is not
      thousands of them out there waiting to be filled.

      I call Deja moo.

      Deja moo is like Deja Vu, but it refers to having heard this BS somewhere before.

      --
      google "32 trillion offshore needs IRS attention"
    2. Re:Ah, better to crack'em down. by Ex-MislTech · · Score: 4, Informative

      On monster.com I had the grand total of 11 hits for the whole US.

      Deja moo might be an understatement.

      --
      google "32 trillion offshore needs IRS attention"
  14. Re:Maybe this man's ideas are misplaced... by fuzzyfuzzyfungus · · Score: 5, Insightful

    I'm less concerned about the cheesy term scaring away hardcore techies(they can always just mock it in the break room).

    I'm concerned about managerial decisions, program planning, and the like. It is hard to think correct thoughts with broken language, and "cyberwarrior" is broken language(except, again, in the specific context of l33t black-ops haxx0rs for the NSA who play offense. They may or may not like the term; but they are at least structurally somewhat analogous to various flavors of elite-and-slightly-irregular forces that have been used in the past.)

    My concern, essentially(in addition to the fact that "cyberwarrior" is an invitation to the quiet militarization of just about anything turing-complete and network connected, all in the name of "security") is that this sloppy use of language will(and already is) lead to sloppy, incorrect thinking on the part of politicians and planners and the like. You'll get roughly one of two outcomes:

    Outcome one: The "guard the borders" interpretation. This is the analogy extension of "cyberwarrior" that anybody whose worldview is steeped in the classic American quasi-isolationism(that comes quite naturally from having an ocean on each side, and largely untroublesome borders) will come up with. Basically, civilians get to be the soft chewy center, and go about their business however they like, and the military stands guard at the edges and occasionally goes overseas and kills some nazis or communists.

    This interpretation, will the better of the two, is largely useless. With modern internet interconnection, pretty much any sort of electronic attack will fly right past the border and into the ghastly mess that is civilian systems with ease. Even fairly petty criminals will not have much trouble, and some hostile nation's targeted attackers even less. Also, because of "COTS" fever, low-bidder private sector code will be all over military critical systems as well. Hurray.

    Outcome two: Super sinister, and not necessarily much more useful than Outcome one. This is the bad analogy extension of "cyberwarrior" that will be arrived at by either retro "total war" theorists, or their contemporary counterparts who have been hitting the "9/11 changed everything, new kind of war, assymetric undefined battlefield, war on abstract concepts!!" pipe pretty hard. Here, the thinking will roughly be as follows: 1. There is a state of "cyberwar" 2. "Cyberwarriors" must be used to win the cyberwar. 3. All internet connected systems are strategic resources, and/or strategic targets, and are therefore under the just jurisdiction of the "cyberwarriors" until such time as the cyberwar should end(ie. never).

    Basically, this outcome will mean massive militarization(and some super-juicy contractor food) of previously civilian areas; because, there is a cyberwar on, so if you are on the internet, you are territory...