Slashdot Mirror

← Back to Stories (view on slashdot.org)

DARPA Training Cadets and Midshipmen As Cyber Warriors

Posted by Unknown on from the reverse-engineering-is-acrime dept.

An anonymous reader writes "DARPA officials say the Defense Department must train 4,000 cybersecurity experts by 2017. Meeting that goal requires building a pipeline for training and education, especially for future officers who'll oversee protection of the cyber domain. During a winter weekend in Pittsburgh, more than 50 cadets and midshipmen from three service academies sat elbow to elbow at nine round tables in a packed room. They'd been training since November to compete in a pilot program of the Defense Advanced Research Projects Agency called the Service Academy Cyber Stakes. From the article: 'This involves skills such as being able to reverse engineer binary, or machine-readable, files and, Ragsdale said, finding source-code-level vulnerabilities that could be exploited, and doing so with software source-level analysis and with automated tools that perform functions such as fuzzing, the informal name for automatic bug finding."

65 comments

  1. warriors or experts? by turkeydance · · Score: 1

    or future officers?

    1. Re:warriors or experts? by tomhath · · Score: 1

      Those are not mutually exclusive, if that's what you're asking.

    2. Re:warriors or experts? by khasim · · Score: 4, Informative

      While not mutually exclusive, they are not convergent in training.

      So you cannot, usually, take the average military academy cadet and include some programming classes and some network security classes and expect to get an officer who is competent in computer security.

      The exceptions being those cadets who were already programming while they were in high school (or earlier).

      The problem with those early programmers is that they were immature kids back then so many of them will be excluded from the academies because of broken laws or group associations.

    3. Re:warriors or experts? by feedayeen · · Score: 3, Insightful

      We need to kill the dumbass myth that the best programmers started when they're in diapers. The exception isn't the kid who've been making simple games for the last 6 years before academy or college, that's simply a kid who has 6 years more experience with loops, conditionals, and a handful of calls that can draw sprites onto the screen. A good student should be able to understand and properly apply those concepts in a few months and now their at the same level here. A great student is one who knows how to learn things that have not been taught to him. While the kid who taught himself programming in middle-school has this attribute, he's not the only one in the world who does.

    4. Re:warriors or experts? by khasim · · Score: 2

      We need to kill the dumbass myth that the best programmers started when they're in diapers.

      They didn't start "in diapers". They are the ones that have put a couple thousand hours in already.

      A good student should be able to understand and properly apply those concepts in a few months and now their at the same level here.

      I think that the easiest counter to that is the Linux kernel and the people who have been working on that for more than a two decades.

      There is no way that someone with "a few months" of classes is anywhere near Linus (or the rest) in terms of skill.

      There is something to be said for an "expert" being someone who has done something for 10,000 hours.

    5. Re:warriors or experts? by cold+fjord · · Score: 1

      The US military academies are engineering schools (though they offer other majors as well) and ROTC cadets are also often science or engineering majors. I don't think that achieving a reasonable level of effectiveness over four years is that big of a hurdle, especially if there is follow-on training either over the summers or after graduation.

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    6. Re:warriors or experts? by Anonymous Coward · · Score: 0

      Or the next Edward Snowden.

    7. Re:warriors or experts? by Anonymous Coward · · Score: 0

      Thr kid who started at 10-12 most likely had an innate interest or fascination with programming (ie- short attention span children need not apply). Most that I saw that started later in life (not all, but most) were the "I need to pick a major/career that pays well / quick path to $$$" variety.

    8. Re:warriors or experts? by Vitriol+Angst · · Score: 1

      That was my first thought. The truly great hackers and programmers are going to be people who have been poking sticks into electronics since they were kids.

      Sure, someone who can read binary and train and do what they are wanting them to learn can get much better -- but that will be a few thousand people covering the same skills as the instructor -- what you want is people who are looking at things nobody else is looking at. 4,000 people who can find the same exploit is 3,999 to many.

      On the plus side, this makes me feel a bit more at ease with an overbearing paranoid government -- at least they aren't competent at being overbearing.

      --
      >>"ad space available -- low rates!!!"
    9. Re:warriors or experts? by Vitriol+Angst · · Score: 1

      We need to kill the dumbass myth that the best programmers started when they're in diapers.

      You aren't going to kill that myth until you can beat the kid who grew up programming. I think anyone can become competent. But the people who push boundaries are naturally curious at a young age. Those people who reverse engineered their computer games. People like Steve Wozniak for instance -- he didn't learn most of what he knows in schools. He was hacking cable boxes and tricking long distance dial tones.

      Especially when it comes to cyber security. A person has to get down and not take for granted what signals are getting passed.

      --
      >>"ad space available -- low rates!!!"
    10. Re:warriors or experts? by Anonymous Coward · · Score: 0

      More likely the one who sends the next Snowden to prison for life.

    11. Re:warriors or experts? by djschematic · · Score: 1

      What you said is probably true for the *average* cadet or midshipman. However, I'm assuming this was a volunteer competition, thus the competitors likely skewed toward the technical majors. It appears that at least Annapolis has a CS curriculum.

      I'd recommend DARPA expand the scope of this competition to ROTC cadets and middies. There are plenty of top-tier CS schools that either host an ROTC unit (e.g. Berkeley) or have a cross-campus agreement with one (e.g. Stanford).

      Some obvious problems with any approach. First being that people join the military for many reasons, and joining a "cyber warfare" unit isn't typically one of them. Even as a CS graduate, I'd be hard pressed to trade my few years as a line officer for being in one of these cyber units. Second, a decent CS graduate doesn't necessarily make a computer and network security expert. Shit, look at the security issues we encounter in the software world on a daily basis (I do not exclude myself from fault here). I think it takes years of experience too, and like others have mentioned, probably helps a ton to have been a black hat.

  2. Good luck by ark1 · · Score: 2

    I hope they will offer pay equivalent to the skill level they seek.

    1. Re:Good luck by Guppy06 · · Score: 1

      By being in a federal academy, their pay is "free college" and they are expected to put in a number of years of service after graduation because of it.

    2. Re:Good luck by dave562 · · Score: 1

      Before they then rotate out into the private sector and start making the big bucks.

    3. Re:Good luck by schneidafunk · · Score: 1

      Exactly. I ended up working for the airforce as an intern (civilian contractor) during my college years, studying computer science. I learned more on the job than my years in school and with the references and resume builder to boot. I left with the experience and credentials to enter the private sector with a huge advantage over other new graduates. I would highly recommend the same path to any young person.

      --
      Some people die at 25 and aren't buried until 75. -Benjamin Franklin
    4. Re:Good luck by Anonymous Coward · · Score: 1

      A H-1B with a full CCIE will work for $16,000 a year and be damn happy with that salary. That is not a good thing to hope for...

    5. Re:Good luck by AmiMoJo · · Score: 1

      I imagine a lot of people will be signing up so they can get military grade training and then after a few years move into a well paid private sector job,

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Military Electronics Expertise by Anonymous Coward · · Score: 0

    Contrary to popular belief they don't have the best and brightest in these programs...

    1. Re:Military Electronics Expertise by cavreader · · Score: 1

      They might not have a monopoly on the best and brightest but those accepted to the Naval Academy and West Point are way above your average freshman. One example. The vast majority of America's advanced fighter pilots have degrees in Engineering, Physics, or Computer Science which plays a big part in the candidate selection process.

    2. Re:Military Electronics Expertise by Anonymous Coward · · Score: 0

      Air Force guy here. All of the pilots I've met have degrees in history, criminal justice, management, etc.

  4. so teaching metasploit then? by Anonymous Coward · · Score: 0

    What I want to know is if I can use my 15 years of computer security experience to get a nice fat check from DARPA.

    1. Re:so teaching metasploit then? by plover · · Score: 1

      Maybe. If you're a good teacher, it's possible they could use you. Why not check them out?

      --
      John
  5. Won't happen anytime soon. by MindPrison · · Score: 2

    For the same reasons you won't find real hackers in the police force, you won't find them anytime soon in the military either. The best hackers don't do it for political reasons, they do it because they enjoy a challenge. Generally, hackers tend to hate warmongers AFAIK.

    I've never ever encountered a REAL knowledgeable hacker in the police force, not even in their cybercrime division. This is due to the fact that most of them, are schoolboys who have a degree in computer science & programming...unfortunately - the most difficult stuff, can't be taught in classes, this comes from YEARS of actual real-life practice and experience.

    I do believe NSA have some serious badboys working for them however, but these are probably semi-skilled hackers who bragged too much, made a few mistakes - and are held captive by their own past. But you'll never ever find the best ones, because they don't brag about their achievements.

    --
    What this world is coming to - is for you and me to decide.
    1. Re:Won't happen anytime soon. by Trax3001BBS · · Score: 1

      I've never ever encountered a REAL knowledgeable hacker in the police force, not even in their cybercrime division. This is due to the fact that most of them, are schoolboys who have a degree in computer science & programming...unfortunately - the most difficult stuff, can't be taught in classes, this comes from YEARS of actual real-life practice and experience.

      And there it is, and why the civilian force will always be ahead of the curve.

    2. Re:Won't happen anytime soon. by tomhath · · Score: 1

      However, it appears that the NSA (and presumably other three-letter agencies) are pretty good at it.

  6. Cyber Division by Anonymous Coward · · Score: 0

    Special Forces

  7. Real subject matter by dave562 · · Score: 1

    It is good to see that they are teaching them real subject matter, like binary disassembly and source code analysis. When I first read the headline, I was afraid that they were just turning out script kiddies.

    1. Re:Real subject matter by ark1 · · Score: 1

      Historically, the military in many areas is not far from script kiddies if you think about it. Private sector creates weapons, the military points and pulls the trigger. Good to see them training in what is definitely not easy to learn (reversing/crypto).

  8. Makes sense by Anonymous Coward · · Score: 0

    Makes sense, it's easier to teach these guys the required skills than to put any discipline or personal hygiene into your average nerd.

  9. Sock puppets and beyond by AHuxley · · Score: 1

    Look at the sock puppets we get on slashdot :)
    Pentagon Spokesman: Public Affairs Must Change With Times (Jul. 25, 2013)
    http://www.defense.gov/News/Ne...
    "We must communicate with the American public in crisp and memorable lines that deliver a clear and accurate message,”"
    Expect to see a lot of hints of new options to shape the flow of information and public opinion in the next few years.
    Blocking select servers, the turning of online activists into "busy work" or traps
    "Jeremy Hammond: FBI directed my attacks on foreign government sites":
    http://www.theguardian.com/wor...
    All this will require an inner cadre of new people skilled with the slang, memes and culture to enter and thrive in different online communities building trust, spreading disinformation long term.
    Why new people? They may know nothing but a constant war on a tactic and may find aspects of 'privacy' i.e. the domestic legal protections are historical/just red tape/understood talking points to them.
    Think of it a cyber 'cannon fodder' for 1000's of sites, chatrooms, forums been flooded with 1000's of unique new/old user names to spread disinformation.
    "Revealed: US spy operation that manipulates social media" (18 March 2011)
    http://www.theguardian.com/tec...
    to "From Twitter with love: American spies snooping on our social media feeds" Feb 17, 2014
    http://www.mirror.co.uk/news/t...
    also see http://cryptome.org/2014/02/ar...

    --
    Domestic spying is now "Benign Information Gathering"
  10. OMG - Academies teach CS! by Overzeetop · · Score: 0

    Really? Now we're surprised that part of a college Comp Sci degree at a military academy includes training in military applications of coding?

    I've got a hot tip for you: they also teach them to shoot guns in college. I know - fucking insane, isn't it? It's like there's a whole secret government department that does nothing but think up ways to kill and disable people and infrastructure! Except, you know, it's not really secret.

    --
    Is it just my observation, or are there way too many stupid people in the world?
  11. Yeah this sounds totally efficient. by Gumbercules!! · · Score: 1

    Or... they could just not build insecure systems directly connected to the internet?

    Ok, ok, I know that nothing is ever totally safe and the Natanz reactor in Iran was hacked without being connected to the internet but surely, better design, better systems management and better monitoring, etc, would reduce the need for such an astronomical number of heads, just sitting in a chair all day watching logs or looking for bugs in code? And you can be quite sure some idiot will still run an out of date flash or java on their IE browser and plenty of small areas will still get subcontractors in to manage domains, scripts, small programs etc and they'll be under the radar.

    Sounds like the modern equivalent of the industrial revolution - just pay a huge number of plebs to do menial tasks. Somehow I doubt this will stop a bugged monitor cable, supplied by the NSA, from doing what it does.

  12. Cyber by Anonymous Coward · · Score: 0

    The 80's called, they want their cheesy words back.
    Back to my cyber sex.

    1. Re:Cyber by cold+fjord · · Score: 1

      Cyber goes back further than the 80s. You might look into Control Data Corp.

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    2. Re:Cyber by kumanopuusan · · Score: 1

      The modern usage of the suffix originates with Wiener's book, nearly a decade before CDC was founded.

      --
      Use of the words "good", "bad" or "evil" is almost invariably the result of oversimplification.
    3. Re:Cyber by kumanopuusan · · Score: 1

      That should be prefix, obviously.

      --
      Use of the words "good", "bad" or "evil" is almost invariably the result of oversimplification.
  13. They really are mutually exclusive by Anonymous Coward · · Score: 0

    They really are mutually exclusive-

    Warriors = NCOs
    Experts = Warrant Officer
    Cadets = Future Officers

    1. Re:They really are mutually exclusive by cold+fjord · · Score: 1

      Warrant Officers fly attack helicopters.
      Officers lead infantry, armor, field artillery, aviation, engineers, and other combat and combat support units.

      Both officers and warrant officers are indeed warriors.

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
  14. Retention Pay by Anonymous Coward · · Score: 0

    It's (not) surprising how retention pay hasn't come up. They do it for aviators and last time I checked, there isn't a huge demand for them out here in the civilian world.

    1. Re:Retention Pay by dave562 · · Score: 1

      Your information is a bit out of date about aviators.

      http://online.wsj.com/news/art...

  15. Already Existed by Anonymous Coward · · Score: 0

    The Air Force already had a program like this. It was called Advanced Cyber Education and ran for a few years before it was cancelled last year due to lack of funding. The main difference I can see was it mainly aimed at ROTC cadets/midshipmen instead of the Academies. So now we have a new program that must be developed because the old one was cancelled.

    Sounds to me like someone thought of the idea again. But this time positioned it for the Good Ol' Boys club that are the Academies.

  16. 10000 hours is BS by Anonymous Coward · · Score: 0

    There is no way that someone with "a few months" of classes is anywhere near Linus (or the rest) in terms of skill.

    There is something to be said for an "expert" being someone who has done something for 10,000 hours.

    There's nothing magical about 10000 hours, if you are basing this on Gladwell's 10000 hours = expert thing, then you should know that it's BS

  17. Experts? by Anonymous Coward · · Score: 0

    4000 security experts, totally doable.

    A single expert in 3 years? If that's the standard then no wonder American security interests are getting hacked like corn.

    And if the people advising the decision makers AND the decision makers reckon three years makes an expert?

    Your staff are only as experienced as the ones deciding if they are or not and it sounds like they've got some right Apple fanboy's calling the shots.

  18. Why not cyber defense? by king+neckbeard · · Score: 2

    Why not focus those efforts on helping secure platforms from those same techniques? You know, so we can help avoid the next Target debacle and the economic damages that come with it. I know it's not as sexy, but it will be better for everyone.

    --
    This is my signature. There are many like it, but this one is mine.
  19. But the biggest difference ... by khasim · · Score: 2

    For the same reasons you won't find real hackers in the police force, you won't find them anytime soon in the military either.

    The first problem is that their recruitment/training policies aren't designed for that.

    Stephen Hawking would have difficult time being accepted to any military academy.

    I do believe NSA have some serious badboys working for them however, but these are probably semi-skilled hackers who bragged too much, made a few mistakes - and are held captive by their own past.

    The NSA does not discriminate on whether you can pass a physical fitness test. Stephen Hawking, were he so inclined, would probably at least get an interview there.

    It's not that you cannot have a physically fit hacker. They do exist.

    But when the recruitment criteria STARTS with physical capabilities, then you have problems because you're reducing the pool of applicants on the WRONG criteria.

  20. warriors,protectors.... by Anonymous Coward · · Score: 0

    of the digital domains, or the next evolution of the modern Amerikan Gestapo...what will they actually be protecting and who will they be "warriors" against?

  21. Re:What are you still doing here? by Anonymous Coward · · Score: 0

    Mod parent up.

    A++++ would eat again

  22. Re:Childish by Anonymous Coward · · Score: 0

    Might does not make right

    Since when, exactly? Might has always made right.

    we should use diplomacy to solve our problems

    I'm afraid I have to Godwin this immediately and agree with your idea to give up the Sudetenland. That'll certainly work and bring a long-lasting peace.

  23. The state of computer security .. by Anonymous Coward · · Score: 0

    Lets face it, "computer" security is fundamentally broken, it's time to bin the current model and start again from scratch ..

  24. hey by Anonymous Coward · · Score: 0

    I'm in! Where do I apply for that? :D

  25. Enders Game by amn108 · · Score: 1

    A bit Enders Game feeling to this...

  26. And just to expand on this a little by Anonymous Coward · · Score: 0

    I agree with the eye roll. Some of them may have started in November, but it's not just classes. And, Dan Ragsdale just might have a clue about how to train them. He's pretty good in his own right. Take a look at the civilian variant, CCDC.

  27. Hellz by Anonymous Coward · · Score: 0

    Warrant Officers fly attack helicopters. --- wrong, they are specialized Soldiers who are experts in thier fields i.e aviation, singal (computers & Networking) Egineers ect... a Warrant Officer is not limited to just flying

    Officers lead infantry, armor, field artillery, aviation, engineers, and other combat and combat support units.

    Both officers and warrant officers are indeed warriors.

  28. May be better at it than you think by Anonymous Coward · · Score: 0

    There seems to be an awful lot of under rating the potential of the cadets and midshipmen, and much of that appears to be motivated by everything other than the facts. When you really get to know them, you'll find there is a whole lot more variability in the corps than the cartoon images created in the comments.
    Some of these kids have been programming and using computers since they were in diapers. Yes they all do have to meet basic physical standards, but there is nothing about programming that precludes that. In fact, fitness has been proven to help the intellect (imagine how much better those couch potato programmers could be if they good off their fat butts?). The intellectual challenge of getting into the academies is even harder than the physical challenge and it is competitive, not just having to meet a certain level as with the physical. And then beyond that, they expect you to be engaged with the people around you.
    So now take these already select people and put them in an intense academic program (count the number of Rhodes and other scholars) with more than just a few programming courses. They are going to come out with a pretty strong ability even if they haven't been programming since wearing diapers.
    Now compare them to the basement dwelling hacker - They'll have developed more of their intellectual ability, they'll have been exposed to a much broader base of knowledge due to the curricula of the academies, they'll know a broad base the theory of programming (as opposed to the self-taught hacker who knows tools or a language and only as much of the theory as they had to learn or were interested in), they'll be fit enough to go at it for days on end, they'll understand strategy and tactics and be able to apply those to code and IS, and more than anything, they'll have the discipline to take a well structured approach, to keep at it when it gets tough, and to persevere when there is no obvious answer.

  29. Dear U.S. Military by SCHecklerX · · Score: 1

    Please stop with the 'cyber' shit. It's already difficult enough to take you seriously without your use of this nonsensical prefix for all things computer and network related.

  30. Zoom Group by zoomgroup123 · · Score: 1

    MCITP Training, Online CCIE Training, Online Ethical Hacking Training, Online CCNP Training, Online MCSE Training, Online CCNA Training, Online Linux Training, Online Cisco Training, Online VMware Training and more offered by Zoom Technologies by highly proficient CISCO certified experts - Hyderabad, India. Visit http://zoomgroup.com/

  31. What are you still doing here? by Anonymous Coward · · Score: 0

    Avoiding all the whiny bitches

  32. Both by cyberhooligan77 · · Score: 1

    I started wih programming, at 14, while most of my classmates at Collegue, even touched a computer. They just hear the "Computer Science" hype. I.T. wasn't considered a well paid career, yet.

    Interest in programming, is as good as years of experiences. It does help to some extra years of experience, than others.

    By the way, even that I was fascinated by computers / programmers, I do have certified short atention problem: ADDH. Cheers.

  33. Hacker vs Good Programmer by cyberhooligan77 · · Score: 1

    I personally disagree on matching "Hacker equals Good Programmer", there are several things that may match, while others don't.

    I consider myself a good programmer, I hate the hacker stereotype, yet, I constantly get labeled as a Hacker, even, if I have never cracked a password, and never enter on a network, or any of that kind of stuff.

    But, I agree than both hackers & bright programmers, require certains skills that a Collegue or University, cannot provide. And the "out of the box" or "Daredevil" mentality that Goverment institutions mindset crash.

    I never consider the existance of the "semihackers", before, but, i got the idea.

  34. Physical Test does matter by cyberhooligan77 · · Score: 1

    Agree, two of the main things that get into conflict, in having goverment cyberwarriors, are mindset & physical fitness.

    Even than the goverment could built a goverment a desk job cyber unit, sooner, or later, may need a cyberwarrior unit, where people does know how to hack a network, run some miles carring 40 lbs, and, so on, Geek soldiers, that does do geek stuff, and does do military stuff, at the same time (not just playing Medal of Honor video games).

    As a geek whom got interested in the military, can say that the physical stuff wasn't easy, and, the only thing thing that keep me going, is that I am very stubborn.