Slashdot Mirror

← Back to Stories (view on slashdot.org)

DARPA Training Cadets and Midshipmen As Cyber Warriors

Posted by Unknown on from the reverse-engineering-is-acrime dept.

An anonymous reader writes "DARPA officials say the Defense Department must train 4,000 cybersecurity experts by 2017. Meeting that goal requires building a pipeline for training and education, especially for future officers who'll oversee protection of the cyber domain. During a winter weekend in Pittsburgh, more than 50 cadets and midshipmen from three service academies sat elbow to elbow at nine round tables in a packed room. They'd been training since November to compete in a pilot program of the Defense Advanced Research Projects Agency called the Service Academy Cyber Stakes. From the article: 'This involves skills such as being able to reverse engineer binary, or machine-readable, files and, Ragsdale said, finding source-code-level vulnerabilities that could be exploited, and doing so with software source-level analysis and with automated tools that perform functions such as fuzzing, the informal name for automatic bug finding."

37 of 65 comments (clear)

  1. warriors or experts? by turkeydance · · Score: 1

    or future officers?

    1. Re:warriors or experts? by tomhath · · Score: 1

      Those are not mutually exclusive, if that's what you're asking.

    2. Re:warriors or experts? by khasim · · Score: 4, Informative

      While not mutually exclusive, they are not convergent in training.

      So you cannot, usually, take the average military academy cadet and include some programming classes and some network security classes and expect to get an officer who is competent in computer security.

      The exceptions being those cadets who were already programming while they were in high school (or earlier).

      The problem with those early programmers is that they were immature kids back then so many of them will be excluded from the academies because of broken laws or group associations.

    3. Re:warriors or experts? by feedayeen · · Score: 3, Insightful

      We need to kill the dumbass myth that the best programmers started when they're in diapers. The exception isn't the kid who've been making simple games for the last 6 years before academy or college, that's simply a kid who has 6 years more experience with loops, conditionals, and a handful of calls that can draw sprites onto the screen. A good student should be able to understand and properly apply those concepts in a few months and now their at the same level here. A great student is one who knows how to learn things that have not been taught to him. While the kid who taught himself programming in middle-school has this attribute, he's not the only one in the world who does.

    4. Re:warriors or experts? by khasim · · Score: 2

      We need to kill the dumbass myth that the best programmers started when they're in diapers.

      They didn't start "in diapers". They are the ones that have put a couple thousand hours in already.

      A good student should be able to understand and properly apply those concepts in a few months and now their at the same level here.

      I think that the easiest counter to that is the Linux kernel and the people who have been working on that for more than a two decades.

      There is no way that someone with "a few months" of classes is anywhere near Linus (or the rest) in terms of skill.

      There is something to be said for an "expert" being someone who has done something for 10,000 hours.

    5. Re:warriors or experts? by cold+fjord · · Score: 1

      The US military academies are engineering schools (though they offer other majors as well) and ROTC cadets are also often science or engineering majors. I don't think that achieving a reasonable level of effectiveness over four years is that big of a hurdle, especially if there is follow-on training either over the summers or after graduation.

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    6. Re:warriors or experts? by Vitriol+Angst · · Score: 1

      That was my first thought. The truly great hackers and programmers are going to be people who have been poking sticks into electronics since they were kids.

      Sure, someone who can read binary and train and do what they are wanting them to learn can get much better -- but that will be a few thousand people covering the same skills as the instructor -- what you want is people who are looking at things nobody else is looking at. 4,000 people who can find the same exploit is 3,999 to many.

      On the plus side, this makes me feel a bit more at ease with an overbearing paranoid government -- at least they aren't competent at being overbearing.

      --
      >>"ad space available -- low rates!!!"
    7. Re:warriors or experts? by Vitriol+Angst · · Score: 1

      We need to kill the dumbass myth that the best programmers started when they're in diapers.

      You aren't going to kill that myth until you can beat the kid who grew up programming. I think anyone can become competent. But the people who push boundaries are naturally curious at a young age. Those people who reverse engineered their computer games. People like Steve Wozniak for instance -- he didn't learn most of what he knows in schools. He was hacking cable boxes and tricking long distance dial tones.

      Especially when it comes to cyber security. A person has to get down and not take for granted what signals are getting passed.

      --
      >>"ad space available -- low rates!!!"
    8. Re:warriors or experts? by djschematic · · Score: 1

      What you said is probably true for the *average* cadet or midshipman. However, I'm assuming this was a volunteer competition, thus the competitors likely skewed toward the technical majors. It appears that at least Annapolis has a CS curriculum.

      I'd recommend DARPA expand the scope of this competition to ROTC cadets and middies. There are plenty of top-tier CS schools that either host an ROTC unit (e.g. Berkeley) or have a cross-campus agreement with one (e.g. Stanford).

      Some obvious problems with any approach. First being that people join the military for many reasons, and joining a "cyber warfare" unit isn't typically one of them. Even as a CS graduate, I'd be hard pressed to trade my few years as a line officer for being in one of these cyber units. Second, a decent CS graduate doesn't necessarily make a computer and network security expert. Shit, look at the security issues we encounter in the software world on a daily basis (I do not exclude myself from fault here). I think it takes years of experience too, and like others have mentioned, probably helps a ton to have been a black hat.

  2. Good luck by ark1 · · Score: 2

    I hope they will offer pay equivalent to the skill level they seek.

    1. Re:Good luck by Guppy06 · · Score: 1

      By being in a federal academy, their pay is "free college" and they are expected to put in a number of years of service after graduation because of it.

    2. Re:Good luck by dave562 · · Score: 1

      Before they then rotate out into the private sector and start making the big bucks.

    3. Re:Good luck by schneidafunk · · Score: 1

      Exactly. I ended up working for the airforce as an intern (civilian contractor) during my college years, studying computer science. I learned more on the job than my years in school and with the references and resume builder to boot. I left with the experience and credentials to enter the private sector with a huge advantage over other new graduates. I would highly recommend the same path to any young person.

      --
      Some people die at 25 and aren't buried until 75. -Benjamin Franklin
    4. Re:Good luck by Anonymous Coward · · Score: 1

      A H-1B with a full CCIE will work for $16,000 a year and be damn happy with that salary. That is not a good thing to hope for...

    5. Re:Good luck by AmiMoJo · · Score: 1

      I imagine a lot of people will be signing up so they can get military grade training and then after a few years move into a well paid private sector job,

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Won't happen anytime soon. by MindPrison · · Score: 2

    For the same reasons you won't find real hackers in the police force, you won't find them anytime soon in the military either. The best hackers don't do it for political reasons, they do it because they enjoy a challenge. Generally, hackers tend to hate warmongers AFAIK.

    I've never ever encountered a REAL knowledgeable hacker in the police force, not even in their cybercrime division. This is due to the fact that most of them, are schoolboys who have a degree in computer science & programming...unfortunately - the most difficult stuff, can't be taught in classes, this comes from YEARS of actual real-life practice and experience.

    I do believe NSA have some serious badboys working for them however, but these are probably semi-skilled hackers who bragged too much, made a few mistakes - and are held captive by their own past. But you'll never ever find the best ones, because they don't brag about their achievements.

    --
    What this world is coming to - is for you and me to decide.
    1. Re:Won't happen anytime soon. by Trax3001BBS · · Score: 1

      I've never ever encountered a REAL knowledgeable hacker in the police force, not even in their cybercrime division. This is due to the fact that most of them, are schoolboys who have a degree in computer science & programming...unfortunately - the most difficult stuff, can't be taught in classes, this comes from YEARS of actual real-life practice and experience.

      And there it is, and why the civilian force will always be ahead of the curve.

    2. Re:Won't happen anytime soon. by tomhath · · Score: 1

      However, it appears that the NSA (and presumably other three-letter agencies) are pretty good at it.

  4. Real subject matter by dave562 · · Score: 1

    It is good to see that they are teaching them real subject matter, like binary disassembly and source code analysis. When I first read the headline, I was afraid that they were just turning out script kiddies.

    1. Re:Real subject matter by ark1 · · Score: 1

      Historically, the military in many areas is not far from script kiddies if you think about it. Private sector creates weapons, the military points and pulls the trigger. Good to see them training in what is definitely not easy to learn (reversing/crypto).

  5. Sock puppets and beyond by AHuxley · · Score: 1

    Look at the sock puppets we get on slashdot :)
    Pentagon Spokesman: Public Affairs Must Change With Times (Jul. 25, 2013)
    http://www.defense.gov/News/Ne...
    "We must communicate with the American public in crisp and memorable lines that deliver a clear and accurate message,”"
    Expect to see a lot of hints of new options to shape the flow of information and public opinion in the next few years.
    Blocking select servers, the turning of online activists into "busy work" or traps
    "Jeremy Hammond: FBI directed my attacks on foreign government sites":
    http://www.theguardian.com/wor...
    All this will require an inner cadre of new people skilled with the slang, memes and culture to enter and thrive in different online communities building trust, spreading disinformation long term.
    Why new people? They may know nothing but a constant war on a tactic and may find aspects of 'privacy' i.e. the domestic legal protections are historical/just red tape/understood talking points to them.
    Think of it a cyber 'cannon fodder' for 1000's of sites, chatrooms, forums been flooded with 1000's of unique new/old user names to spread disinformation.
    "Revealed: US spy operation that manipulates social media" (18 March 2011)
    http://www.theguardian.com/tec...
    to "From Twitter with love: American spies snooping on our social media feeds" Feb 17, 2014
    http://www.mirror.co.uk/news/t...
    also see http://cryptome.org/2014/02/ar...

    --
    Domestic spying is now "Benign Information Gathering"
  6. Yeah this sounds totally efficient. by Gumbercules!! · · Score: 1

    Or... they could just not build insecure systems directly connected to the internet?

    Ok, ok, I know that nothing is ever totally safe and the Natanz reactor in Iran was hacked without being connected to the internet but surely, better design, better systems management and better monitoring, etc, would reduce the need for such an astronomical number of heads, just sitting in a chair all day watching logs or looking for bugs in code? And you can be quite sure some idiot will still run an out of date flash or java on their IE browser and plenty of small areas will still get subcontractors in to manage domains, scripts, small programs etc and they'll be under the radar.

    Sounds like the modern equivalent of the industrial revolution - just pay a huge number of plebs to do menial tasks. Somehow I doubt this will stop a bugged monitor cable, supplied by the NSA, from doing what it does.

  7. Re:Cyber by cold+fjord · · Score: 1

    Cyber goes back further than the 80s. You might look into Control Data Corp.

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
  8. Re:They really are mutually exclusive by cold+fjord · · Score: 1

    Warrant Officers fly attack helicopters.
    Officers lead infantry, armor, field artillery, aviation, engineers, and other combat and combat support units.

    Both officers and warrant officers are indeed warriors.

    --
    much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
  9. Why not cyber defense? by king+neckbeard · · Score: 2

    Why not focus those efforts on helping secure platforms from those same techniques? You know, so we can help avoid the next Target debacle and the economic damages that come with it. I know it's not as sexy, but it will be better for everyone.

    --
    This is my signature. There are many like it, but this one is mine.
  10. But the biggest difference ... by khasim · · Score: 2

    For the same reasons you won't find real hackers in the police force, you won't find them anytime soon in the military either.

    The first problem is that their recruitment/training policies aren't designed for that.

    Stephen Hawking would have difficult time being accepted to any military academy.

    I do believe NSA have some serious badboys working for them however, but these are probably semi-skilled hackers who bragged too much, made a few mistakes - and are held captive by their own past.

    The NSA does not discriminate on whether you can pass a physical fitness test. Stephen Hawking, were he so inclined, would probably at least get an interview there.

    It's not that you cannot have a physically fit hacker. They do exist.

    But when the recruitment criteria STARTS with physical capabilities, then you have problems because you're reducing the pool of applicants on the WRONG criteria.

  11. Re:so teaching metasploit then? by plover · · Score: 1

    Maybe. If you're a good teacher, it's possible they could use you. Why not check them out?

    --
    John
  12. Re:Military Electronics Expertise by cavreader · · Score: 1

    They might not have a monopoly on the best and brightest but those accepted to the Naval Academy and West Point are way above your average freshman. One example. The vast majority of America's advanced fighter pilots have degrees in Engineering, Physics, or Computer Science which plays a big part in the candidate selection process.

  13. Re:Retention Pay by dave562 · · Score: 1

    Your information is a bit out of date about aviators.

    http://online.wsj.com/news/art...

  14. Enders Game by amn108 · · Score: 1

    A bit Enders Game feeling to this...

  15. Dear U.S. Military by SCHecklerX · · Score: 1

    Please stop with the 'cyber' shit. It's already difficult enough to take you seriously without your use of this nonsensical prefix for all things computer and network related.

  16. Zoom Group by zoomgroup123 · · Score: 1

    MCITP Training, Online CCIE Training, Online Ethical Hacking Training, Online CCNP Training, Online MCSE Training, Online CCNA Training, Online Linux Training, Online Cisco Training, Online VMware Training and more offered by Zoom Technologies by highly proficient CISCO certified experts - Hyderabad, India. Visit http://zoomgroup.com/

  17. Re:Cyber by kumanopuusan · · Score: 1

    The modern usage of the suffix originates with Wiener's book, nearly a decade before CDC was founded.

    --
    Use of the words "good", "bad" or "evil" is almost invariably the result of oversimplification.
  18. Re:Cyber by kumanopuusan · · Score: 1

    That should be prefix, obviously.

    --
    Use of the words "good", "bad" or "evil" is almost invariably the result of oversimplification.
  19. Both by cyberhooligan77 · · Score: 1

    I started wih programming, at 14, while most of my classmates at Collegue, even touched a computer. They just hear the "Computer Science" hype. I.T. wasn't considered a well paid career, yet.

    Interest in programming, is as good as years of experiences. It does help to some extra years of experience, than others.

    By the way, even that I was fascinated by computers / programmers, I do have certified short atention problem: ADDH. Cheers.

  20. Hacker vs Good Programmer by cyberhooligan77 · · Score: 1

    I personally disagree on matching "Hacker equals Good Programmer", there are several things that may match, while others don't.

    I consider myself a good programmer, I hate the hacker stereotype, yet, I constantly get labeled as a Hacker, even, if I have never cracked a password, and never enter on a network, or any of that kind of stuff.

    But, I agree than both hackers & bright programmers, require certains skills that a Collegue or University, cannot provide. And the "out of the box" or "Daredevil" mentality that Goverment institutions mindset crash.

    I never consider the existance of the "semihackers", before, but, i got the idea.

  21. Physical Test does matter by cyberhooligan77 · · Score: 1

    Agree, two of the main things that get into conflict, in having goverment cyberwarriors, are mindset & physical fitness.

    Even than the goverment could built a goverment a desk job cyber unit, sooner, or later, may need a cyberwarrior unit, where people does know how to hack a network, run some miles carring 40 lbs, and, so on, Geek soldiers, that does do geek stuff, and does do military stuff, at the same time (not just playing Medal of Honor video games).

    As a geek whom got interested in the military, can say that the physical stuff wasn't easy, and, the only thing thing that keep me going, is that I am very stubborn.