19 March 2016

The Military Should Increase Efforts to Find and Enlist Young Hackers

http://www.rand.org/blog/2016/03/the-military-should-increase-efforts-to-find-and-enlist.html

Los Alamos National Laboratory in New Mexico was hacked in the early 1980s by culprits who called themselves “the 414s” after their shared Milwaukee area code. Although the effects of the attack were mostly innocuous, it led to a rise in computer-crime awareness and a series of legislative proposals in the U.S. House of Representatives designed to combat cybercrime. More significantly, it heralded the youth movement of an already burgeoning cyber counter-culture. (Nearly a decade earlier, a 17-year-old Steve Jobs was hacking the phone system.)
Since the 1980s, countless governments, corporations, organizations and individuals have fallen prey to hackers. Over the past decade, entertainers Lady Gaga and Justin Timberlake, London's Scotland Yard, the Pentagon, senior U.S. executive branch officials, Interpol and the gaming corporation Nintendo have also come under attack by hackers with seemingly different motivations — whether they are making a political statement, or seeking fame or personal enrichment.

Hacking has become commonplace, but the aforementioned cases share a common trait that many people might find surprising: Each was ostensibly orchestrated and carried out by computer-savvy teenagers.
That's right, the masterminds behind many notorious cyberattacks have not been gray-bearded computer experts or scientists with Ph.D.s from top technical schools. They have been carried out by America's youth. To protect the nation's infrastructure, the U.S. military should consider embracing and cultivating this unexpected pool of talent — and follow the lead of the National Security Agency, which began holding summer camps in 2014 for middle school-aged hackers.

This is precisely what the former Soviet Union did when it enlisted Eugene Kaspersky, now CEO of Kaspersky Lab (an anti-virus and internet security firm), who first donned a Soviet uniform when he was only 16 years old and a student at Moscow's Institute of Cryptography, Telecommunications and Computer Science. Although attracting a once-in-a-generation talent like Kaspersky is unlikely, finding and enlisting modern-day David Lightmans — the character played by Matthew Broderick in the 1983 movie "WarGames" — is not an unreasonable goal.

Obviously, an uptick in the number of cyberattacks being orchestrated by high school and middle school hackers doesn't mean that all young people with mad cyber skills have criminal intentions. Many just have a particular aptitude for writing code and operating in cyberspace and are likely more interested in a legitimate career in the private sector or in serving their country than in entering the shadowy world of cybercrime.

But here's the significant challenge: Even if budding cyber professionals eschew a life of crime, they are not necessarily predisposed to working for the U.S. military either. There are abundant, and growing, opportunities available for cyber professionals in the private sector. These opportunities often are quite lucrative (PDF), or at least on par with what cyber specialists would be paid to work for the government.

While expanded opportunities and increasing salaries for cyber professionals are helping to drive growth in the available talent pool, the pool is not growing nearly as fast as the demand for cyber services. Without a significant increase in the supply of cyber talent, the U.S. military will continue to find itself locked in a competition with private-sector firms (and even other governmental organizations) to attract and retain talented cyber talent.

Unlike governmental agencies, private-sector businesses are inherently able to better react to changes in the market for cyber talent because they can go after the talent they need by paying more and giving better benefits. And unlike U.S. cyber professionals in uniform, those working in the private sector do not have to face potential deployment to faraway assignments in dangerous environs or engage in rigorous and physically demanding military training. These are yet more reasons why the U.S. military should consider devising approaches to attract and retain cyber talent in ways that leverage its comparative advantages.

One advantage that the U.S. military has is its ability to find, attract and develop individuals with cyber aptitude while they are young. This can be further accomplished by creating additional or deepening existing partnerships that the military services have with high school and middle school students. One such program, CyberPatriot, operated by the Air Force Association, says it is designed to motivate students to pursue careers in cybersecurity and other science, technology, engineering and mathematics disciplines. One way it accomplishes this is by convening an annual National Youth Cyber Defense Competition and holding CyberCamps for members of the junior reserve officer training corps in the various branches of the military.

Programs like CyberPatriot and the cyber competitions it hosts not only help expand and improve cyber-related education but also provide an opportunity to spot young cyber talent. Once identified, they can be offered additional education opportunities and college aid specifically tied to the pursuit of cyber-related degrees—through service ROTC programs—in exchange for a future service commitment. Retaining these individuals beyond their initial enlistment periods could potentially be achieved by offering monetary incentive through the selective reenlistment bonus program as well as additional training and experience that could only be obtained through the military.

Much like Olympic gymnasts, the best cyber talents may emerge during their teenage years. Accordingly, the U.S. military should consider expanding the scope of its junior ROTC programs — currently designed to emphasize civic responsibility, ethics and leadership — to include cyber-specific components and tracks. Although a service commitment is not the purpose of these programs, both the U.S. military and talented cyber youth could benefit from a program designed to identify, reward and potentially enlist those with bright cyber futures.

Isaac R. Porche III is a senior engineer and Chad C. Serena is a political scientist at the nonprofit, nonpartisan RAND Corporation.

This commentary originally appeared on U.S. News & World Report on March 10, 2016.


No comments: