LAS VEGAS -- Department of Defense and military officials turned a
hacker conference into a recruiting drive Friday, trying to woo the
best and the brightest into becoming security experts.
are extremely talented, and you are wondering what you'd like to do for
the rest of your life -- join us, and help us educate our people," said
Arthur Money, assistant secretary of defense for command, control,
communications and intelligence (C3I) for the United States, during a
"Meet the Fed" panel at DEF CON in Las Vegas.
Money was one of four U.S. government officials that told hackers and script kiddies to be all they can be.
"It might be viewed as a challenge, it might be viewed as fun to hack
into things, but you might be affecting the lives of people," he said.
"I would rather have my attention focused on what rogue states are
doing to us than being harassed seven times a day figuring out what the
hell some guy is doing to us."
The Department of Defense had 22,124 obvious attacks targeted against
agency computers in 1999, said Money. Each attack cost almost $1.5
million, leaving the DOD with a $25 billion bill for defense.
While the noise from script kiddies causes much of the consternation,
Money admitted that military and government systems have had --- and in
many cases still have -- weak security.
"Up to two years ago, system administrators in the DOD were very likely
to have two or three other jobs and then become system administrators,"
he said. "You could have been the mess officer or the motor pool
officer and only then (became) the system administrator. Since Solar
Sunrise, that has started to change."
Other high-level officials from the Air Force, the DOD and the Federal
Computer Incident Response Center joined him in addressing the crowd,
and they didn't pull their punches.
"There are those things that are fine for education or curiosity, and
that's good. But those of you who do things for anarchy or for
destroying data -- there is no glory in being an asshole," said David
Jerrold, director of FedCIRC.
"Think about what you are doing and think of the methods you use to
publicize a security hole. Rather than post it on a chat line, pick up
the phone and call me."
In today's market, getting good security experts to work for the
government is a difficult job. Network security specialists working for
the government tend to make only a third of what their private-sector
counterparts get paid.
Instead, government jobs have other perks.
"We have got some of the most sophisticated toys in the world," said
Dick Schaefer, director of infrastructure and information assurance for
the DOD. "If you would like to get access to those toys and become a
part of a very elite team, we would like to talk to you"
Still, the call to arms did not mean the government will open wide its arms to all hackers.
Trust won't come easily, said Jim Christy, special assistant for law enforcement with the U.S. Air Force.
"Remember," he said. "In God we trust -- all others we polygraph."