Members of the hacker community are leery of working with the government and sharing their skills, if it means navigating through outdated regulations and being viewed as potential security risks.
Hackers and other computer experts willing to collaborate
with the Department of Homeland Security to bolster the nation's cyber-defense
are unable to do so because of red tape, according to the former head of the
Tom Ridge and Michael Chertoff, two former secretaries of
Homeland Security, joined current DHS boss Janet Napolitano to discuss the
evolution of threats facing the United States, including the challenges of
securing cyber-space. They expressed their views during a March 2 roundtable
discussion at Georgetown University, which was webcast by the Aspen Institute,
marked the department's eighth anniversary.
"The portfolio of threats is a lot broader," Ridge said.
There are a number of possible scary scenarios, including a sophisticated
hacker from another country breaking into the power grid or other critical
infrastructure and shutting things down, a Trojan that wipes out information on
government computers, or even steals sensitive documents stolen. The Department
of Defense and DHS
currently work together on cyber-defense.
"This is about risk management, not risk elimination. We
can't eliminate all risks," Chertoff said.
The federal government is short "tens of thousands of cyber
experts" and is aggressively hiring, according to NextGov
A former CIA official estimated that about 1,000 security experts in the nation
possess the skills to safeguard U.S. cyberspace, but the country needs about
30,000, according to Government
Napolitano said the DHS has direct authority to hire 1,000
Hackers are wary of working with the government because of
rules that restrict private individuals from engaging with the federal
government, Ridge said. The regulations pretty much say that people in the
private sector are not to be trusted because "heaven forbid, they might be
financially advantaged" with a contract or information, Ridge said. That kind of
thinking is outdated and policies need to be changed, he said.
"With the regulations associated with bringing in
private citizens-to sit side by side with the government in order to advance
a broader interest of security and safetyit is very, very difficult,"
Hackers may be afraid of the government, considering that
well-known security researchers such as Moxie Marlinspike, Jacob Appelbaum and
David House have ended up on watchlists and have had their laptops and
The regulations were originally written to handle "aberrant
behavior, somebody who might be misguided," and shouldn't be applied on private
individuals as the norm, Ridge said.
"We ought to just trust the Americans who want to work with
government and make it a lot easier to partner with us," he said.
In the State of the Union address, President Barack Obama
said agencies need to eliminate burdensome and outdated regulations.
Technology's rapid pace of change is also a challenge,
according to Napolitano. "By the time you're talking about something, they're
on to the next thing," said Napolitano. DHS will be stepping up recruiting
efforts at universities because "quite frankly, probably none of us are as
good at understanding [cyber] as somebody who's 20 years old," she said.
Napolitano said DHS attends hacker conventions such as Def
Con to recruit talent and see what techniques hackers are using. "People who
are really good, they have not thought about working for the government," she