DHS Needs to Change Rules to Recruit Hackers into U.S. Security Agencies
Hackers and other computer experts willing to collaborate with the Department of Homeland Security to bolster the nation's cyber-defense are unable to do so because of red tape, according to the former head of the department.
Tom Ridge and Michael Chertoff, two former secretaries of Homeland Security, joined current DHS boss Janet Napolitano to discuss the evolution of threats facing the United States, including the challenges of securing cyber-space. They expressed their views during a March 2 roundtable discussion at Georgetown University, which was webcast by the Aspen Institute, marked the department's eighth anniversary.
"The portfolio of threats is a lot broader," Ridge said.
There are a number of possible scary scenarios, including a sophisticated hacker from another country breaking into the power grid or other critical infrastructure and shutting things down, a Trojan that wipes out information on government computers, or even steals sensitive documents stolen. The Department of Defense and DHS currently work together on cyber-defense.
"This is about risk management, not risk elimination. We can't eliminate all risks," Chertoff said.
The federal government is short "tens of thousands of cyber experts" and is aggressively hiring, according to NextGov. A former CIA official estimated that about 1,000 security experts in the nation possess the skills to safeguard U.S. cyberspace, but the country needs about 30,000, according to Government Executive.
Napolitano said the DHS has direct authority to hire 1,000 cyber-security specialists.
Hackers are wary of working with the government because of rules that restrict private individuals from engaging with the federal government, Ridge said. The regulations pretty much say that people in the private sector are not to be trusted because "heaven forbid, they might be financially advantaged" with a contract or information, Ridge said. That kind of thinking is outdated and policies need to be changed, he said.
"With the regulations associated with bringing in private citizens-to sit side by side with the government in order to advance a broader interest of security and safetyit is very, very difficult," Ridge said.
Hackers may be afraid of the government, considering that well-known security researchers such as Moxie Marlinspike, Jacob Appelbaum and David House have ended up on watchlists and have had their laptops and cellphones searched.
The regulations were originally written to handle "aberrant behavior, somebody who might be misguided," and shouldn't be applied on private individuals as the norm, Ridge said.
"We ought to just trust the Americans who want to work with government and make it a lot easier to partner with us," he said.
In the State of the Union address, President Barack Obama said agencies need to eliminate burdensome and outdated regulations.
Technology's rapid pace of change is also a challenge, according to Napolitano. "By the time you're talking about something, they're on to the next thing," said Napolitano. DHS will be stepping up recruiting efforts at universities because "quite frankly, probably none of us are as good at understanding [cyber] as somebody who's 20 years old," she said.
Napolitano said DHS attends hacker conventions such as Def Con to recruit talent and see what techniques hackers are using. "People who are really good, they have not thought about working for the government," she said.