What happens when you bring together some of the nation’s leading hackers, the Pentagon’s chief of training and an Air Force Academy professor who teaches cyber skills to cadets? They all agree on one thing: The government’s approach to cyber security is coming up short.
They sat on the dais, an unusual assortment of experts at a conference for military simulation and training experts. No prepared speeches, just a wide open Q&A.
Their message in three bullets:
- You can’t teach cyber defense without a thorough understanding and expertise in cyber offense
- Cyber is all about breaking the rules. If you try to break cyber defense into a series of check-box requirements, you will fail
- The Fifth Domain, as cyber is sometimes called in the military (joining air, land, sea and space) is not like the others. There is no high ground and the weapon you wield today may not even exist tomorrow
In the center was Frank DiGiovanni, director of Force Readiness and Training at the Pentagon, joined on his far left by Martin Carlisle, professor of computer science at the Air Force Academy. Sharing that stage were three of the best-known ethical hackers in the business: Jeff Moss, founder of Black Hat and DefCon, the two best-known annual hacker conferences; John Rigney, co-founder of Point3 Security, a Maryland cyber firm, who says he made his first hack at age 8; and Brian Markus, CEO of Aries Security, best known for his “Wall of Sheep” – an annual rite at the DefCon event, where he posts the names of all who have exposed themselves to security cyber hacks while attending the conference, which brings together some of the world’s top hacking talent.
What these five know about cyber security – or how to defeat it – can’t be cataloged. Indeed, part of their message is that cyber security, or cyber warfare, is so fluid, so rapidly evolving, that trying to define it or contain it is essentially impossible.
The government and industry are both in a quandary over the cyber challenge, partly because it’s unclear where their missions start and stop. America is fighting its cyber battles like the British fought in the American Revolution, he said. Back then, the British fought out in the open, following a well-drilled formula for combat. The Americans countered with guerilla warfare, fighting from the woods.
By limiting most of our defenders to defense-only approaches, the United States is effectively fighting while hand-cuffed. Cyber attackers, on the other hand, whether criminals or nation states, are playing without rules.
Read more at Nextgov