Lately, there has been a great deal of media attention dedicated to the risk our country faces from cyber-threats. The Secretary from the Department of Homeland Security, from Secretary of Defense and the Director of the C.I.A. have all been very vocal about their concern and the current inability of America to defend their infrastructure from online threats.
This article from the New York Times discusses the problem that D.H.S. faces in recruiting people who are capable of improving our digital defense from these threats. Of the hackers who do choose to join the government, many go to work for the National Security Agency, where they can focus on offensive digital strategies and intelligence collection. Convincing qualified hackers to join D.H.S. is a harder problem as their role is focused on playing defense, which is a great deal “less sexy,” but arguably exponentially more important as our nation’s water supply, power grid and transportation are all controlled through the internet.
My first question to the class is focused on the ability of D.H.S. to recruit young talent. With the extreme valuations of start-up tech companies, the opportunity to sell a start-up to a larger existing company like Facebook or Google at extreme prices and the nature of this personality to thrive in unstructured environments, how can our government communicate with this talent pool to attract them to government service?
One method that the government is attempting is to make recruiting these individuals into a game. The concept of Gamification is often used by companies to drive readers to spend a longer amount of time on their site and hopefully transition that time into sales, but will it work in the public sector? D.H.S. is hosting competitions and recruiting from events designed to see how good hackers are at entering sites, hacking into the administrator’s account, and flagging vulnerabilities. This is an approach that openly occurs in China by the People’s Liberation Army to recruit the next generation of their cyber-warriors. This approach though hasn’t led to the results people hoped for initially.
To quote one of the people quoted in the article, “Everything’s slower, there’s budget cuts and bureaucracy everywhere and you can’t talk about what you do,” Mr. Jaska added. “It just doesn’t seem like as much fun.” This represents a serious problem of perception for the government to overcome.
The second question to the class is focused on where many of these threats originate. I feel that it has become common knowledge that the initial way into another computer system for a hacker often begins with a user opening a link and unknowingly installing a script of code on their computer. How often do members of the class open links sent to them through social media channels from a contact that they don’t know personally?