×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DARPA Training Cadets and Midshipmen As Cyber Warriors

Unknown Lamer posted about 2 months ago | from the reverse-engineering-is-acrime dept.

Security 65

An anonymous reader writes "DARPA officials say the Defense Department must train 4,000 cybersecurity experts by 2017. Meeting that goal requires building a pipeline for training and education, especially for future officers who'll oversee protection of the cyber domain. During a winter weekend in Pittsburgh, more than 50 cadets and midshipmen from three service academies sat elbow to elbow at nine round tables in a packed room. They'd been training since November to compete in a pilot program of the Defense Advanced Research Projects Agency called the Service Academy Cyber Stakes. From the article: 'This involves skills such as being able to reverse engineer binary, or machine-readable, files and, Ragsdale said, finding source-code-level vulnerabilities that could be exploited, and doing so with software source-level analysis and with automated tools that perform functions such as fuzzing, the informal name for automatic bug finding."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

65 comments

warriors or experts? (1)

turkeydance (1266624) | about 2 months ago | (#46272317)

or future officers?

Re:warriors or experts? (1)

tomhath (637240) | about 2 months ago | (#46272347)

Those are not mutually exclusive, if that's what you're asking.

Re:warriors or experts? (4, Informative)

khasim (1285) | about 2 months ago | (#46272417)

While not mutually exclusive, they are not convergent in training.

So you cannot, usually, take the average military academy cadet and include some programming classes and some network security classes and expect to get an officer who is competent in computer security.

The exceptions being those cadets who were already programming while they were in high school (or earlier).

The problem with those early programmers is that they were immature kids back then so many of them will be excluded from the academies because of broken laws or group associations.

Re:warriors or experts? (-1)

Anonymous Coward | about 2 months ago | (#46272761)

* Rolls Eyes *

That is one hell of a massive, impulsive, and presumptuous categorization.

And just to expand on this a little (0)

Anonymous Coward | about 2 months ago | (#46275263)

I agree with the eye roll. Some of them may have started in November, but it's not just classes. And, Dan Ragsdale just might have a clue about how to train them. He's pretty good in his own right. Take a look at the civilian variant, CCDC.

Re:warriors or experts? (3, Insightful)

feedayeen (1322473) | about 2 months ago | (#46272945)

We need to kill the dumbass myth that the best programmers started when they're in diapers. The exception isn't the kid who've been making simple games for the last 6 years before academy or college, that's simply a kid who has 6 years more experience with loops, conditionals, and a handful of calls that can draw sprites onto the screen. A good student should be able to understand and properly apply those concepts in a few months and now their at the same level here. A great student is one who knows how to learn things that have not been taught to him. While the kid who taught himself programming in middle-school has this attribute, he's not the only one in the world who does.

Re:warriors or experts? (2)

khasim (1285) | about 2 months ago | (#46273027)

We need to kill the dumbass myth that the best programmers started when they're in diapers.

They didn't start "in diapers". They are the ones that have put a couple thousand hours in already.

A good student should be able to understand and properly apply those concepts in a few months and now their at the same level here.

I think that the easiest counter to that is the Linux kernel and the people who have been working on that for more than a two decades.

There is no way that someone with "a few months" of classes is anywhere near Linus (or the rest) in terms of skill.

There is something to be said for an "expert" being someone who has done something for 10,000 hours.

10000 hours is BS (0)

Anonymous Coward | about 2 months ago | (#46273123)

There is no way that someone with "a few months" of classes is anywhere near Linus (or the rest) in terms of skill.

There is something to be said for an "expert" being someone who has done something for 10,000 hours.

There's nothing magical about 10000 hours, if you are basing this on Gladwell's 10000 hours = expert thing, then you should know that it's BS

Re:warriors or experts? (0)

Anonymous Coward | about 2 months ago | (#46273673)

Thr kid who started at 10-12 most likely had an innate interest or fascination with programming (ie- short attention span children need not apply). Most that I saw that started later in life (not all, but most) were the "I need to pick a major/career that pays well / quick path to $$$" variety.

Both (1)

cyberhooligan77 (2612877) | about 2 months ago | (#46280551)

I started wih programming, at 14, while most of my classmates at Collegue, even touched a computer. They just hear the "Computer Science" hype. I.T. wasn't considered a well paid career, yet.

Interest in programming, is as good as years of experiences. It does help to some extra years of experience, than others.

By the way, even that I was fascinated by computers / programmers, I do have certified short atention problem: ADDH. Cheers.

Re:warriors or experts? (1)

Vitriol+Angst (458300) | about 2 months ago | (#46273757)

We need to kill the dumbass myth that the best programmers started when they're in diapers.

You aren't going to kill that myth until you can beat the kid who grew up programming. I think anyone can become competent. But the people who push boundaries are naturally curious at a young age. Those people who reverse engineered their computer games. People like Steve Wozniak for instance -- he didn't learn most of what he knows in schools. He was hacking cable boxes and tricking long distance dial tones.

Especially when it comes to cyber security. A person has to get down and not take for granted what signals are getting passed.

Re:warriors or experts? (1)

cold fjord (826450) | about 2 months ago | (#46273137)

The US military academies are engineering schools (though they offer other majors as well) and ROTC cadets are also often science or engineering majors. I don't think that achieving a reasonable level of effectiveness over four years is that big of a hurdle, especially if there is follow-on training either over the summers or after graduation.

Re:warriors or experts? (1)

Vitriol+Angst (458300) | about 2 months ago | (#46273727)

That was my first thought. The truly great hackers and programmers are going to be people who have been poking sticks into electronics since they were kids.

Sure, someone who can read binary and train and do what they are wanting them to learn can get much better -- but that will be a few thousand people covering the same skills as the instructor -- what you want is people who are looking at things nobody else is looking at. 4,000 people who can find the same exploit is 3,999 to many.

On the plus side, this makes me feel a bit more at ease with an overbearing paranoid government -- at least they aren't competent at being overbearing.

Re:warriors or experts? (1)

djschematic (3542609) | about 2 months ago | (#46279051)

What you said is probably true for the *average* cadet or midshipman. However, I'm assuming this was a volunteer competition, thus the competitors likely skewed toward the technical majors. It appears that at least Annapolis has a CS curriculum.

I'd recommend DARPA expand the scope of this competition to ROTC cadets and middies. There are plenty of top-tier CS schools that either host an ROTC unit (e.g. Berkeley) or have a cross-campus agreement with one (e.g. Stanford).

Some obvious problems with any approach. First being that people join the military for many reasons, and joining a "cyber warfare" unit isn't typically one of them. Even as a CS graduate, I'd be hard pressed to trade my few years as a line officer for being in one of these cyber units. Second, a decent CS graduate doesn't necessarily make a computer and network security expert. Shit, look at the security issues we encounter in the software world on a daily basis (I do not exclude myself from fault here). I think it takes years of experience too, and like others have mentioned, probably helps a ton to have been a black hat.

They really are mutually exclusive (0)

Anonymous Coward | about 2 months ago | (#46272977)

They really are mutually exclusive-

Warriors = NCOs
Experts = Warrant Officer
Cadets = Future Officers

Re:They really are mutually exclusive (1)

cold fjord (826450) | about 2 months ago | (#46273173)

Warrant Officers fly attack helicopters.
Officers lead infantry, armor, field artillery, aviation, engineers, and other combat and combat support units.

Both officers and warrant officers are indeed warriors.

Hellz (0)

Anonymous Coward | about 2 months ago | (#46275677)

Warrant Officers fly attack helicopters. --- wrong, they are specialized Soldiers who are experts in thier fields i.e aviation, singal (computers & Networking) Egineers ect... a Warrant Officer is not limited to just flying

Officers lead infantry, armor, field artillery, aviation, engineers, and other combat and combat support units.

Both officers and warrant officers are indeed warriors.

Re:warriors or experts? (0)

Anonymous Coward | about 2 months ago | (#46273293)

Or the next Edward Snowden.

Re:warriors or experts? (0)

Anonymous Coward | about 2 months ago | (#46274793)

More likely the one who sends the next Snowden to prison for life.

Good luck (2)

ark1 (873448) | about 2 months ago | (#46272361)

I hope they will offer pay equivalent to the skill level they seek.

Re:Good luck (1)

Guppy06 (410832) | about 2 months ago | (#46272527)

By being in a federal academy, their pay is "free college" and they are expected to put in a number of years of service after graduation because of it.

Re:Good luck (1)

dave562 (969951) | about 2 months ago | (#46272539)

Before they then rotate out into the private sector and start making the big bucks.

Re:Good luck (1)

schneidafunk (795759) | about 2 months ago | (#46272701)

Exactly. I ended up working for the airforce as an intern (civilian contractor) during my college years, studying computer science. I learned more on the job than my years in school and with the references and resume builder to boot. I left with the experience and credentials to enter the private sector with a huge advantage over other new graduates. I would highly recommend the same path to any young person.

Retention Pay (0)

Anonymous Coward | about 2 months ago | (#46272993)

It's (not) surprising how retention pay hasn't come up. They do it for aviators and last time I checked, there isn't a huge demand for them out here in the civilian world.

Re:Good luck (1)

Anonymous Coward | about 2 months ago | (#46273395)

A H-1B with a full CCIE will work for $16,000 a year and be damn happy with that salary. That is not a good thing to hope for...

Re:Good luck (1)

AmiMoJo (196126) | about 2 months ago | (#46274627)

I imagine a lot of people will be signing up so they can get military grade training and then after a few years move into a well paid private sector job,

Military Electronics Expertise (0)

Anonymous Coward | about 2 months ago | (#46272373)

Contrary to popular belief they don't have the best and brightest in these programs...

Re:Military Electronics Expertise (1)

cavreader (1903280) | about 2 months ago | (#46273429)

They might not have a monopoly on the best and brightest but those accepted to the Naval Academy and West Point are way above your average freshman. One example. The vast majority of America's advanced fighter pilots have degrees in Engineering, Physics, or Computer Science which plays a big part in the candidate selection process.

Re:Military Electronics Expertise (0)

Anonymous Coward | about 2 months ago | (#46273913)

Air Force guy here. All of the pilots I've met have degrees in history, criminal justice, management, etc.

so teaching metasploit then? (0)

Anonymous Coward | about 2 months ago | (#46272403)

What I want to know is if I can use my 15 years of computer security experience to get a nice fat check from DARPA.

Re:so teaching metasploit then? (1)

plover (150551) | about 2 months ago | (#46273419)

Maybe. If you're a good teacher, it's possible they could use you. Why not check them out?

What are you still doing here? (-1, Offtopic)

Anonymous Coward | about 2 months ago | (#46272469)

Soylent News is People!
 
  Soylent News [soylentnews.org]

Re:What are you still doing here? (0)

Anonymous Coward | about 2 months ago | (#46273833)

Mod parent up.

A++++ would eat again

What are you still doing here? (0)

Anonymous Coward | about 2 months ago | (#46280059)

Avoiding all the whiny bitches

Won't happen anytime soon. (2)

MindPrison (864299) | about 2 months ago | (#46272503)

For the same reasons you won't find real hackers in the police force, you won't find them anytime soon in the military either. The best hackers don't do it for political reasons, they do it because they enjoy a challenge. Generally, hackers tend to hate warmongers AFAIK.

I've never ever encountered a REAL knowledgeable hacker in the police force, not even in their cybercrime division. This is due to the fact that most of them, are schoolboys who have a degree in computer science & programming...unfortunately - the most difficult stuff, can't be taught in classes, this comes from YEARS of actual real-life practice and experience.

I do believe NSA have some serious badboys working for them however, but these are probably semi-skilled hackers who bragged too much, made a few mistakes - and are held captive by their own past. But you'll never ever find the best ones, because they don't brag about their achievements.

Re:Won't happen anytime soon. (1)

Trax3001BBS (2368736) | about 2 months ago | (#46272615)

I've never ever encountered a REAL knowledgeable hacker in the police force, not even in their cybercrime division. This is due to the fact that most of them, are schoolboys who have a degree in computer science & programming...unfortunately - the most difficult stuff, can't be taught in classes, this comes from YEARS of actual real-life practice and experience.

And there it is, and why the civilian force will always be ahead of the curve.

Sock puppets and beyond (1)

AHuxley (892839) | about 2 months ago | (#46272837)

Look at the sock puppets we get on slashdot :)
Pentagon Spokesman: Public Affairs Must Change With Times (Jul. 25, 2013)
http://www.defense.gov/News/Ne... [defense.gov]
"We must communicate with the American public in crisp and memorable lines that deliver a clear and accurate message,”"
Expect to see a lot of hints of new options to shape the flow of information and public opinion in the next few years.
Blocking select servers, the turning of online activists into "busy work" or traps
"Jeremy Hammond: FBI directed my attacks on foreign government sites":
http://www.theguardian.com/wor... [theguardian.com]
All this will require an inner cadre of new people skilled with the slang, memes and culture to enter and thrive in different online communities building trust, spreading disinformation long term.
Why new people? They may know nothing but a constant war on a tactic and may find aspects of 'privacy' i.e. the domestic legal protections are historical/just red tape/understood talking points to them.
Think of it a cyber 'cannon fodder' for 1000's of sites, chatrooms, forums been flooded with 1000's of unique new/old user names to spread disinformation.
"Revealed: US spy operation that manipulates social media" (18 March 2011)
http://www.theguardian.com/tec... [theguardian.com]
to "From Twitter with love: American spies snooping on our social media feeds" Feb 17, 2014
http://www.mirror.co.uk/news/t... [mirror.co.uk]
also see http://cryptome.org/2014/02/ar... [cryptome.org]

But the biggest difference ... (2)

khasim (1285) | about 2 months ago | (#46273311)

For the same reasons you won't find real hackers in the police force, you won't find them anytime soon in the military either.

The first problem is that their recruitment/training policies aren't designed for that.

Stephen Hawking would have difficult time being accepted to any military academy.

I do believe NSA have some serious badboys working for them however, but these are probably semi-skilled hackers who bragged too much, made a few mistakes - and are held captive by their own past.

The NSA does not discriminate on whether you can pass a physical fitness test. Stephen Hawking, were he so inclined, would probably at least get an interview there.

It's not that you cannot have a physically fit hacker. They do exist.

But when the recruitment criteria STARTS with physical capabilities, then you have problems because you're reducing the pool of applicants on the WRONG criteria.

Physical Test does matter (1)

cyberhooligan77 (2612877) | about 2 months ago | (#46281179)

Agree, two of the main things that get into conflict, in having goverment cyberwarriors, are mindset & physical fitness.

Even than the goverment could built a goverment a desk job cyber unit, sooner, or later, may need a cyberwarrior unit, where people does know how to hack a network, run some miles carring 40 lbs, and, so on, Geek soldiers, that does do geek stuff, and does do military stuff, at the same time (not just playing Medal of Honor video games).

As a geek whom got interested in the military, can say that the physical stuff wasn't easy, and, the only thing thing that keep me going, is that I am very stubborn.

Re:Won't happen anytime soon. (1)

tomhath (637240) | about 2 months ago | (#46274807)

However, it appears that the NSA (and presumably other three-letter agencies) are pretty good at it.

Hacker vs Good Programmer (1)

cyberhooligan77 (2612877) | about 2 months ago | (#46280707)

I personally disagree on matching "Hacker equals Good Programmer", there are several things that may match, while others don't.

I consider myself a good programmer, I hate the hacker stereotype, yet, I constantly get labeled as a Hacker, even, if I have never cracked a password, and never enter on a network, or any of that kind of stuff.

But, I agree than both hackers & bright programmers, require certains skills that a Collegue or University, cannot provide. And the "out of the box" or "Daredevil" mentality that Goverment institutions mindset crash.

I never consider the existance of the "semihackers", before, but, i got the idea.

Real subject matter (1)

dave562 (969951) | about 2 months ago | (#46272551)

It is good to see that they are teaching them real subject matter, like binary disassembly and source code analysis. When I first read the headline, I was afraid that they were just turning out script kiddies.

Re:Real subject matter (1)

ark1 (873448) | about 2 months ago | (#46272625)

Historically, the military in many areas is not far from script kiddies if you think about it. Private sector creates weapons, the military points and pulls the trigger. Good to see them training in what is definitely not easy to learn (reversing/crypto).

Makes sense (0)

Anonymous Coward | about 2 months ago | (#46272569)

Makes sense, it's easier to teach these guys the required skills than to put any discipline or personal hygiene into your average nerd.

Childish (-1)

Anonymous Coward | about 2 months ago | (#46272657)

If the intent is going to be to cyberattack other countries or groups, then this is childish, plain and simple. Might does not make right, and we should use diplomacy to solve our problems. Even so, we don't need the Internet to be some sort of battlefield.

Re:Childish (0)

Anonymous Coward | about 2 months ago | (#46273841)

Might does not make right

Since when, exactly? Might has always made right.

we should use diplomacy to solve our problems

I'm afraid I have to Godwin this immediately and agree with your idea to give up the Sudetenland. That'll certainly work and bring a long-lasting peace.

OMG - Academies teach CS! (0)

Overzeetop (214511) | about 2 months ago | (#46272845)

Really? Now we're surprised that part of a college Comp Sci degree at a military academy includes training in military applications of coding?

I've got a hot tip for you: they also teach them to shoot guns in college. I know - fucking insane, isn't it? It's like there's a whole secret government department that does nothing but think up ways to kill and disable people and infrastructure! Except, you know, it's not really secret.

Yeah this sounds totally efficient. (1)

Gumbercules!! (1158841) | about 2 months ago | (#46272903)

Or... they could just not build insecure systems directly connected to the internet?

Ok, ok, I know that nothing is ever totally safe and the Natanz reactor in Iran was hacked without being connected to the internet but surely, better design, better systems management and better monitoring, etc, would reduce the need for such an astronomical number of heads, just sitting in a chair all day watching logs or looking for bugs in code? And you can be quite sure some idiot will still run an out of date flash or java on their IE browser and plenty of small areas will still get subcontractors in to manage domains, scripts, small programs etc and they'll be under the radar.

Sounds like the modern equivalent of the industrial revolution - just pay a huge number of plebs to do menial tasks. Somehow I doubt this will stop a bugged monitor cable, supplied by the NSA, from doing what it does.

Cyber (0)

Anonymous Coward | about 2 months ago | (#46272921)

The 80's called, they want their cheesy words back.
Back to my cyber sex.

Already Existed (0)

Anonymous Coward | about 2 months ago | (#46273005)

The Air Force already had a program like this. It was called Advanced Cyber Education and ran for a few years before it was cancelled last year due to lack of funding. The main difference I can see was it mainly aimed at ROTC cadets/midshipmen instead of the Academies. So now we have a new program that must be developed because the old one was cancelled.

Sounds to me like someone thought of the idea again. But this time positioned it for the Good Ol' Boys club that are the Academies.

Experts? (0)

Anonymous Coward | about 2 months ago | (#46273197)

4000 security experts, totally doable.

A single expert in 3 years? If that's the standard then no wonder American security interests are getting hacked like corn.

And if the people advising the decision makers AND the decision makers reckon three years makes an expert?

Your staff are only as experienced as the ones deciding if they are or not and it sounds like they've got some right Apple fanboy's calling the shots.

Why not cyber defense? (2)

king neckbeard (1801738) | about 2 months ago | (#46273223)

Why not focus those efforts on helping secure platforms from those same techniques? You know, so we can help avoid the next Target debacle and the economic damages that come with it. I know it's not as sexy, but it will be better for everyone.

warriors,protectors.... (0)

Anonymous Coward | about 2 months ago | (#46273435)

of the digital domains, or the next evolution of the modern Amerikan Gestapo...what will they actually be protecting and who will they be "warriors" against?

The state of computer security .. (0)

Anonymous Coward | about 2 months ago | (#46274139)

Lets face it, "computer" security is fundamentally broken, it's time to bin the current model and start again from scratch ..

hey (0)

Anonymous Coward | about 2 months ago | (#46274307)

I'm in! Where do I apply for that? :D

May be better at it than you think (0)

Anonymous Coward | about 2 months ago | (#46276539)

There seems to be an awful lot of under rating the potential of the cadets and midshipmen, and much of that appears to be motivated by everything other than the facts. When you really get to know them, you'll find there is a whole lot more variability in the corps than the cartoon images created in the comments.
Some of these kids have been programming and using computers since they were in diapers. Yes they all do have to meet basic physical standards, but there is nothing about programming that precludes that. In fact, fitness has been proven to help the intellect (imagine how much better those couch potato programmers could be if they good off their fat butts?). The intellectual challenge of getting into the academies is even harder than the physical challenge and it is competitive, not just having to meet a certain level as with the physical. And then beyond that, they expect you to be engaged with the people around you.
So now take these already select people and put them in an intense academic program (count the number of Rhodes and other scholars) with more than just a few programming courses. They are going to come out with a pretty strong ability even if they haven't been programming since wearing diapers.
Now compare them to the basement dwelling hacker - They'll have developed more of their intellectual ability, they'll have been exposed to a much broader base of knowledge due to the curricula of the academies, they'll know a broad base the theory of programming (as opposed to the self-taught hacker who knows tools or a language and only as much of the theory as they had to learn or were interested in), they'll be fit enough to go at it for days on end, they'll understand strategy and tactics and be able to apply those to code and IS, and more than anything, they'll have the discipline to take a well structured approach, to keep at it when it gets tough, and to persevere when there is no obvious answer.

Dear U.S. Military (1)

SCHecklerX (229973) | about 2 months ago | (#46277317)

Please stop with the 'cyber' shit. It's already difficult enough to take you seriously without your use of this nonsensical prefix for all things computer and network related.

Zoom Group (1)

zoomgroup123 (3540829) | about 2 months ago | (#46278371)

MCITP Training, Online CCIE Training, Online Ethical Hacking Training, Online CCNP Training, Online MCSE Training, Online CCNA Training, Online Linux Training, Online Cisco Training, Online VMware Training and more offered by Zoom Technologies by highly proficient CISCO certified experts - Hyderabad, India. Visit http://zoomgroup.com/ [zoomgroup.com]
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...