<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<a
href="http://www.nytimes.com/2013/01/28/us/pentagon-to-beef-up-cybersecurity-force-to-counter-attacks.html?_r=0">http://www.nytimes.com/2013/01/28/us/pentagon-to-beef-up-cybersecurity-force-to-counter-attacks.html?_r=0</a><br>
<br>
Notably, they don't do all this staffing actually AT the Pentagon,
where they'd get to fight every contractor already trying to staff
up, and where people would get to enjoy the traffic. :><br>
<br>
<meta charset="utf-8">
<blockquote><i><span style="color: rgb(0, 0, 0); font-family:
georgia, 'times new roman', times, serif; font-size: 15px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: 22px; orphans: 2;
text-align: left; text-indent: 0px; text-transform: none;
white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-size-adjust: auto; -webkit-text-stroke-width:
0px; background-color: rgb(255, 255, 255); display: inline
!important; float: none;">As part of the expansion, officials
said the Pentagon was planning three different forces under
Cyber Command: “national mission forces” to protect computer
systems that support the nation’s power grid and critical
infrastructure; “combat mission forces” to plan and execute
attacks on adversaries; and “cyber protection forces” to
secure the Pentagon’s computer systems.</span></i><i><br>
<br>
</i></blockquote>
It's interesting they're building a team to secure critical
infrastructure before the groundwork has been laid legislatively to
use that team. <br>
<br>
Also - everyone focuses on "how to recruit X number of people", but
forgets that the Government doesn't really need huge farms of rock
star hackers and in fact, they prefer not to have them. Good
technologists who can work in a team are eminently findable and much
more valuable. <br>
<br>
Realistically, their problem is more managerial than technical. This
is a young field, and it's hard to find people who have the security
experience and management know-how (and actually want to do
management). Your basic Java program manager can't hack it (pun
intended).<br>
<br>
But without that, you're going to be building the tools you need
today, rather than the tools you'll need tomorrow. It's a fatal flaw
in most cases. Literally, in this case.<br>
<br>
-dave<br>
<br>
<pre class="moz-signature" cols="72">--
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
<a class="moz-txt-link-abbreviated" href="http://www.infiltratecon.com">www.infiltratecon.com</a>
</pre>
</body>
</html>