Secretary of Defense Robert Gates said earlier this year that the Department of Defense (DoD) must be able to
train 200 cyber security experts, up from 80 now. How about the whole U.S.
“We are conducting a national competition and talent search to find 10,000 security experts for the entire government,” James Christy, director of future exploration (FX) at the Defense Cyber Crime Center (DC3) and a former security officer in the Air Force told InternetNews.com.
He added that the original plans, which called for a national cyber Olympics, have been scaled back but that existing contents, such as the DC3’s Digital Forensics Challenge, which he runs, are expanding.
“Anybody can apply but only U.S. citizens in the continental U.S. can win,” he said. He explained the rule was originally instated four years ago when the program had little money and could not afford plane fare for people from Alaska or Hawaii.
Last year, the challenge had 199 participants, 19 of which submitted solutions. This year, 389 teams have already registered and the deadline for submitting solutions is November 2, 2009, so additional teams can register.
“The winning team, up to four members, gets a trip to our conference in St. Louis and we give them a plaque and then they have the opportunity to present their solutions to the group.”
A separate award for teams from high schools is sponsored by the SANS Institute (SysAdmin, Audit, Network, Security), he added.
A third award is sponsored by members of CyberWATCH, a group of schools located in Maryland and Virginia that will hold their first digital forensics training session on June 15 at the University of Maryland, College Park.
That CyberWATCH training session illustrates why the government is sponsoring the contest. “The whole idea is to develop new tools and technology and to get people more excited about the field and sharing information about it,” said Christy.
He acknowledged that some in the intelligence community would prefer that information not be shared. “I see it as a question of defense versus offense. And as a cop, I think defense comes first,” he said.
He added that a few years ago someone in the intelligence community told him that they were upset that a specific CD cracking technique was made public during the challenge because the intelligence community had known about it for years and had been using it.
“I said, ‘you didn’t tell us that.’ When we don’t know things, we have to re-create the wheel. We don’t do that. We share information with law enforcement and with the digital forensics community,” he said.
Because technology changes so fast, keeping secrets serves no purpose.
“The shelf life of these techniques is so short that they’re obsolete in a year or two,” Christy said. Sharing information helps victims, which is “defense.” Not sharing information helps the intelligence community compromise enemy systems, which is “offense.”
Christy encouraged anyone who is interested to apply. He said the team can evaluate 100 solutions but does not expect to receive that many. “We tell them to submit them early but they generally submit them they day before they’re due because they cannot solve them all,” he said. “Some are pretty hard.”
Challenges are ranked in four levels: 100 for novice, 200 for skilled, 300 for expert and 400 for genius. Some challenges are things that the government would like to be able to do better or faster and others feature riddles the government has been unable to crack. Others are challenges that the government understands well but believes should be a part of any Digital Forensics curriculum.
At press time, participating teams included 10 high school student teams,
61 undergraduate student teams, 28 graduate student teams, 194 individuals,
28 corporate teams, 20 government teams and 17 military teams. Participants were from every state except four: New Mexico, South Dakota, Wyoming and Montana. International teams came from places as diverse as India, Svalbard, Argentina, New Zealand and Chad.