Wednesday, May 06, 2009

General Dynamics, and Armed Forces Branches will be looking for "ethical hackers"; need to understand "social engineering" was well as technology


General Dynamics is looking for candidates who can “think like hackers” for a contract helping unspecified US government agencies strengthen security. The NBC Washington story (April 18, 20090 is here. It has the funny title, “U.S. hiring hackers for protection”. One of the job postings for a “Sr. Ethical Hacker TS/SCI” is here. The position is in Chantilly, VA. Most of these jobs require established clearances, but new applicants with very specialized knowledge might be needed. Again, some people say “I’ve been programming since I was 12.”

Although it’s pretty obvious what the infrastructure components are, it’s no so clear why some of them would be vulnerable. Many components, like the Pentagon, the FAA, and electric power grids, should be completely inaccessible from the “public” Internet (despite dire reports of vulnerability ever since early 2002). A big problem is control of components falling into wrong hands (as in Pakistan).

However, hackers could undermine the infrastructure credibility in other asymmetric ways, such as coming up with schemes to frame ordinary users for crimes. Carelessness and triggerhappiness of some prosecutors around the country has been a problem (as in my Internet Safety blog). But another is a lack of completely reliable source identification, as email senders, which are so obviously spoofed. A lot of work needs to be done with social engineering and with legal processing and legal concepts as well as just computer code.

Anti-virus software has gotten more complicated, and more vulnerable to failure (or to false positives) because of increasing complexity of operating systems and interaction with other products, as well as with “mutating” worms and viruses.

The Army is going to create a new command for digital warfare, either at Edgewood Arsenal, MD or Fort Meade MD (or both), according to an NBC story May 5, link here. Obviously, this would lead to civilian openings similar to those at General Dynamics.

No comments: