Department of Defense Internet systems, increasingly under attack, are now being equipped to fight back, sort of.
Taking a page from the corporate playbook, the Pentagon is sending off many of its programmers and Internet engineers to take classes in how to hack into the Pentagon.
Not just the Pentagon, but any corporate, or private, network. It’s long been common for Internet security personnel to test their defenses by attacking them. Some “white hat hackers” (as opposed to the evil “black hat hackers”) made a very good living selling their attack skills, to reveal flaws, or confirm defenses.
Seven years ago, this was standardized with the establishment of the EC (E Commerce Consultants) Council, which certified who were known and qualified white hat hackers. This made it easier for white hats to get work, and for companies to find qualified, and trustworthy, hackers to help with network security. Now the Department of Defense is paying to get members of its Internet security staff certified as white hats, or at least trained to be able to do what the black hats do. While many in the Department of Defense have been calling for a more attack-minded posture, when it comes to those who are constantly attacking Pentagon networks, the best that can be done right now is to train more insiders to think, and operate, like outsiders.
Do you think giving access to any ‘hat’ whatever the color is good idea?