U.S. seeks patriotic computer geeks for help in cyber crisis

BOSTON Wed Oct 31, 2012 1:20pm EDT

Department of Homeland Security (DHS) researchers use advanced modeling and simulation equipment as they work on the DHS Control Systems Security Program (CSSP) in this handout photo taken April 28, 2010 at the Idaho National Laboratory in Idaho Falls, Idaho. REUTERS/Chris Morgan/Idaho National Laboratory

Department of Homeland Security (DHS) researchers use advanced modeling and simulation equipment as they work on the DHS Control Systems Security Program (CSSP) in this handout photo taken April 28, 2010 at the Idaho National Laboratory in Idaho Falls, Idaho.

Credit: Reuters/Chris Morgan/Idaho National Laboratory

Related Topics

BOSTON (Reuters) - The Department of Homeland Security is considering setting up a "Cyber Reserve" of computer security experts who could be called upon in the event of a crippling cyber attack.

The idea came from a task force the agency set up to address what has long been a weak spot - recruiting and retaining skilled cyber professionals who feel they can get better jobs and earn higher salaries, in the private sector.

"The status quo is not acceptable," DHS Deputy Secretary Jane Holl Lute told Reuters in a recent interview. "We are not standing around. There is a lot to do in cyber security."

Lute said she hopes to have a working model for a Cyber Reserve within a year, with the first members drawn from retired government employees now working for private companies. The reserve corps might later look to experts outside of government.

The United States has become increasingly vocal about the need to beef up cyber defenses as Iranian hackers have repeatedly attacked the nation's three biggest banks over the past year, raising the stakes in a long-running battle to protect private companies from digital attacks.

The detonation of a cyber "time bomb" at Saudi Arabia's state-owned oil company in August caused unprecedented damage at a private company, pulling 30,000 PCs out of service and raising concerns that similar attacks could occur in the United States.

Defense Secretary Leon Panetta said on October 11 that the country faces a potential "cyber Pearl Harbor" and that foreign groups have gained access to computer systems that control critical U.S. infrastructure, such as chemical, electricity and water plants.

The Department of Homeland Security has had trouble attracting and retaining top cyber talent since it was created after 9/11 in a massive merger of 22 agencies in 2002. In its early days, the DHS farmed out cyber work to contractors so it could quickly get systems running to improve national security.

As a result, the agency tends to award the most coveted cyber jobs to outside contractors. Those positions include forensics investigators, posts on "flyaway teams" that probe suspected cyber attacks and intelligence liaisons.

"It's not the money that makes people go to the contractors. It's the cool jobs," said Alan Paller, co-chair of the DHS task force. "People want the excitement."

The task force advised the DHS to give more exciting cyber work to government workers to help with retention.

NSA VS DHS

Over the past decade, only 3 percent of students who won scholarships through a prestigious government-funded program known as CyberCorps have taken jobs with DHS. In contrast, nearly a third chose the National Security Agency, according to the task force.

Tony Sager, a task force member and former NSA senior official, said the military intelligence agency has a strong "brand" that opens doors for recruiters.

"DHS doesn't have that sense of 'Wow,'" he said. "There are plenty of cool jobs at DHS. The job is identifying them."

The NSA has spent decades building cachet with university students through on-campus programs and, more recently, with children through cartoon puzzles on the Web. Once people join the NSA, they typically stay for a long time, said Sager, who retired this year after 34 years at the agency.

The DHS task force recommended it set up two-year cyber programs at community colleges to train large numbers of people and encourage military veterans to participate. Lute said the first of those programs could start next year.

Jeff Moss, who co-chairs the task force, said the community college programs would produce more graduates than needed, but the question is how many of them would want to work for DHS.

"Hopefully we'll get our fair share," said Moss, who founded the Def Con hacking convention 20 years ago during a summer break before he started law school.

The DHS may need to boost salaries as well. One former agency official who left government for a job with a private company said that some staff quit DHS jobs, then were immediately returned as employees for outside contractors.

"On Friday they are a government employee working making $80,000 a year. On Monday they are a contractor at the same desk and the government is paying them roughly $150,000," he said.

(Reporting By Jim Finkle; Editing by Tiffany Wu and Andre Grenon)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (2)
ARJTurgot2 wrote:
Ah, yet another cyber security initiative. My bet is Alan Paller throws up his hands and walks away within 6 months. The problem isn’t Paller, or the geeks, it’s the IT managers that run these shops, and especially the executives above them. DHS is a mess, Napolitano is a political hack and more than a bit weird. Start with that, and not much can be done, even by good guys like Paller. It’s a problem that can’t be spun, and most senior execs anymore don’t know much but spin.

Oct 31, 2012 2:52pm EDT  --  Report as abuse
tmc wrote:
Putt’s law: There are two types of people in IT. Those who manage what they don’t know, and those who know what they don’t manage.

Oct 31, 2012 4:52pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.