Technology Review
Cyber-defense and capture-the-flag contests will help train future defenders of cyberspace.
In the 1950s, shocked by the Russians' launch of Sputnik, the United States embarked on an initiative to boost its numbers of scientists and engineers. Now, private industry, academics, and government agencies are banding together to create a similar push to educate and train at least 10,000 students to become the future defenders of cyberspace.
On Monday, the Center for Strategic and International Studies, the SANS Institute, the U.S. Department of Defense (DoD), and several university and private-industry partners plan to announce the U.S. Cyber Challenge, a triathlon of competitions designed to inspire students to learn the technical skills needed to defend--and, in some cases, attack--computer networks.
Alan Paller, director of research for the SANS Institute, an organization that educates and trains system administrators and computer engineers, says that schools aren't turning out enough students with the technical know-how to defend critical networks. "This shortage is as tough as the shortage of scientific people we had in the 1950s," Paller says. "The country has about 1,000 people that could compete in a cyber competition at a high level today. We actually need between 20,000 and 30,000."
The consortium behind the U.S. Cyber Challenge hopes that the competitions will boost interest in practical network-administration and computer-security skills. The aim is "training and developing that workforce and getting people excited about digital forensics and training them to work for us," says Jim Christy, director of future exploration for the U.S. Department of Defense's Cyber Crime Center (DC3).
The U.S. Cyber Challenge brings together three competitions under a single umbrella. First is the DC3's Digital Forensics Competition, which pits teams against one another to solve a number of puzzles that an expert might come across when investigating a crime. For example, entrants have to analyze file signatures, check out suspicious software, decrypt files without the password, and parse header files for interesting information. The competition has already proven extremely popular: Nearly 600 teams have registered so far this year, compared to 199 teams last year. The DoD is also considering offering a massive cash prize, up to $1 million, to increase interest in solving the top level of problems: challenges with no known current solution, such as getting data off a severely damaged hard drive.
The second contest is a capture-the-flag competition run by the SANS Institute and designed for college students and high-achieving high-school students. Known as NetWars, the competition is played on a virtual private network over the Internet, using a custom operating-system image created by a small group that runs the game. Teams get points for attacking other teams' virtual machines and controlling certain services and files--the "flags."
The attacks are evidence of a growing political motivation among hackers.
A conference on cyber warfare in Tel Aviv reveals Israel's weaknesses—but a strategy to solve them is already in hand.
Fighting crime is the first step to avoiding cyberwar, he tells a Russian panel.
And you want a degree to prove that you know something ..?
I already make more than entry level positions of the type described pay, even though I don't have a degree. However anyone who hopes to get employment as a cyber combatant with the government or any established company will definitely need one. Purchasing a dozen or so books and lots of practice combined with research on the internet will give you as much knowledge as S.A.N.S. courses will enabling someone to save $50,000. It's not me who says that certification is the way to go.
But anyway thanks for the kind and constructive comment.
Wonder if any of the govt CyberBureaucrats have considered that foreign nationals of dubious allegiance to the US are enrolled at the colleges participating in these war games (or hey participating directly from their homelands over the internet)...
Might be freely training the next set of hombres to hack the plans for the F-22...
Concrete Academic Curriculum,a necessity.
Federal Government must seek to develop
a sound and befitting curriculum that
raises this training level to an undergraduate
degree status.
Afterall, cyber world has not
only come to stay with human society,
but conspicuously emerging as
an eventual inevitable communication,
information, educational and
interactive forum for humanity.
Contrary to perceptions of other
folks, cyber globalization compels
absolute need to encompass and work
with other nations around the world
in developing a streamlined and
standardized curriculum that
stands the test of any accreditation.
Undoubtedly, invaluable contributions
in the design of such a curriculum, can
flow from me,if and when, contacted.
Cyber insecurity and crimes
metamorphose into different forms,
unimaginable, every day. This is why
it is so important, an issue, never
to be taken for granted..
Alternatively, it could
be considered to be upgraded to a
composite credit hour course to form
part of set out courses for minimum
qualification toward award of a degree
in Computer Science, Computer
Engineerin and,or related discipline..
....broad minded thinking.
Passwords are Passe....Lets drop the password
The existing user id / password system is an ancient method that was developed for fixed computer systems such as servers, desktops and people needed mobility of account access and people had just one or two accounts to manage.
It is totally a different situation today… People register to tens and possibly hundreds of accounts in their short online lifetime.
And having to define a different user id and password for each of these accounts is simply crazy to expect. And then to give away my mothers maiden name, pets name, my favorite restaurant, etc to a online website that can get hacked can not only compromise my online accounts but also my real accounts such as bank accounts where these are used many a time.
IT IS SCARY…..
I have not used social networking sites much and have switched from one to another regularly. I was on orkut, then got bored and switched to LinkedIn which sounded more professional and now use FaceBook regularly and come to think of it, I use the same password for all of these.
IT IS EVEN MORE SCARY NOW….
And this thought did not cross me now…it happened many months ago when the AOL story broke out and I wondered if there is a solution for this. And then I realized that the solution is not stronger password or having to tell the computer to remember it for me or to use my mother’s maiden name to recover it.
THE SOLUTION IS TO JUST DUMP THE PASSWORD……IT IS NO LONGER NEEDED.
Today’s USER AUTHENTICATION system is developed for DESKTOP COMPUTING not for CLOUD COMPUTING where people exchange information between each other more regularly.
Today, the computer is mobile be it the NetBook or your Smart Phone. You carry it where you go and with pervasive mobile internet connectivity, you can get connected from anywhere using Wi-Fi, or GPRS or EDGE.
SO PLEASE INTERNET SECURITY EXPERTS…..WAKE UP…WE ARE NO LONGER STUCK TO A DESKTOP. AND HENCE NOT NEED TO USE A USER ID/PASSWORD TO ACCESS OUR ACCOUNTS FROM A DIFFERENT COMPUTER. WE OWN A NETBOOK OR AN IPHONE FROM WHICH WE DO MOST OF OUR ONLINE ACCESS OR WORK EXCEPT FOR WHEN WE ARE WORKING IN OUR OFFICES WHERE THE COMPANY SPENDS ZILLIONS ON SECURITY ANYWAYS.
IBM had thought of a password free system many years back….they also filed a prior art on this.
http://www.priorartdatabase.com/IPCOM/000039794/
Others have followed… http://www.kirit.com/A%20simpl.....eb%20sites
And I have filed my own patent for EasySecured which offers a unique, simpler and completely SECURED way to achieve the same concept.
ISNT THIS AMAZING……NO PASSWORD TO REMEMBER, NO PASSWORD STORED ANYWHERE AWAITING TO BE HACKED?
IF PASSWORDS ARE NOT STORED ON THE SERVER OR YOUR COMPUTER, THERE IS NO WAY HACKERS CAN HACK INTO ONLINE ACCOUNTS.
AM I CRAZY? HOW DOES ONE AUTHENTICATE AN ACCOUNT IF THERE ARE NO PASSWORDS?
The solution is downright SIMPLE, your computer is your password. By this I mean not just a desktop, your netbook, your laptop, your smartphone, IPHONE anything that is a computer. YOU ARE NOT STUCK TO A SINGLE COMPUTER.
Your online account will open only from the computers you have registered to access. You do not have to define a password or remember it. Only your User ID which is like the PIN number of your Credit Card and which will work only from your computer or the computers you allow it to work.
ONCE AGAIN …..NO PASSWORD…. IS STORED IN YOUR COMPUTER…. OR THE HOST SERVER.
The password is a unique signature derived from the various parts of your computer mashed up using a patent pending technology that is generated real time every-time you try to login to you account from the registered computer.
The server authenticates by decrypting your user account details using this real-time generated password and granting you access to your account.
Hackers rely on stored user id and password on servers to hack accounts. In this case only your user id is stored on the server encrypted a real time generated password that is stored NOWHERE.
IF a hacker has to gain access to your online account, he or she has to also gain access to your computer or IPHONE or NetBook along with your original User ID.
As every User ID and critical user information such as credit card numbers etc are encrypted using a unique key generated by a physical device, there is NO WAY HACKERS CAN HACK INTO ONE ACCOUNT AND GET THE KEY TO HACK THE REST OF THE ACCOUNTS ON THE SERVER.
I have been working on this idea and concept for months and only need industry support to make this a reality and ONCE AND ON FOR ALL PUT AN END TO THE VULNERABILITY OF ONLINE ACCOUNTS.
You can twitter me @gurudatts to know more about this or email me.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
arnetwork
85 Comments
cyber combatantants
Looked at S.A.N.S. institutes web site curriculum.
Selected online track. Cost for completion of provided courses. Roughly $50, 000. Undoubtedly, there are numerous costs in addition to the specific course fees. Let's just say $60,000 approx. for a collection of online courses with no degree at the end.
This is America's hope for the future?
Reply