Initial Disclosure Date: Aug 10, 2012

General Keith Alexander, the head of the National Security Agency and U.S. Cyber Command, asked for hackers’ help to “secure cyberspace” and protect the nation from cyber attacks and foreign intelligence at DefCon held in Las Vegas on July 27. His appearance was significant in three ways: first, he marked the highest-level visit by a U.S. government official to this annual hackers conference, which celebrates the 20th anniversary this year, and it demonstrated an accomplishment made by DefCon and Black Hat as a bridge with the government. Second, he showed that the government is an urgent need to get support from hackers by sending the highest ranking officer, Air Force General, although the government and hackers traditionally have had uneasy relations. Finally, he emphasized the defensive aspect of the government missions.

First, General Alexander is the most senior ranking officer who has participated in DefCon, and DefCon and Black Hat have played a notable role to have government officials. For them, Black Hat is a buffer to attend DefCon. Governmental organizations started to participate in DefCon unofficially after the fifth meeting and the Conference began holding annual session called “Meet the Feds.” Most of government officials visit Defcon incognito in order to interact with other participants. Contrastingly, Black Hat is a conference where governmental organizations can attend officially. Rod Beckstrom, Director, National Cybersecurity Center, the Department of Homeland Security, gave a keynote speech in 2008, and Shawn Henry, former Executive Assistant Director of the FBI’s Criminal, Cyber, Response and Service Branch in 2012.

Black Hat and DefCon founder, Jeff Moss, expected that NSA Director’s appearance would be controversial among hackers, acknowledging, “I expect some people will say 'You are a sellout for having someone from the NSA speak.’” Still, he wanted to have Alexander at DefCon and “take some of the hackers out of their comfort zone” to “expose them to people they would normally not hear from.” According to CNN, the most of the audience favorably reacted to Alexander’s speech. Reactions from audiences to Alexander’s attendance and speech were generally favorable. Their exposure to the aforementioned Black Hat keynote speeches may have made the impression on the government less uncomfortable.

Second, the hacker recruitment by the Air Force General implies that the U.S. government is in an urgent need to hire cybersecurity experts. Although governmental organizations have had career booths at Black Hat, it was the first time for NSA to put a career booth at DefCon this year. This also suggests that efforts made by Black Hat and DefCon were rewarded to link the two different conferences. The Agency posted a career website specialized for the event in very casual wording, appealing to young hackers. Without a sense of impending crisis, NSA would not have put the following unusual sentences to its career website, “If you have a few, shall we say, indiscretions in your past, don't be alarmed. You shouldn't automatically assume you won't be hired. If you're really interested, you owe it to yourself to give it a shot.”

Even though Alexander did not mention, his remarks show that cyber espionage and attacks are becoming more intense all over the world and the United States face shortage of cybersecurity manpower. Right before the conference, Alexander was quoted by the New York Times on July 26 as assessing that the United States faces a 17-fold increase in cyber attacks on infrastructure such as electricity grids, water supplies, and computer and cell phone networks between 2009 and 2011. He said in a T-shirt and jeans at DefCon, “Some of you…can help us show the world that you can actually do intrusion detection and prevention systems and ensure civil liberties and privacy.”

Finally, his speech focused on defensive aspects of the government’s cybersecurity but sounded a little bit ironic especially after a New York Times article dated June 1st revealed that the United States and Israel were engaged in cyber attacks on Iran’s Natanz plant with Stuxnet. According to a DefenseNews article dated July 1st, the United States has a deficiency of offensive cyber experts. The newspaper quoted a report of the Senate Armed Services Committee, which accompanies the bill to authorize defense budget for the 2013 fiscal year. The Committee demanded the Pentagon to consolidate its network activities and reallocate its personnel to the offensive missions of the Cyber Command.

Yet, Washington has to wait and see how many hackers are attracted to government positions. Some hackers prioritize freedom and privacy rather than the constraints by a full-time job or government rules. Also, it is unclear how much “indiscretions in your past” are tolerated to hire hackers, and even if they get a job, their background with “indiscretions” poses uncertainty in terms of their actual missions that they can pursue. Thus, it is questionable how many hackers want to submit their “indiscretion” record to the government although they are unsure about their hiring and job, especially if they like creatively taking advantage of underlying system vulnerabilities.

Sources:
Kate Brannen and Zachary Fryer-Biggs, “U.S. Short on Offensive Cyber Experts,” DefenseNews, July 1, 2012,
http://www.defensenews.com/article/20120701/DEFREG02/307010002/U-S-Short-Offensive-Cyber-Experts?odyssey=tab|topnews|text|FRONTPAGE
Lucian Constantin, “NSA Chief Asks Hackers at Defcon for Help Securing Cyberspace,” PCWorld, July 29, 2012,
http://www.pcworld.com/article/260007/nsa_chief_asks_hackers_at_defcon_for_help_securing_cyberspace.html
Stacy Cowley, “NSA wants to hire hackers,” July 29, 2012, CNN,
http://money.cnn.com/2012/07/27/technology/defcon-nsa/
Damon Poeter, “DefCon: NSA Boss Asks Hackers to Join the Dark Side,” PC Magazine, July 29, 2012,
http://www.pcmag.com/article2/0,2817,2407783,00.asp
Jim Finkle, “U.S. spy agency chief to meet with hackers at ‘Defcon’,” Reuters, July 20, 2012,
http://www.reuters.com/article/2012/07/21/net-us-usa-security-hackers-idUSBRE86K01U20120721
National Security Agency, “Careers at the National Security Agency,”
http://www.nsa.gov/careers/dc20/
David E. Sanger, “Obama Order Sped Up Wave of Cyberattacks Against Iran,” The New York Times, June 1, 2012,
http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all
David E. Sanger and Eric Schmitt, “Rise Is Seen in Cyberattacks Targeting U.S. Infrastructure,” The New York Times, July 26, 2012,
http://www.nytimes.com/2012/07/27/us/cyberattacks-are-up-national-security-chief-says.html
Kim Zetter, “NSA Chief Tells Hackers His Agency Doesn’t Create Dossiers on All Americans,” Wired, July 27, 2012,
http://www.wired.com/threatlevel/2012/07/nsa-chief-denies-dossiers/

• * Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.