- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
DHS is right to eye kindergartners, but don't forget the adults
An article about Ethiopian kids hacking OLPCs with zero instruction illustrates why DHS is right to focus on kindergarten as fertile ground for future cyber warriors. But the agency also needs to target adults who get passed over for being different.
At CSO's Security Standard conference last month, DHS Undersecretary of Cybersecurity Mark Weatherford raised eyebrows when he said the nation's future cyber warriors need not have a college education.
"There are people out there who didn't go to college, but they spent much of their time breaking things and putting them back together," and DHS needs their help, too, he said at the time.
He wasn't kidding.
As CSO correspondent Taylor Armerding writes in our lead story this morning, DHS is setting its sites on kindergarten students as future infosec practitioners. As the story unfolds, we see a lot of skepticism. It's not that there's anything wrong with targeting them young. It's just that there's a lot of talent out there now, and DHS isn't doing enough to go after them. From the article:
They're absolutely right. I especially agree that a lot of good people are being iced out because they don't fit the HR picture of normal. Schwartau isn't the first to make the point. At the start of ShmooCon 2011, Marsh Ray used the fragile mental condition as the basis of a talk called "A paranoid schizophrenia-based model of data security." He told the story of Keith, a fellow who usually sat on the park bench strumming his guitar for spare change.
"Sometimes I would take a break from reading microprocessor manuals and listen," Ray recalled. "Keith had paranoid schizophrenia. He could explain how the world worked: 'There is a great international conspiracy...' he would say. Electromagnetic fields, government satellites, resonant dinner plates, you name it: he had it all figured out. This was back in the days of the 80386, when the CPU had only four levels of indirection in its addressing architecture. But something about the way he explained his world caused it to stick with me all this time."
Ray noted how Keith couldn't trust the conflicting information coming from different parts of the brain. He knew he was vulnerable and spent much time and energy thinking about it.
"Does this not also describe our current relationship with data security?" Ray asked. "Our architectures have become so complex that they are inherently susceptible to internal schism, leaving us vulnerable to sudden manipulation by shadowy external forces."
He noted that many of the things Keith predicted have come to pass. For example:
--Radio transmissions being monitored by satellite
--Underground markets emerging for the purpose of trading information
Without a doubt, DHS has to start exploring this area of adulthood in search of talent. Heck, the agency could help break down a lot of stigmas along the way.
But let's not dismiss or ridicule DHS's kindergarten strategy, either. A very cool story by Evan Ackerman about Ethiopian kids hacking OLPCs with zero instruction illustrates why DHS is right to start focusing on kindergarten as fertile ground for future cyber warriors. Ackerman writes:
Rather than give out laptops (they're actually Motorola Zoom tablets plus solar chargers running custom software) to kids in schools with teachers, the OLPC Project decided to try something completely different: it delivered some boxes of tablets to two villages in Ethiopia, taped shut, with no instructions whatsoever. Just like, "hey kids, here's this box, you can open it if you want, see ya!"
Just to give you a sense of what these villages in Ethiopia are like, the kids (and most of the adults) there have never seen a word. No books, no newspapers, no street signs, no labels on packaged foods or goods. Nothing. And these villages aren't unique in that respect; there are many of them in Africa where the literacy rate is close to zero. So you might think that if you're going to give out fancy tablet computers, it would be helpful to have someone along to show these people how to use them, right?
But that's not what OLPC did. They just left the boxes there, sealed up, containing one tablet for every kid in each of the villages (nearly a thousand tablets in total), pre-loaded with a custom English-language operating system and SD cards with tracking software on them to record how the tablets were used. Here's how it went down, as related by OLPC founder Nicholas Negroponte at MIT Technology Review's EmTech conference last week:
"We left the boxes in the village. Closed. Taped shut. No instruction, no human being. I thought, the kids will play with the boxes! Within four minutes, one kid not only opened the box, but found the on/off switch. He'd never seen an on/off switch. He powered it up. Within five days, they were using 47 apps per child per day. Within two weeks, they were singing ABC songs [in English] in the village. And within five months, they had hacked Android. Some idiot in our organization or in the Media Lab had disabled the camera! And they figured out it had a camera, and they hacked Android."
How cool is that?
Children are often a lot smarter than us adults. We're just to wrapped up in our adulthood to see it. I'm glad DHS does see it.
Now if they can go out and tap into the talent of those adults HR shops pass over for being different, we really might have something.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Redefine Business Portability
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Fighting Fraud Videos: IBM Intelligent Investigation Manager
- IBM Intelligent Investigation Manager: Online Product Demo
- Webinar: IBM IIM for Fraud, Abuse and Waste in Government
- Thwarting DDoS Attacks with Cloud Defenses
- Data Center Insight: 6 ways to Prevent Mistakes that Have Cost others Millions
- HP & CIO: Making virtualization strategic
- Bridging the IT Gap: A Fresh Approach to Infrastructure Management
- IBM PureFlex and Flex System: Infrastructure for IT Efficiency
- Accelerating Solution Deployment with IBM PureFlex and Flex System