Yep, Hacker or Security Summer Camp time is here. For those of us not out in Las Vegas at Blackhat, B-Sides, and Defcon, The world continues on. As it goes, the U.S. Army has a lot to learn about the world of hacking.
The Register put out a story on how the US Cyber Army got its rear whooped by reservists. This article should be scary, and for good reason. If the full time Cyber Army didn’t even know how they had been attacked, how do we expect them to defend our country, let alone attack aggressors? The simple answer is they won’t be able to, but why? Well it is actually a matter of a few things.
The military is a great institution. As such they have a great regiment, and are highly organized. Follow orders, follow procedures, be a good soldier. The higher up you are the more planning you are able to do, but still the open thinking is still limited unless under true fire. This goes against the idea of being a hacker, someone who can go out and keep directly up to date with the infosec world. the world of Zero Days, backdoors, malware and the like is ever evolving and at a breakneck pace. The amount of “Eureka” moments compared to normal military strategy “Eureka” moments is astronomical. Yes the ideas put for in The Art of War by Sun Tzu still apply but the pace of shifts, adjustments and new “weapons” one talks about is daily.
Now while both the full timer Cyber Army members and the reservists both might have an interest or passion for the world of hacking and security, the reservists have a huge advantage. According to the article a good majority of the work in the infosec field full time. Imagine how more up to date, be it from looking at darknet forums, to researching zero days, penetration testing all different sorts of systems, they are. Add on that they have gone through the training and regiment that the full time Army has. This is where the full time military failed. think about it, we all have heard of former hackers recruited by the government, and for good reason. It is straight out of Art of War, “Know thyself and know thy enemy and never in 1000 battles will you lose.” The full time Cyber Army needs that adaptation. they need to be more loose on regulations, need to be able to constantly think outside the box and be able to expand their skills and knowledge outside of a regimented system. Until that time, I hope those reservists are ready to defend the country cause the full timers are a liability.