DARPA Enlists Hackers

It’s no secret that government initiatives around cybersecurity haven’t lived up to expectations. While they succeed in creating controversy – such as the recent hubbub over the so-called “Internet Kill Switch” (actually more like an “Internet Life Support” system) – cybersecurity initiatives have generally failed to work well with the dynamism and creativity that makes Internet security a problem: If the bad guys move faster than the good guys, the bad guys win, and nothing moves slower than the federal government. DARPA is making constructive steps to bridge theory and practice by reaching out to the hacker community:

The Defense Department plans to fund independent security researchers and experimental projects in a bid to invigorate the federal government’s “unsustainable” approach to cybersecurity, said Peiter “Mudge” Zatko, a program manager at the Defense Advanced Research Projects Agency. Zatko made the announcement Jan. 28 in a keynote speech at ShmooCon, an annual security research conference in Washington.

The program, called Cyber Fast Track, will reward security research done within “a matter of months and at a small price tag.” Its emphasis on slimmer, unconventional solutions will rope in nontraditional players, such as hobbyists, startups and hacker spaces — a term the security community uses in reference to technology-oriented collectives and experimental spaces, Zatko said, in follow-up e-mail.

Zatko himself is a former member of a unique “hacker think tank” known as L0pht that frightened the Senate in 1998 by claiming it could shut down the Internet in 30 minutes. While the word “hacker” has many connotations ranging from good guy to bad guy, in essence a true hacker has mad computer skills and a willingness to take risks to check out a theory. The risk-taking side is what DARPA is apparently trying to harness.

History suggests that initiatives of this sort don’t end well, but the upsides are so great it’s worth a few government dollars to see if the current approach to building a hacker think tank can work. If nothing else, it shows that DARPA is on the ball.