Rules keep hackers from helping government, ex DHS head says
They know how to find network weaknesses, but might be leery of sharing their talents, if lending a hand requires navigating through too much red tape.
Friendly hackers and other computer whizzes who could help bolster government's cyber defenses often are unable to collaborate with the Homeland Security Department because of outdated policies that Congress and the White House must reform, former DHS Secretary Tom Ridge said on Tuesday.
Ridge, his successor Michael Chertoff and current DHS Secretary Janet Napolitano discussed the evolution of threats to the United States, including those to network security, at a Georgetown University event, hosted by the Aspen Institute, to mark the department's 8th anniversary.
The federal government is short tens of thousands of cyber experts, by some estimates, and is aggressively trying to attract new talent through scholarships and other youth competitions. For example, a program that the National Science Foundation runs covers the cost of books, tuition, and room and board for students willing to concentrate in information security and then work for the government.
Napolitano said the Office of Personnel Management has granted DHS direct authority to hire 1,000 cybersecurity specialists.
Despite such opportunities, members of the hacker community remain wary of working with the government. They know how to find network weaknesses, but might be leery of sharing such talents, if lending a hand requires navigating through too much red tape.
Ridge said Congress should revisit rules that restrict engaging private individuals in partnerships with the federal government.
"With the regulations associated with bringing in private citizens -- to sit side by side by with the government in order to advance a broader interest of security and safety -- it is very, very difficult," Ridge said. "The [regulations] are written to the extent where, we're not really going to trust people in the private sector because, heaven forbid, they might be financially advantaged either with a contract or just general information."
In his State of the Union address, President Obama noted that he has called on agencies to eliminate certain burdensome and outdated regulations, and he also promised to present a plan for consolidating some agencies to operate the government more efficiently.
Referring to that speech, Ridge said, "I hope part of that process is making it a lot easier for people in the private sector to join in that partnership. . . . These regs are written to take care of an aberrant behavior, somebody who might be misguided and we ought to just trust the Americans who want to work with government and make it a lot easier to partner with us particularly in the area of cybersecurity."
Napolitano said one problem in recruiting computer savvy individuals is "people who are really good, they have not thought about working for the government." This year, she will be speaking at various universities across the country to convey the message that DHS is a place where students can have rewarding careers.
"We have recruited some very nationally known hackers to be on our on our homeland security advisory committee," she noted. "There are actually hacker conventions, and we are there."
NEXT STORY: Why you can't stop insider threats