Saturday, May 30, 2009

CYBERWAR: Contractors Vie for Plum Work, Hacking for the United States

By CHRISTOPHER DREW and JOHN MARKOFF
NY Times
May 30, 2009

MELBOURNE, Fla. — The government’s urgent push into cyberwarfare has set off a rush among the biggest military companies for billions of dollars in new defense contracts.

The exotic nature of the work, coupled with the deep recession, is enabling the companies to attract top young talent that once would have gone to Silicon Valley. And the race to develop weapons that defend against, or initiate, computer attacks has given rise to thousands of “hacker soldiers” within the Pentagon who can blend the new capabilities into the nation’s war planning.

Nearly all of the largest military companies — including Northrop Grumman, General Dynamics, Lockheed Martin and Raytheon — have major cyber contracts with the military and intelligence agencies.

The companies have been moving quickly to lock up the relatively small number of experts with the training and creativity to block the attacks and design countermeasures. They have been buying smaller firms, financing academic research and running advertisements for “cyberninjas” at a time when other industries are shedding workers.

The changes are manifesting themselves in highly classified laboratories, where computer geeks in their 20s like to joke that they are hackers with security clearances.

At a Raytheon facility here south of the Kennedy Space Center, a hub of innovation in an earlier era, rock music blares and empty cans of Mountain Dew pile up as engineers create tools to protect the Pentagon’s computers and crack into the networks of countries that could become adversaries. Prizes like cappuccino machines and stacks of cash spur them on, and a gong heralds each major breakthrough.

The young engineers represent the new face of a war that President Obama described Friday as “one of the most serious economic and national security challenges we face as a nation.” The president said he would appoint a senior White House official to oversee the nation’s cybersecurity strategies.

Computer experts say the government is behind the curve in sealing off its networks from threats that are growing more persistent and sophisticated, with thousands of intrusions each day from organized criminals and legions of hackers for nations including Russia and China.

“Everybody’s attacking everybody,” said Scott Chase, a 30-year-old computer engineer who helps run the Raytheon unit here.

Mr. Chase, who wears his hair in a ponytail, and Terry Gillette, a 53-year-old former rocket engineer, ran SI Government Solutions before selling the company to Raytheon last year as the boom in the military’s cyberoperations accelerated.

The operation — tucked into several unmarked buildings behind an insurance office and a dentist’s office — is doing some of the most cutting-edge work, both in identifying weaknesses in Pentagon networks and in creating weapons for potential attacks.

Daniel D. Allen, who oversees work on intelligence systems for Northrop Grumman, estimated that federal spending on computer security now totals $10 billion each year, including classified programs. That is just a fraction of the government’s spending on weapons systems. But industry officials expect it to rise rapidly.

The military contractors are now in the enviable position of turning what they learned out of necessity — protecting the sensitive Pentagon data that sits on their own computers — into a lucrative business that could replace some of the revenue lost from cancellations of conventional weapons systems.

Executives at Lockheed Martin, which has long been the government’s largest information-technology contractor, also see the demand for greater computer security spreading to energy and health care agencies and the rest of the nation’s critical infrastructure. But for now, most companies remain focused on the national-security arena, where the hottest efforts involve anticipating how an enemy might attack and developing the resources to strike back.

Though even the existence of research on cyberweapons was once highly classified, the Air Force plans this year to award the first publicly announced contract for developing tools to break into enemy computers. The companies are also teaming up to build a National Cyber Range, a model of the Internet for testing advanced techniques.

Military experts said Northrop Grumman and General Dynamics, which have long been major players in the Pentagon’s security efforts, are leading the push into offensive cyberwarfare, along with the Raytheon unit. This involves finding vulnerabilities in other countries’ computer systems and developing software tools to exploit them, either to steal sensitive information or disable the networks.

Mr. Chase and Mr. Gillette said the Raytheon unit, which has about 100 employees, grew out of a company they started with friends at Florida Institute of Technology that concentrated on helping software makers find flaws in their own products. Over the last several years, their focus shifted to the military and intelligence agencies, which wanted to use their analytic tools to detect vulnerabilities and intrusions previously unnoticed.

Like other contractors, the Raytheon teams set up “honey pots,” the equivalent of sting operations, to lure hackers into digital cul-de-sacs that mimic Pentagon Web sites. They then capture the attackers’ codes and create defenses for them.

And since most of the world’s computers run on the Windows or the Linux systems, their work has also provided a growing window into how to attack foreign networks in any cyberwar.

“It takes a nonconformist to excel at what we do,” said Mr. Gillette, a tanned surfing aficionado who looks like a 1950s hipster in his T-shirts with rolled-up sleeves.

The company, which would allow interviews with other employees only on the condition that their last names not be used because of security concerns, hired one of its top young workers, Dustin, after he won two major hacking contests and dropped out of college. “I always approach it like a game, and it’s been fun,” said Dustin, now 22.

Another engineer, known as Jolly, joined Raytheon in April after earning a master’s degree in computer security at DePaul University in Chicago. “You think defense contractors, and you think bureaucracy, and not necessarily a lot of interesting and challenging projects,” he said.

The Pentagon’s interest in cyberwarfare has reached “religious intensity,” said Daniel T. Kuehl, a military historian at the National Defense University. And the changes carry through to soldiers being trained to defend and attack computer and wireless networks out on the battlefield.

That shift can be seen in the remaking of organizations like the Association of Old Crows, a professional group that includes contractors and military personnel.

The Old Crows have deep roots in what has long been known as electronic warfare — the use of radar and radio technologies for jamming and deception.

But the financing for electronic warfare had slowed recently, prompting the Old Crows to set up a broader information-operations branch last year and establish a new trade journal to focus on cyberwarfare.

The career of Joel Harding, the director of the group’s Information Operations Institute, exemplifies the increasing role that computing and the Internet are playing in the military.

A 20-year veteran of military intelligence, Mr. Harding shifted in 1996 into one of the earliest commands that studied government-sponsored computer hacker programs. After leaving the military, he took a job as an analyst at SAIC, a large contractor developing computer applications for military and intelligence agencies.

Mr. Harding estimates that there are now 3,000 to 5,000 information operations specialists in the military and 50,000 to 70,000 soldiers involved in general computer operations. Adding specialists in electronic warfare, deception and other areas could bring the total number of information operations personnel to as many as 88,700, he said.

http://www.nytimes.com/2009/05/31/us/31cyber.html?_r=1&ref=global-home

No comments: