If there’s a single lesson Americans have learned from the events of the past year, it might be this: Hackers are dangerous people. They interfere in our elections, bring giant corporations to their knees, and steal passwords and credit card numbers by the truckload. They ignore boundaries. They delight in creating chaos. But what if that’s the wrong narrative? What if we’re ignoring a different group of hackers who aren’t lawless renegades, who are in fact patriotic, public-spirited Americans who want to use their technical skills to protect our country from cyberattacks, but are being held back by outdated rules and overly protective institutions? In other words: What if the problem we face is not too many bad hackers, but too few good ones? The topic of ethical hacking was on everyone’s mind at Def Con, the hacker convention last week in Las Vegas. It’s the security community’s annual gathering, where thousands of hackers gathered to show their latest exploits, discuss new security research and swap cyberwar stories. Many of the hackers I spoke to were gravely concerned about Russia’s wide-ranging interference in last year’s election. They wanted to know: How can we stop attacks like these in the future?
The problem, they told me, is that the government doesn’t make it easy for well-meaning hackers to pitch in on defense. Laws like the Computer Fraud and Abuse Act make poking around inside many government systems, even for innocent research purposes, a criminal offense. More than 209,000 cybersecurity jobs in the United States currently sit unfilled, according to a 2015 analysis of labor data by Peninsula Press, and the former head of the National Security Agency said last year that the agency’s cybersecurity experts “are increasingly leaving in large numbers” for jobs in the private sector.
Partly, that’s because private sector jobs tend to pay more. But it’s also because the government can be an inhospitable place for a hacker. Talented hackers can be disqualified for government jobs by strict background checks, and dissuaded by hiring processes that favor candidates with more formal credentials. At Def Con, I heard stories about hackers who had interviewed for government security jobs only to be turned away because they’d smoked pot as a teenager, or violated copyright law by jail-breaking their video game console.
Full Article: A Solution to Hackers? More Hackers – The New York Times.