To catch a thief, you must think like a thief – the best way to defend an asset is to get inside the head of the attacker and predict his actions.
That’s the opinion of Alan Paller, founder of the SANS Institute and creator of NetWars, an online cybersecurity simulation game in which contestants compete against each other by hacking into and controlling the game’s 12 servers, leaving their user name in them to prove they did it.
Last July, when NetWars was presented, the honor to play the first round was given to 75 students who have considerable knowledge of cyber attack and defense techniques. But of those, only one showed the kind of reasoning that can be linked to those of a hacker.
According to Forbes, Michael Coppola, a 17-year-old high school junior, ignored the main targets and took control of the game’s scorekeeping algorithm. At the end of the game, his score was three times higher then everybody else’s.
One could say that he was cheating, but thinking outside the box and the willingness to break the rules are the principal requirements for a hacker and, as Alan Paller would argue, they should be equally important for cyber defenders.
“This is a skill we need Americans to have. But even more we need to find the ones who are already talented and make sure they’re working for the good guys,” he says. He sees NetWars, the Air Force’s Cyber Patriot competition, the Department of Defense’s Digital Forensics Challenge and other such competitions as a great method to discover and foster talented individuals who will become one of the 20,000 skilled cybersecurity experts America is in need of.
But, NetWars is fairly controversial because unlike the other competitions mentioned, it focuses mainly on cyber offense. While Sanford Schlitt, coordinator of the Cyber Patriot competition, thinks that teaching kids to find vulnerabilities and exploiting them will result in the creation of hackers, some government agencies and even some companies think Paller is on the right track, and are offering internships to winners.