Reading

Ethical Hacking

The Pentagon is training people to hack into its own computer networks. "To beat a hacker, you need to think  one," said Jay Bavisi, co-founder and president of the International Council of Electronic Commerce Consultants, or EC-Council. His company was chosen by the Pentagon to  training of Department of Defense employees who work in computer security-related jobs and certify them when the training is complete. The Department of Defense does not consider this hacking. "DoD personnel are not learning to hack. They are learning to defend the network against hackers," said spokesman Lt. Col. Eric Butterbaugh. But the EC-Council calls the program "Certified Ethical Hacker certification." The purpose of the training is to teach Defense Department employees to defend their computer network.

Almost 90,000 attacks on Defense Department computers were reported last year, according to a government report. Fending off the attacks costs the Pentagon about $100 million. Bavisi said the training focuses on teaching the art of hacking, using the same tools and tricks that traditional hackers use to break into computer networks.

The basic concept is Defense Department employees would use the training to hack into the department's computers, Bavisi said. Once the ethical hackers find the  that unethical hackers could use to attack, they increase the security to remove the potential  . He said they are like bodyguards for the Defense Department network. Their only goal is to defend the network,  the means of doing so are similar to those used by cyber attackers, Bavisi said.

This kind of training has been done before in the Defense Department on an ad hoc basis, said Bavisi. Now every Defense Department agency and unit is required to include hacker training as one  for employees involved in cybersecurity. EC-Council has 450 training partners that will handle standard "ethical hacking" training,  has been used by civilian agencies and private businesses for years. If a Defense Department agency wants its employees to focus on a particular type of hacker training, EC-Council will perform customized training. The training requires 40 hours of instruction and 4,500 pages of reading on the  hacker techniques.

Bavisi said that Defense Department employees who complete the training and certification will not be  to use their new knowledge to hack into privately owned or civilian computers. But he said that any kind of training, including ethical hacking, could be used for nefarious  . "You can teach me to cut an apple with a knife, and I can turn around and stab you with the knife," Bavisi said.