Wednesday, February 10, 2010

A Hacker in Charge of Your Tax Dollars?

I read Hacker 'Mudge' gets DARPA job by Elinor Mills:

Peiter Zatko--a respected hacker known as "Mudge"--has been tapped to be a program manager at DARPA, where he will be in charge of funding research designed to help give the U.S. government tools needed to protect against cyberattacks, CNET has learned.

Zatko will become a program manager in mid-March within the Strategic Technologies Office at DARPA (Defense Advanced Research Projects Agency), which is the research and development office for the Department of Defense. His focus will be cybersecurity...

Another lure of the job was the budget he will have. Zatko said he doesn't know exactly how much of the $3.5 billion a year DARPA spends to fund research he will oversee but said it's likely to be a "good chunk."


A hacker in charge of your tax dollars? I think that's... great! I'm pleased to see someone with the right mindset and experience making decisions on next-generation digital security projects. I am pretty sure no one with a lame research proposal or dumb idea for a start-up is going to be able to fool Mudge. This is another watershed event for our community, similar to Jeff Moss being selected to an advisory position in DHS.

It's important to place this event in context. The cover at the top shows "Maximum Security," one of the first technical books on digital security to be published. ("Practical Unix and Information Security" was my introduction.) The year was 1997, and the Anonymous author chose not to reveal his identity for fear of the consequences. Think about that for a moment. Now, 13 years later, we have a real hacker -- a real hacker, not an intruder -- supervising the budget of a government agency. That's amazing progress. Congratulations Mudge!

PS: One minor point. The author writes:

Zatko cut his security chops as a teen-age hacker in the 1980s and managed to stay one step ahead of the law.

I have a feeling the author added this line to "spice up" the article, thinking that "hackers" need to have run-ins, or need to avoid run-ins, with the law in order to have "street cred." In all the years I have known of Mudge (I met him in the fall of 1998 when he taught a class with Mike Schiffman at the AFIWC), I never thought of him as a criminal or a "near-criminal." He's always been a security researcher as far as I am concerned.

4 comments:

Andrew Jaquith said...

Well said, Richard.

Paul Hite said...

Very exciting! I agree Mudge will do much better than the usual suits in this post.

noneck said...

I'm am very excited to read this. This is good news.

Anonymous said...

Brilliant! Finally someone with a brain in charge.