By Bryan Fite, Account CISO, BT.
‘Hacker’ is an emotive term today. But, go back to its roots, and there’s a clear case for teaching, mentoring and developing hacker skills.
We all need hackers.
I’m going to start with a provocative statement: hackers are a national resource and should be encouraged, cultivated and embraced. There, I said it! Furthermore, I believe that criminals who use hacking techniques to break the law are criminals — they may, or may not, be hackers.
If you assume your adversary is a hacker, and plan accordingly, you’ll have a fighting chance of accomplishing your mission — running your business or otherwise maintaining operational integrity.
So, what’s in a name?
The debate about the use or misuse of the term hacker has been going on for some time now. The term hacker was introduced in the 50s, become associated with computing in the 60s and joined mainstream language in the 70s. It was at that point it started to become abused. I won’t waste your time articulating the various positons aligned in the debate but rather give you my perspective.
I subscribe to the school of thought that hackers are innovators — every bit as creative, inventive and pioneering as Orville and Wilbur Wright, the fathers of modern flight.
Tracing hacking back to its roots.
‘OG’ hackers were basically coders who would ‘hack out’ software and code to effect the function of a computer system, way before the days of FAQs, 1-800 Tech-Support and Google. If they wanted a machine or system element to do something, they would have to articulate the directives and get the system to adopt them.
Necessity and this inventive dynamic drove hackers to learn minute and mundane details of the inner working of system elements and the way they interact — the rules of the game, if you will. This desire or need to understand ‘how’ things work is one of the characteristics of the hacker genus.
So, apply this historically and think about it: the two bicycle repair men from Dayton, Ohio, who invented powered flight, were hackers. When they’d perfected glided flight, they needed an engine that was both light and powerful enough to propel their aircraft. No car manufacturer could supply an engine like this — so they ‘hacked out’ a solution, designing and building their own.
Encouragement, leadership and nurturing.
The other hacker trait that I subscribe to is that true hackers are basically ‘chaotic good’ or ‘chaotic neutral’ (that’s an old Dungeons & Dragons reference: look it up). Another way to put it is, ‘to hack is not to crack’, meaning you shouldn’t use your powers in order to do harm to others.
The definition of harm is, of course, somewhat subjective. But, at its core, there’s a moral and ethical aspect to hacking and being a hacker that is always part of the debate — white hat, black hat or grey hat.
This is why it’s so important that we develop forums to teach, mentor and develop hacker skills. And this requires security professionals who are ‘hackers’ to become positive role models — to get more involved and emerge from ‘the basement’, as it were.
Hacker, and proud.
To that end, even though I wear a tie most of the time, I’m a hacker at heart. I love learning about ‘wicked business problems’ then applying hacker-driven innovation to achieve objectives and act as a change agent. So are you a hacker? How do you identify?
I’m currently prepping for my annual pilgrimage to Troopers, the best hacker conference. If you plan to be there, please let me know, and we can talk about hackers, IoT, cyber operations or anything else that’s relevant to the current dialogue.