Recently, I read an article in a local newspaper, about a kid that did the wrong thing - http://www.sanduskyregister.com/news/law-enforcement/7871226 . Mind you, I do NOT condone what he did, or why, or how. However, the article sparked a discussion in which it was more or less 'inferred' (because of my opinions on 'hacking' and the proper instruction thereof, to kids) that I was 'part of the problem'. I beg to differ, and thus, today's blog post ensued.
"Lions and Tigers and Bears, OH MY!" That classic line from 'The Wizard of Oz' rings true as I watch parents, teachers and others who are tasked with rearing the next generation. F.U.D. (Fear, Uncertainty and Doubt) plays a strong part in society's understanding of all things "technical". While our children are encouraged, from a young age, to reach out / discover / explore and search to define themselves and prepare for their adult lives, too often the responsible parties are the first to discourage anything that they don't understand, simply because they don't realize the importance thereof. If they hear the word 'hacker', they jump to conclusions because of the depictions and definitions in the media, and how hackers are portrayed in entertainment (TV, movies, etc). They don't necessarily understand that a 'hacker', by definition, is simply someone who tries to make something work in a way, or do something, that it wasn't designed to do, often with the end goal of improving whatever they started with. Sure, there are evil / malicious hackers, but there are also those who hack to make things better. There are even those who hack for others' benefits ( http://johnny.ihackstuff.com )
With specific regard to the original topic (the young man who stirred up a lot of trouble for the area school districts), as I said, I'm in complete agreement that what the kid did was wrong. However, had the 'responsible' adults exercised the same 'curiosity' he had regarding the consequences of someone DDoS'ing their network, the reality of the situation should have readily come to mind - that being a lack of proper distributed design, capacity planning and strong need for overall 'security posture' analysis.
The discussion quickly turned to all of the negative points. ('The kid is bad, he should be sent to jail / military school', 'hackers are evil', 'my parents would've killed me', yada, yada, yada...) Folks were quick to condemn the kid, pointing out that what he did was against the law and how everyone should come down on him for the time and expense that his 'hacking' cost the district, law enforcement, etc.
So I could follow along with this negative thinking. I could concur that his actions were purely malicious (mind you, I DO agree that he obviously had every intention of causing problems and that this wasn't innocent curiosity - I wasn't born yesterday, folks). I could chime into the choruses of 'string him up and hang him', 'burn him at the stake', 'lock him up and throw away the key'.
But I won't, and here's why...
While this kid did something stupid, there's something to be said for the PROPER education and training of kids who share his curiosity but want to use it in more positive ways - and for good. Perhaps his story will bring more kids to want to learn and grow, in order to better the technologies - kids who are the future of software engineers, security experts and technical geniuses.
Many experts would say that the best time to learn is during the 'school age years'. In most cases, I tend to agree. Younger children tend to be more receptive to learning and their curiosity often makes them more receptive to new ideas than older people. Case in point, with technology, one will often see kids doing things on computers, phones, tablets - pretty much anything dealing with technology - and adults sit an awe, not realizing the potentials of each. Kids experiment, kids challenge the 'norm' (often because they're not yet old enough to accept said 'norm'), and kids are the ultimate 'hackers', in that they'll try to make things work how THEY want them to work, not always how they were designed to work. Their 'hacking' isn't malicious (not all hacking is), but it does encourage change and often leads to making things better than they were, previously.
Now, going back to the story and the debate that ensued, I made a point that perhaps we should teach kids 'hacking' in school, in after school clubs, etc. No, not malicious hacking, so to speak, although it can be argued that, in order to make things more secure, someone MUST be taught to understand the malicious methods and the 'evil' tactics. After all, how does one make a technology (or anything else for that matter) better, if they don't truly understand it. That especially holds true in engineering, in design and in SECURITY. In order to attain the unbreakable, one must first understand how things break. It's a never-ending cycle of break - fix, break - fix.
A prime example of kids who truly understand security (his teachers understand the importance of it, his parents understand the importance of it, the INDUSTRY understands the importance of it), is Reuben A. Paul - aka RAPstar ( https://www.facebook.com/pages/Reuben-A-Paul-RAPstar/209275665828035 ). Reuben is a kid that truly 'gets it'. Not only is he quickly becoming an international speaker and recognized security evangelist, but he's also the CEO of his own company and is the youngest Shaolin-Do Kung Fu black belt, having earned that distinction at only seven years old, in 2013. So here's a young man who 'hacks', hacks well and does it for the right reasons. Reuben understands many of his topics far better than many adults in the industry and I'm proud of his accomplishments.
A couple further links supporting my point:
http://www.al.com/news/huntsville/index.ssf/2015/03/grissom_high_cybersloths_take.html
http://www.al.com/news/huntsville/index.ssf/2015/04/huntsville_schools_cyber_secur.html
http://www.uscyberpatriot.org/
I propose that America should really begin to put forth the focus and effort to begin training our youth in this area - not just in these few cases. It's common knowledge that other countries (China, Korea, etc) have been training their 'cyber' armies for years, recruiting their talent at a young age. These countries have been leading the world in technological arenas for some time, not simply in security / hacking. If we aren't to train and recruit our young talent while opportunity and interest from the kids permit us to do so, we're destined to fail when the time comes to both attack and defend. The wellbeing of our military, our educational institutions, our businesses and our country, in general, rely on the technical ability of our future generations - our children. We need to prepare them, NOW!
Closing thoughts for today, for those who would argue the negative aspects of training kids to 'hack' and learn security in school. I'm a firm believer in God, and in Proverbs Chapter 22 verse 6, the Bible says:
"Train up a child in the way he should go: and when he is old, he will not depart from it."
I believe this goes for the home (parents) as well as for educational institutions. If a child is trained properly and has the proper motives and beliefs instilled in them throughout their lives and education, I believe they'll use the tools and trainings for the right purposes, not for the wrong ones.
No comments:
Post a Comment