Wanted: high school hackers, crackers, and other digital deviants

state-sponsored enemies. “In the 1950s and 1960s, Sputnik and the space race inspired young people to pursue careers in science and engineering,” reads a draft of the statement. “We have a similar opportunity to inspire today’s young people to tackle the important challenges we face, including cybersecurity.

Fears of cyber-sabotage or espionage were brought home last month by revelations, reported in the Wall Street Journal, that Russian and Chinese intruders had gained access to and mapped out the networks of U.S. power systems, leaving behind software designed to sabotage them. Cyberspies have also repeatedly hacked government and military networks going back as early as the beginning of the decade. Forbes reported in 2007 that military contractors including Lockheed Martin, Raytheon, Boeing and Northrup Grumman had suffered security breaches that had the potential to reveal classified information.

One element of ending those cyber debacles, says the SANS Institute’s Paller, will mean a renewed focus on cyber education. “We have probably only 1,000 very skilled hackers working for government and industry,” he says. “We need 20,000 or 30,000. Those hackers are out there. We just need to get them into a much more important and useful role.”

China, for its part, may be well ahead of the U.S. in cybersecurity education and recruiting, Paller argues. In a hearing before the Senate’s Homeland Security last month, Paller told the story of Tan Dailin, a graduate student in China’s Sichuan province who in 2005 won several government-sponsored hacking competitions and the next year was caught intruding on U.S. Department of Defense networks, siphoning thousands of unclassified documents to servers in China. “China’s People’s Liberation Army is running these competitions all the time, aiming their recruits at the U.S.,” Paller says. “Shouldn’t we be looking for our best talent the way other countries are?”

A parallel track of domestic cyber training raises the specter of U.S. government-trained hackers not only stealing data from foreign enemies — a diplomatically thorny prospect in itself — but also hacking other targets for fun or profit, and potentially becoming a rogue collection of skilled cybercriminals. “There probably could be a couple people we train that go to the dark side,” admits Jim Christy, director of the Department of Defense’s Cyber Crime Center. “But we’ll catch them and send a message. The good guys will outweigh the bad.”

Teaching offensive hacking is a necessary element of protecting networks, argues the SANS Institute’s Paller. “Offense must inform defense,” he says. “We’d like it to be just training defenders, but if they don’t know how attacks are performed, they’ll be incompetent.”

He adds that even without formal training, teens are already becoming active hackers. According to a survey released by Panda Security earlier this month, one in five U.K. teens says he or she knows how to find online software tools for gaining unauthorized access to data. A third of those respondents claimed to have used them. “This isn’t about educating hackers,” says Paller. “It’s about finding them.”

Training games used in digital espionage and data theft, including offensive tactics, are nothing new: The military has long put cadets through defensive and offensive simulations. Programs like the SANS Institute educate so-called white-hat hackers, penetration testers paid to test the security of private companies and government institutions. And cybersecurity conferences like Las Vegas’ DefCon host games of “Capture the Flag,” in which teams win points by compromising the opposition’s PCs.

The Cyber Challenge, however, would be the military’s first attempt to reach civilian students. Despite the controversy it likely will raise, it may be the kind of early education push American cybersecurity needs, argues the Department of Defense’s Christy. “As cybersecurity comes to the forefront, we’re going to start seeing fratricide between in agencies and the private sectors as everyone tries to recruit a small number of experts,” he says. “We have to grow this workforce.”