A few weeks ago, I posted here an excerpt from an upcoming book on coming national security threats. My own chapter deals with the place of IT in confronting those threats. The book--Threats In the Age of Obama (Amazon)--is now out.

In addition to my own, there is one other tech-related chapter from Bob Gourley, former CTO of the Defense Intelligence Agency. I recently mentioned on this site how cyber security gets little attention from both the cyber people and the security people. In his chapter, Bob explains why we need to spend more time on this issue:

The National Counterterrorism Center has published a huge data set on its Web site. The Worldwide Incidents Tracking System has a few thousand records of violent acts going back to 2004, and it's begging to be downloaded by a Flash guru who can show the government why open data is a good practice.

This week's Government Computer News features an update on Intellipedia, the Intelligence Community's internal version of Wikipedia. While the project is going well, IC social software advocate Chris Rasmussen says that cultural barriers are keeping the project from crossing the chasm.

Rod Beckstrom, director of the Department of Homeland Security's National Cyber Security Center, resigned on Friday. He'd held the position for just under a year.

This week, Mark Drapeau and Linton Wells, both of National Defense University, published a definitive study of the implications of social software on national security. Working in both arenas, I'm often frustrated by the security community's tendency to think about social software only as a "target": how can we exploit the enemy's use of the Web, how will they use it to exploit our weaknesses, etc.

I stumbled upon this article a few days ago:

General Dynamics Information Technology put out an ad last month on behalf of the Homeland Security Department...Applicants, it said, must understand hackers' tools and tactics and be able to analyze Internet traffic and identify vulnerabilities in the federal systems.

And in the Pentagon's budget request submitted last week...the Pentagon will increase the number of cyber experts it can train each year from 80 to 250 by 2011.

Amid dire warnings that the U.S. is ill-prepared for a cyber attack, the White House conducted a 60-day study of how the government can better manage and use technology to protect everything from the nation's electrical grid and stock markets to tax data, airline flight systems, and nuclear launch codes.

This is a good start. By increasing the cyber-defense workforce, they are being more predictive than they have in years past. Our government usually waits until the disaster has already happened before trying to prevent it.

But this may not be the best way to prevent it. I don't profess to know what the best way is. But I do believe that we shouldn't defer to the normal strategy--open a new office, fill some chairs, maybe form a working group or presidential commission or two--when it comes to solving a new problem.

In addition to the standard practice, we should experiment. Where do we begin experimenting? With an admission:

Those most qualified to defend our networks do not want government jobs*.

"For $10 million, you can have your ship data back."

Now this is interesting. With both sea piracy and cyber security in the news lately, someone had an idea: combine the two. Last week, someone broke into a Virginia Web site that lets pharmacists track prescription drug abuse. But instead of just breaking in and stealing data, they are holding it hostage:

Sean Dennehy and Don Burke, the CIA's lead curators and advocates for Intellipedia, have been nominated for the Service To America medal:

When Sean Dennehy and Don Burke were tasked with increasing knowledge sharing across the intelligence community in 2005, it was like being asked to promote vegetarianism in Texas. Against the odds, these analysts in the Central Intelligence Agency have succeeded in creating a tool that breaks with the prevailing culture, increases the flow of information and ultimately makes our country safer...

When an intelligence analyst writes a paper, it quickly becomes stale; in some cases, because of the time it takes to review and publish reports, they're stale before anyone ever sees them. With Intellipedia (which is a slightly modified MediaWiki installation), analysts and policymakers can always have a live version of the Intelligence Community's collective knowledge and assessments.

ODNI and CIA officials were quick to recognize the magnitude of Burke and Dennehy’s accomplishment. "It’s hard to overstate what they did," Eric Haseltine, former chief technology officer of the intelligence community, said. "They made a major transformation almost overnight with no money after other programs failed to achieve these results with millions of dollars in funding." (emphasis added)

Having worked as an intelligence analyst for a few years at the Department of Defense, I try to dispel the notion that the job requires a special skillset. It doesn't. It is simply research, and the job is little different from any other research-based position: you gather observations, think about them, and write a report. Nothing special there. Analysts do have access to secrets, but even that doesn't completely set them apart from others: some intelligence scholars believe that the majority of strategic decisions can be made with 100% public information.

A few weeks ago, I wrote about the Pentagon's plan to hire more cyber security experts, and voiced skepticism that the most talented people would go to work for the government: such people love their independence, and would much rather continue working from their basements than from a cubicle. Plus, in order to become an expert, you sometimes must do things (ie, commit computer crimes) that disqualify you from the job.

According to Forbes, the White House will announce this week a new program that seeks out budding hackers at an early age, in order to hone their skills and draw them to government service: