The US Navy posted a training solicitation last week, calling for interested personnel to sign-up for a ‘Certified Ethical Hacker’ program, a five-day course from June 6-10, in San Diego, California. The training represents the latest step by the US military to respond to an increase in global cyberwarfare.
According to the Navy, a 'certified ethical hacker' "is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in networks and/or computer systems and uses the same knowledge and tools as a malicious hacker upon request from an organization."
A 'certified ethical hacker' differs from a black-hat hacker in no discernible way, except for being ordered to engage in hacking attacks at the behest of a government.
Even that, however, is insufficient to be deemed an ethical hacker – these professionals are ordered specifically by the US government, unlike purportedly unethical Chinese, Iranian, and Russian hackers.
The move by the US Navy comes after the military and intelligence community continue to lose talented cybersecurity experts who opt to go professional in the private sector, or lease their services to the government, as a high-priced consultant.
Notably, the US Navy job-function specifications for their new cadre of hackers does not specify whether they will engage in offensive action against foreign governments. The guidelines also do not expressly limit their function to a more ‘ethical’ role, including engaging in limited hacking attacks against US government systems to determine holes in the security apparatus.
Another military branch, the US Air Force, gave up entirely on attempting to recruit and train hackers and IT professionals, opting instead to outsource the work to consulting firms and freelance operatives.