A hacker-turned-defense official, decrying the government's slowness to change, rolled out a new program on Thursday that would enable the Pentagon to more quickly fund hackers to tackle its tough cybersecurity challenges.
Peiter Zatko, a hacker known as Mudge who is now at the Defense Advanced Research Projects Agency (DARPA), said he joined the Pentagon's research arm to try and build bridges between the government's cybersecurity needs and hackers working on innovative projects.
What he found instead was a lumbering bureaucracy on the government side that had the more nimble hacking community throwing up its arms in frustration as its members tried to navigate unfathomable bureaucratese on reams of forms, in a process that lasted months.
So in the latest attempt to pull cybersecurity expertise into government, DARPA has launched the "Cyber Fast Track" program, intended to cut red tape for hackers to apply for funding for projects that would help the Defense Department secure computer networks.
Instilling change in a government bureaucracy is "insanely difficult" because government is used to operating in a certain way, said Zatko, head of DARPA's information innovation office. "And that's fine in many, many areas. But I don't think that's fine for cyber," he said.
Zatko said he decided it was time to start funding hackers and boutique security firms, "and making it actually easy enough for them to compete for government research money with the large, traditional government contractors."
Addressing a key issue for hackers doing government projects, they will be allowed to keep the commercial intellectual property rights while giving the Defense Department use of the project.
Zatko told the audience of technology and security experts at the Black Hat conference in Las Vegas that 20 to 100 of these projects will be funded every year, with about two weeks required to land a contract -- lightning-fast by Pentagon contracting standards.
He did not say how much money would be used to fund the projects and a DARPA spokesman did not immediately respond to an emailed question.