United States Department of Defense Embraces Hacker Certification to Protect US Interests

Monday, March 01, 2010

Cross Posted from Saumil Shah's blog here:

The U.S. Department of Defense (DoD) announces the official approval of the EC-Council Certified Ethical Hacker (CEH) certification program as a new baseline skills requirement for U.S.cyber defenders. Specifically, the new Certified Ethical Hacker program is required for the DoD's computer network defenders (CND's), a specialized personnel classification within the DoD's information assurance workforce.
The Certified Ethical Hacker requirement falls under the auspices of DoD Directive 8570 Information Assurance Workforce Improvement Program. The current version (incorporating Change 2) was signed by Assistant Secretary of Defense, John G. Grimes and was officially instated on February 25, 2010. Directive 8570 provides clear guidance to information assurance training, certification and workforce management across all components of the DoD. 
The CND groups protect, monitor, analyze, detect, and respond to unauthorized activity within DoD information systems and computer networks.
With this directive, military service, contractors, and foreign employees across all job descriptions must show 100-percent compliance with the new Certified Ethical Hacker training requirement by 2011. This shows the DoD's focus on better training and preparation of the U.S. military workforce in this area.
The Certified Ethical Hacker qualification tests the certification holder's knowledge in the mindset, tools and techniques of a hacker, fortifying it's certification tag line: "To beat a hacker, you must think like one."
"CEH has been selected due to the immense technical and tactical nature of the certification," said Jay Bavisi, co-founder and president of EC-Council. "It is one of the most technically advanced certifications on the directive for CND professionals. In fact, it is the only certification approved across four out of the five categories to prepare the CND teams. While other policy-based programs add value, CEH prepares the U.S. CNDs to combat hackers in real time, defending U.S. interests globally."
Bavisi added: "We have been researching this space for quite some time and with this mandate from the DoD, there has never been a better time for us to beat the hackers at their own game. We are racing to research complex hacker techniques and in the next release of our CEH program, we hope to showcase in over 150 modules, detailed and extremely complex attack and countermeasures that will help raise the level of knowledge of the CND teams."

  • CEH is now formally integrated into the certification requirements for U.S. DoD IA Workforce
  • CEH is now required for CND Analyst, CND Infrastructure Support, CND Incident Responder, and CND Auditor as defined byDirective 8570
More information about EC-Council and Directive 8570 can be found at https://www.eccouncil.org/about_us/dod_8570.aspx
Possibly Related Articles:
General Security Training
Certification CEH DoD
Post Rating I Like this!
Lee Mangold There's a lot of discussion about the CEH in another post (https://www.infosecisland.com/blogview/3880-Certified-Ethical-Hacker.html) that may be of interest. I'm taking the CEH partially for 8570 compliance, but mostly for fun right now. I'm not entirely sure I agree with the complete satisfaction of the CND requirement with this certification. I would consider it more of an awareness tool than a certification.

An interesting point I just thought about: You find me an IAM who allows Cain & Able or Metasploit on their network and I'll find a huge vulnerability...