Former NSA Chief Cashing in Big as Cyber Security Consultant

Retired General Keith Alexander is hawking his services to banks at princely sums.


keith-alexander-nsa-cybercom-chief

General Keith Alexander, former head of the NSA and US Cyber Command, is hawking his services to banks at princely sums.

Bloomberg (“Former NSA director Keith Alexander now pitching banks $1M/month cybersecurity consulting“):

As the four-star general in charge of U.S. digital defenses, Keith Alexander warned repeatedly that the financial industry was among the likely targets of a major attack. Now he’s selling the message directly to the banks.

Joining a crowded field of cyber-consultants, the former National Security Agency chief is pitching his services for as much as $1 million a month. The audience is receptive: Under pressure from regulators, lawmakers and their customers, financial firms are pouring hundreds of millions of dollars into barriers against digital assaults.

Alexander, who retired in March from his dual role as head of the NSA and the U.S. Cyber Command, has since met with the largest banking trade groups, stressing the threat from state-sponsored attacks bent on data destruction as well as hackers interested in stealing information or money.

“It would be devastating if one of our major banks was hit, because they’re so interconnected,” Alexander said in an interview.

[…]

Alexander offered to provide advice to Sifma for $1 million a month, according to two people briefed on the talks. The asking price later dropped to $600,000, the people said, speaking on condition of anonymity because the negotiation was private.

Alexander declined to comment on the details, except to say that his firm will have contracts “in the near future.”

Kenneth Bentsen, Sifma’s president, said at a Bloomberg Government event yesterday in Washington that “cybersecurity is probably our number one priority” now that most regulatory changes imposed after the 2008 credit crisis have been absorbed.

“There are a lot of very high-caliber people that have served in public positions who bring a tremendous amount of expertise that our industry or other industries can benefit from. General Alexander is certainly one of those people,” Bentsen said.

Former U.S. intelligence officials are part of the burgeoning Internet security industry. Michael Morell, who last year was deputy director of the Central Intelligence Agency, now works for Beacon Global Strategies LLC and appeared at a Sifma event to warn financial firms about cybersecurity threats. CrowdStrike Inc., a security-technology company that does work for the largest banks, has former FBI officials on its staff.

The firm’s general counsel, Steven Chabinsky, was a deputy assistant director in the FBI’s cyber division. Cybersecurity is at the center of digital-dominated banking, he said in an interview.

“It’s consumer confidence; it’s consumer protection; it’s the way money is moved,” he said. “It’s the integrity of the entire global system.”

Alexander is hardly the first powerful public official to peddle his services in the private sector at a hefty markup after leaving government. And I have no reason to think that Alexander’s dealings are anything but above board. Still, I find this troubling for reasons I can’t quite put my finger on.

Partly, it’s because of the vast amount of classified information he had access to as head of the NSA. Aside from the vast troves gleaned from the NSA’s traditional methods, there’s the insights into American businesses that came from the various datamining operations during Alexander’s tenure. So, not only does he have unique expertise about the cyber threat but he also has a lot of knowledge about the vulnerabilities—and who knows what else—of competing banks. Again, I don’t question Alexander’s integrity. But, for even his discounted rate of three times his former annual salary a month, one presumes the people paying for his services have all that at the back of their minds.

And, of course, there’s the ever-present issue of influence peddling.

Alexander said in the interview that one obstacle to a stronger system is the legitimate concern banks have about privacy and liability when they give data to other firms and the government. The Senate Intelligence Committee next week will take up a bipartisan bill — sponsored by Senators Dianne Feinstein, a California Democrat, and Saxby Chambliss, a Georgia Republican — which would set rules and protections for information-sharing.

Such a law would be an important tool to improve the nation’s defenses, Alexander said.

“What I’m concerned about is we’re going to have a 9/11 in cyberspace,” he said. “We don’t need to suffer this kind of attack.”

Again, I presume Alexander is a patriot first and trying to make an honest buck second. But at the rates he’s charging, he’s got to be a saint, indeed, not to shade his testimony in the interests of his potential clients.

FILED UNDER: Economics and Business, Intelligence, Military Affairs, Science & Technology, , , , , , , , ,
James Joyner
About James Joyner
James Joyner is Professor of Security Studies at Marine Corps University's Command and Staff College. He's a former Army officer and Desert Storm veteran. Views expressed here are his own. Follow James on Twitter @DrJJoyner.

Comments

  1. edmondo says:

    The Senate Intelligence Committee next week will take up a bipartisan bill — sponsored by Senators Dianne Feinstein, a California Democrat, and Saxby Chambliss, a Georgia Republican

    Oh wow, now women participate in crony capitalism circle jerks too. You’ve come a long way, baby.

  2. Franklin says:

    There was actually an article a while back in MIT Technology Review about NSA spinoffs. What was interesting is that a large number of them are offering services to protect against NSA spying.

    Like most/all other government organizations, the NSA by statute has to attempt to bring their technology to market. It just seems like a colossal waste of time and money, just like the whole ‘build new weapons, sell them to other countries, and then sell the defense against those new weapons’.

    I suppose someone will tell me this is good for the economy (like breaking a window).

  3. Ron Beasley says:

    Still, I find this troubling for reasons I can’t quite put my finger on.

    I’m with you that Doug!

  4. Pinky says:

    I’m fine with this. $1 million a month in the private sector is fine by me. $9000 bonuses in the federal sector, I have a problem with.

  5. ratufa says:

    @Pinky:

    In principle, I’m not too concerned with the private sector paying someone $1 million/month. In the specific case where very large compensation is being paid to someone who was recently employed by the government, one has to wonder what services are, in reality, being bought. You should wonder about that, too. After all, these are people who were in the same group (Federal employees) that you think are overpaid if they get a $9,000 bonus.

  6. Grewgills says:

    @Pinky:
    One of the admins should check and see if Pinky was spoofed here.

  7. matt bernius says:

    @Grewgills:
    Just checked, pretty sure that’s Pinky being Pinky.

  8. PJ says:

    Again, I presume Alexander is a patriot first and trying to make an honest buck second.

    I don’t think $1M/month is anything close to an honest buck.

  9. James Joyner says:

    @PJ:

    I don’t think $1M/month is anything close to an honest buck.

    I don’t have the expertise to value cyber security for a multi-billion dollar financial enterprise. But, yeah, while I have no reason to think Alexander’s integrity is anything but beyond reproach, that staggering a salary bump naturally raises question as to what the client thinks it’s getting for the money.

  10. DC Loser says:

    Of course Alexander is selling access to his network. Nothing more.

  11. Barry says:

    James: “Partly, it’s because of the vast amount of classified information he had access to as head of the NSA. Aside from the vast troves gleaned from the NSA’s traditional methods, there’s the insights into American businesses that came from the various datamining operations during Alexander’s tenure. So, not only does he have unique expertise about the cyber threat but he also has a lot of knowledge about the vulnerabilities—and who knows what else—of competing banks. Again, I don’t question Alexander’s integrity. But, for even his discounted rate of three times his former annual salary a month, one presumes the people paying for his services have all that at the back of their minds.”

    Wasn’t he caught in perjury? Hasn’t the NSA done whatever it wanted, and then got retroactive legalization, or just used classification? Hasn’t the NSA installed a very large number of deep vulnerablities in a vast array of software, making computer systems far more vulnerable?

    James, do you have *any* evidence in favor of him being honest?

    Any at all?

  12. grumpy realist says:

    @Barry: Also, doesn’t Alexander still fall under probably a huge number of non-disclosure and security handcuffs?

    It would seem to me that Alexander wouldn’t be able to tell them anything about what they should be scared about.

    Second, the only reason to hire him is to front up a lobbying effort. Otherwise, any bank with any brains whatsoever would do better taking 1/100 of that cash and hiring a few lean and hungry MIT grads to test security and make suggestions.

  13. Barry says:

    @grumpy realist: ” Also, doesn’t Alexander still fall under probably a huge number of non-disclosure and security handcuffs? ”

    Do you think that those are binding on the Big Boys?

    If you or I was indiscreet, yes. This guy is somebody who’s been able to get away with everything.

    In addition, there’s a lot which can be said with winking and nodding, and making sure that people listen to what’s *not* being said.

  14. Barry says:

    @grumpy realist: “Second, the only reason to hire him is to front up a lobbying effort. Otherwise, any bank with any brains whatsoever would do better taking 1/100 of that cash and hiring a few lean and hungry MIT grads to test security and make suggestions. ”

    hiring the head of the NSA is like hiring the head of a guild of above the law hackers, backed by tens of billions of dollars. There’s expertise there which is not going to be duplicated by a few MIT grads (and I’ll bet that the NSA hires lots of MIT grads).

    In addition, as I and many others have pointed out, the NSA has installed a vast array of back doors in a vast array of commercial software and hardware. This guy is in a good position to (deniably) let companies know where the major vulnerabilities are.

  15. James Joyner says:

    @Barry:

    Wasn’t he caught in perjury?

    Not to my knowledge, no. You may be thinking of form DNI Jim Clapper?

    Hasn’t the NSA done whatever it wanted, and then got retroactive legalization, or just used classification?

    I think NSA did what Presidents Bush and Obama ordered them to do.

    Hasn’t the NSA installed a very large number of deep vulnerablities in a vast array of software, making computer systems far more vulnerable?

    So I’ve gathered, yes. What bearing does that have on the director’s personal integrity? That’s the mission.

    James, do you have *any* evidence in favor of him being honest?

    I think he deserves the presumption of honor absent evidence to the contrary rather than vice-versa.

  16. Barry says:

    @James Joyner: Tuesday, June 24, 2014 at 11:28

    Me: “Wasn’t he caught in perjury?”

    James: “Not to my knowledge, no. You may be thinking of form DNI Jim Clapper?”

    Me: “Hasn’t the NSA done whatever it wanted, and then got retroactive legalization, or just used classification?”

    James: “I think NSA did what Presidents Bush and Obama ordered them to do.”

    Ah, like Nixon’s crew, and the Iran-Contra gang.

    Me: “Hasn’t the NSA installed a very large number of deep vulnerablities in a vast array of software, making computer systems far more vulnerable?”

    James: “So I’ve gathered, yes. What bearing does that have on the director’s personal integrity? That’s the mission.”

    The bearing it has is obvious, but I’ll fill you in – he’s now peddling defenses against the vulnerabilities he helped install.

    Me: “James, do you have *any* evidence in favor of him being honest?”

    James: “I think he deserves the presumption of honor absent evidence to the contrary rather than vice-versa. ”

    Riiiiiiiiiiiiiiiiiiiiiigggggggggggggghhhhhhhhhhhhhhhhht. Government official retires and immediately starts business.