After whistleblower Edward Snowden called attention to the illegal reach of the National Security Agency (NSA), more scrutiny turned to the unseemly behavior of top management there. So a few months back a number of jaded Washington observers noticed Keith Alexander trundling through the revolving door between his well-paid perch as the NSA director and his new private-sector gig as head of his own cybersecurity consulting firm, IronNet. At the time, there developed rampant speculation about the ways in which Alexander might monetize his recent insider status at the NSA. He, of course, quickly denied any such prospects. With a perfectly straight face, he asserted that all cybersecurity innovations he concocted while at the NSA, now to be marketed by IronNet, were invented on his personal time.
For highly-paid consultants and entrepreneurs here in our nation's capital, this fall is not an opportune moment to draw attention to your close connections in government. All summer we watched, spellbound, as a court in Virginia tried to decide if former Governor Robert McDonnell and his wife Maureen were officially corrupt because they accepted gifts from businessman Jonnie Williams. In the end, the jury decided they were: "The couple conspired to lend the prestige of the governor's office to Jonnie R. Williams Sr. in a nefarious exchange for his largesse."
If you watched this drama closely, you surely noticed how narrowly we conceptualize corruption in America. A government official is guilty of corruption only if he or she was given a gift, favor or cash in direct exchange for an official action that favored the business in question. In effect, general influence peddling and election purchasing, which we see more commonly, are legitimate.
Keith Alexander is taking advantage of this. The International Business Times reported his argument that he's done nothing wrong by using experience from his years as U.S. intelligence chief in the private sector. His move to IronNet, he claimed, was based on solid legal analysis. It turns out that the lawyers who determined this worked for him at the NSA. Consequently, we're now told, Alexander's recent applications for patents to establish ownership of his new cybersecurity programs are appropriate.
No matter how he argues it, however, Alexander's commercial machinations represent conduct unbecoming. Robert Stoll, a former commissioner at the U.S. Patent and Trademark Office quoted by Bloomberg about the Alexander's cybersecurity patent applications, pointed out: "There is a perception that if he's just five months out, he did conceive of it (a cybersecurity program) while he was there."
So there's that. Then there's this: Alexander needs to patent his breakthrough cybersecurity techniques because he has customers lined up to buy them. For a hefty fee. The clients are just who you might imagine they would be: The big banks Alexander spooked as NSA chief by telling them they were about to be the victims of terrifying and ruinous cyber-attacks. Just before he departed the NSA, Alexander told the Senate Armed Services Committee: "I urge you to consider the now daily reports of hostile cyber activity against our nation's networks and appreciate the very real threat they pose to our nation's economic and national security..." Last month, he spoke directly to Bloomberg about the vulnerability of U.S. banks: "If you can steal the data -- if you can reach in that far and steal it -- you can do anything else you want. You collapse one bank and our financial structure collapses."
And there's more, Alexander insinuates. The attacks are (probably) coming from -- RUSSIA! When discussing a data theft from JP Morgan Chase about a week ago, Alexander ventured that the cyber attack originated in Russia, although he admitted he had no direct knowledge about what happened. According to Bloomberg, Alexander said that "The attack could have been intended to give U.S. policymakers pause as they are making international and economic decisions."
Yes. It could. Or -- it couldn't. We can't be sure. But without pausing to examine the likelihood of a massive Russian hack attack on our Too-Big-To-Fail banking system, which, more informed financial analysts assert, will soon collapse all by itself, Alexander induces what the Russians are trying to say: "If it was them, they just sent a real message: 'You're vulnerable.'"
On his blog, Shane Harris put all the pieces together: "Alexander used his influence to warn companies that they were blind to cyberthreats that only the NSA could see, and that unless they accepted his help, they risked devastating losses." Harris also pointed out that Alexander's consulting fee is extraordinarily high: it dropped to the discount level of $600,000 a month after consultants reported their astonishment at the widely quoted $1 million-a-month figure that floated in July.
- As NSA director (and the head of U.S. Cyber Command) Keith Alexander supervised the nation's most advanced cybersecurity offensives and defenses, all of which are secret.
- In this capacity, he consistently warned/threatened private industry (esp. banking) about imminent cyberattacks that will destroy them unless they take immediate defensive measures.
- Post-retirement, he opened up an advanced cybersecurity consulting firm and now flogs his services to the private sector for a monthly fee of $600,000 that leaves even Washington's cynical revolving-door specialists slack-jawed.
- Alexander applies for patents to establish ownership of cybersecurity defense measures he's selling to financial institutions.
- He consults attorneys who worked for him at the NSA about the propriety of his actions.
- They concur with him that he's done nothing wrong.
- A Virginia jury convicts Robert and Maureen McDonnell of corruption for accepting golf outings, lavish vacations and $120,000 in low-cost loans.
It's a good thing we're a nation of laws. Imagine how Alexander would behave if we weren't.
Bea Edwards is Executive & International Director of the Government Accountability Project, the nation's leading whistleblower protection organization. She is also the author of The Rise of the American Corporate Security State.