The NSA's Cyber-King Goes Corporate

Here's why Keith Alexander thinks he's worth a million dollars a month.

Keith Alexander, the recently retired director of the National Security Agency, left many in Washington slack-jawed when it was reported that he might charge companies up to $1 million a month to help them protect their computer networks from hackers. What insights or expertise about cybersecurity could possibly justify such a sky-high fee, some wondered, even for a man as well-connected in the military-industrial complex as the former head of the nation's largest intelligence agency?

The answer, Alexander said in an interview Monday, is a new technology, based on a patented and "unique" approach to detecting malicious hackers and cyber-intruders that the retired Army general said he has invented, along with his business partners at IronNet Cybersecurity Inc., the company he co-founded after leaving the government and retiring from military service in March. But the technology is also directly informed by the years of experience Alexander has had tracking hackers, and the insights he gained from classified operations as the director of the NSA, which give him a rare competitive advantage over the many firms competing for a share of the cybersecurity market.

The fact that Alexander is building what he believes is a new kind of technology for countering hackers hasn't been previously reported. And it helps to explain why he feels confident in charging banks, trade associations, and large corporations millions of dollars a year to keep their networks safe. Alexander said he'll file at least nine patents, and possibly more, for a system to detect so-called advanced persistent threats, or hackers who clandestinely burrow into a computer network in order to steal secrets or damage the network itself. It was those kinds of hackers who Alexander, when he was running the NSA, said were responsible for "the greatest transfer of wealth in American history" because they were routinely stealing trade secrets and competitive information from U.S. companies and giving it to their competitors, often in China.

Alexander is believed to be the first ex-director of the NSA to file patents on technology that's directly related to the job he had in government. He said that he had spoken to lawyers at the NSA, and privately, to ensure that his new patents were "ironclad" and didn't rely on any work that he'd done for the agency -- which still holds the intellectual property rights to other technology Alexander invented while he ran the agency.

Alexander is on firm legal ground so long as he can demonstrate that his invention is original and sufficiently distinct from any other patented technologies. Government employees are allowed to retain the patents for technology they invent while working in public service, but only under certain conditions, patent lawyers said. If an NSA employee's job, for instance, is to research and develop new cybersecurity technologies or techniques, then the government would likely retain any patent, because the invention was directly related to the employee's job. However, if the employee invented the technology on his own time and separate from his core duties, he might have a stronger argument to retain the exclusive rights to the patent.

"There is no easy black-and-white answer to this," said Scott Felder, a partner with the law firm Wiley Rein LLP in Washington, adding that it's not uncommon for government employees to be granted patents to their inventions.

A source familiar with Alexander's situation, who asked not to be identified, said that the former director developed this new technology on his private time, and that he addressed any potential infractions before deciding to seek his patents.

But Alexander started his company almost immediately after stepping down from the NSA. As for how much the highly classified knowledge in his head influenced his latest creation, only Alexander knows.

In the interview, Alexander insisted that the cybersecurity technology he's inventing now is distinct enough from his work at the NSA that he can file for new patents -- and reap all the benefits that come with them. A patent prohibits any other individual, company, or government agency from using the underlying invention without a license from the patent holder.

But even if Alexander's new technology is legally unique, it is shaped by the nearly nine years he spent running an intelligence colossus. He was the longest-serving director in the history of the NSA and the first commander of the U.S. Cyber Command, responsible for all cybersecurity personnel -- defensive and offensive -- in the military and the Defense Department. From those two perches, Alexander had access to the government's most highly classified intelligence about hackers trying to steal U.S. secrets and disable critical infrastructure, such as the electrical power grid. Indeed, he helped to invent new techniques for finding those hackers and filed seven patents on cybersecurity technologies while working for the NSA.

Alexander used his influence to warn companies that they were blind to cyberthreats that only the NSA could see, and that unless they accepted his help, they risked devastating losses. Alexander wanted to install monitoring equipment on financial companies' websites, but he was rebuffed, according to financial executives who took part in the discussions. His attempts to make the NSA a cyber-watchdog on corporate networks were seen as a significant intrusion by government into private business.

Few, if any, independent inventors have seen such detailed, classified information about the way hackers work and what classified means the government has developed to fight them, all of which gives Alexander a competitive advantage in his new life as a businessman. That insider knowledge has raised eyebrows on Capitol Hill, where Rep. Alan Grayson (D-Fla.) has publicly questioned whether Alexander is effectively selling classified information in exchange for his huge consulting fee. (Bloomberg reported that the figure dropped to $600,000 after the $1 million figure raised hackles in Washington and among computer-security experts.)

Alexander said that his new approach is different than anything that's been done before because it uses "behavioral models" to help predict what a hacker is likely to do. Rather than relying on analysis of malicious software to try to catch a hacker in the act, Alexander aims to spot them early on in their plots. Only the market will tell whether his approach is as novel as he claims. (One former national security official with decades of experience in security technology, and who asked to remain anonymous, said the behavioral-model approach is highly speculative and has never been used successfully.)

The former NSA chief said that IronNet has already signed contracts with three companies -- which he declined to name -- and that he hopes to finish testing the system by the end of September.

"We've got a great solution. We've got to prove that it works," Alexander said. "It will be another way of looking at cybersecurity that gives us greater capabilities than we've had in the past."

Asked why he didn't share this new approach with the federal government when he was in charge of protecting its most important computer systems, Alexander said the key insight about using behavior models came from one of his business partners, whom he also declined to name, and that it takes an approach that the government hadn't considered. It's these methods that Alexander said he will seek to patent.

Alexander said that if he determines that he needs to use technology or methods that the NSA has patented, he will pay for a license, including for anything he helped to invent while he was in office and for which he doesn't own the rights. During his time at the NSA, Alexander said he filed seven patents, four of which are still pending, that relate to an "end-to-end cybersecurity solution." Alexander said his co-inventor on the patents was Patrick Dowd, the chief technical officer and chief architect of the NSA. Alexander said the patented solution, which he wouldn't describe in detail given the sensitive nature of the work, involved "a line of thought about how you'd systematically do cybersecurity in a network."

That sounds hard to distinguish from Alexander's new venture. But, he insisted, the behavior modeling and other key characteristics represent a fundamentally new approach that will "jump" ahead of the technology that's now being used in government and in the private sector.

Alexander said he was persuaded to start a security business and apply for patents after hearing from potential customers, including company executives, who said they were worried about hackers who could steal or even erase the proprietary data on their companies' computers. Alexander said they were particularly worried about threats like the Wiper virus, a malicious computer program that targeted the Iranian Oil Ministry in April 2012, erasing files and data.

That will come as a supreme irony to many computer security experts, who say that Wiper is a cousin of the notorious Stuxnet virus, which was built by the NSA -- while Alexander was in charge -- in cooperation with Israeli intelligence. The program disabled centrifuges in a nuclear plant in Iran in a classified operation known as Olympic Games. The United States has never acknowledged its involvement.

The United States isn't the only government capable of building data-erasing malware. Iran is building a formidable cyber-army, U.S. intelligence officials say, and is believed to be behind a 2012 attack on an oil company in Saudi Arabia that erased data from more than 30,000 computers. Iranian hackers also launched a series of cyberattacks on major U.S. bank websites the same year, intelligence officials say. The strike took Washington by surprise because it was so sophisticated and aggressive. The hackers hijacked data centers consisting of thousands of computers each and used them to flood the bank websites with digital traffic, causing them to crash.

Brendan Smialowski / AFP


Obama Poised to Yank Top Military Intel Pick

An investigation into potentially illegal spending could leave the Pentagon's spy agency rudderless as it ramps up operations in Iraq.

The Obama administration is poised to abandon its pick to run the sprawling Defense Intelligence Agency amid two ongoing investigations into whether programs she had overseen have been marred by questionable and potentially illegal spending, according to administration officials and congressional sources with knowledge of the matter.

Lt. Gen. Mary Legere, who's currently the Army's top intelligence officer, has long been seen as the heir apparent to Lt. Gen. Mike Flynn, the DIA's current director, who announced in April his plans to retire this summer. Flynn, widely respected but also seen as a controversial reformer inside the military intelligence community, had been pressured to resign after butting heads with senior Pentagon officials who criticized him for failing to follow through on some of the plans he set out for the agency, such as focusing more on social and cultural analysis on the battlefield and trying to provide more strategic insights for senior leaders.

The White House has not nominated anyone for the job but lawmakers and U.S. officials have said that Legere has been the only one under serious consideration. The administration, however, is strongly leaning towards bypassing Legere and looking for someone else to fill the top post at the DIA, according to people familiar with the internal deliberations. That could leave the DIA, which employs nearly 17,000 military and civilian personnel and has a classified multibillion-dollar budget, facing a leaderless future just as it's ramping up the collection and analysis of intelligence on the Islamic State of Iraq and al-Sham (ISIS), which is seizing major cities in Iraq and threatening to march on Baghdad.

Legere is currently the subject of two internal military investigations that are making administration officials much more tentative about nominating her, according to government officials who are familiar with the proceedings. The first, and the more significant of the two, is looking into $93 million the Army spent on a controversial program meant to help soldiers share battlefield intelligence. Legere oversees the program, which uses a networked or "cloud" computing system known as Red Disk, and Army officials are investigating whether the Army paid for it by improperly diverting funds away from other accounts, including those set aside to fund the war in Afghanistan. Army investigators have said they want to know if the spending violated the Antideficiency Act, which was enacted in 1884 and prohibits government employees from spending money that hasn't been appropriated by Congress. The Army's intelligence system isn't designed solely for Afghanistan, so using war funding may have violated the law.

Red Disk is meant to give military intelligence personnel and soldiers in different locations around the world access to the same information, including satellite images and video footage from drones. The Army had been planning to build a different cloud system, called UX, but shifted over to Red Disk, which was being run by the Army's Intelligence and Security Command, two years ago. At the time, the UX cloud was still being designed for the Army by a consortium of defense contractors.

The switch prompted Rep. Duncan Hunter (R.-Calif.), one of Legere's fiercest critics, to accuse her and the Army of spending money without congressional approval or oversight and building a duplicative and unnecessary system. Hunter says the Army switched to Red Disk to cover up for the failures of the original cloud program, for which Congress appropriated more than $128 million.

Obama administration officials now think that if the president were to nominate Legere, she and other senior Army officials would face more intense scrutiny and questions about how the service has been spending hundreds of millions of taxpayer dollars. "Poor judgment influenced some very bad decisions," said one congressional staff member, who requested anonymity while speaking about a sensitive matter. "That's sure to be a focus of any potential nomination."

The Army started using Red Disk as part of a much larger and tortured program known as the Distributed Common Ground System. It's meant to give troops on the ground an easy way to collect intelligence about terrorists and enemy fighters, and then create detailed reports and maps that they can share with each other to plan and conduct operations. But critics -- and even some troops -- have long complained that the system doesn't actually work. They say it's too slow and hard to use, and that it has left them searching for cruder but more effective alternatives in the war zone. The Army has already spent nearly $3 billion on the Distributed Common Ground System but has failed to meet key milestones for bringing it online.

Legere has been the embattled system's most visible supporter, and that has made her a lightning rod on Capitol Hill, where Hunter in particular has railed against the Army for not using cheaper alternatives. Hunter has backed a commercial software developed by Palantir Technologies, which is headquartered in Hunter's home state and has offices in Northern Virginia, not far from the Pentagon. The Palantir software would cost millions, rather than the billions that the Army has spent on its common ground system.

As Foreign Policy reported earlier this year, the Pentagon had hidden an internal report that found that Palantir's software could handle many of the same jobs at a fraction of the cost. Legere and other Army officials have said that Palantir is more a tool than a comprehensive system, and that it cannot meet all of the Army's requirements for the cross-cutting, battlefield intelligence platform, which is expected to cost nearly $11 billion over 30 years and is being built by a consortium of major Beltway contractors, including Raytheon, Northrop Grumman, Lockheed Martin, and General Dynamics.

In a letter to Secretary of Defense Chuck Hagel and Director of National Intelligence James Clapper in May, Hunter said the fact that the Army has spent billions of dollars and still hasn't delivered a working system pointed to "a disconcerting pattern of failed management and oversight [by Legere] that must be corrected, not rewarded." Hunter said there were "several other qualified candidates" to lead the DIA and urged the administration not to nominate her.

In an interview with the New Republic, which published an extensive article about the Army's Distributed Common Ground System saga in June 2013, Legere said that the original UX cloud component was "experimental," and defended the decision to move to Red Disk. But UX was already being used at an intelligence center in Ft. Bragg, North Carolina, as well as a facility based at Bagram Airfield, in Afghanistan, which tended to undercut Legere's assertions that it was experimental and hadn't been fielded.

The second investigation that has imperiled Legere's nomination, improbably, concerns spending by the military's Korean War 60th Anniversary Commemoration Committee last year. As the head of all Army intelligence, Legere was assigned to lead the planning committee, which came under investigation for potential misuse of the private donations accepted to pay for the festivities. The law that allowed the Defense Department to establish the commission gave authority to accept private donations to fund the event. But officials familiar with the matter said the language on how the funds could be used was vague, and later prompted questions from lawyers about how the money was spent that triggered an investigation. Officials don't believe Legere had anything to do with the way in which the funds were used, but she is nonetheless part of that investigation and the results might prove embarrassing to the administration if the claims were substantiated.

Time is running out for the administration to pick a new candidate to lead the DIA. While Legere's formal nomination was expected by now, the latest it could come without leaving the agency without a director would be next week, congressional sources said. The Senate needs time to consider the nomination before it goes on recess in August, and Flynn is set to retire early that same month.

Flynn has been no fan of the Army intelligence system that Legere has publicly backed. In 2010, while serving as the director of intelligence in Afghanistan, he wrote a memo blasting the shortcomings of the Distributed Common Ground System, saying it "translates into operational opportunities missed and lives lost."

The controversy surrounding Legere could bring an abrupt end to a career that has long been marked by a steady climb through the ranks of the Army's intelligence community. Legere had been seen as such a rising star that her name surfaced last year as a possible replacement for Army Gen. Keith Alexander when he prepared to retire as the director of the National Security Agency and the commander of U.S. Cyber Command. But naming another Army officer to the post would have broken with the NSA's informal tradition of rotating among the branches of the armed services for its directors. It was the Navy's turn, and the nomination ultimately went to Adm. Michael Rogers, who took office in April. If Legere isn't nominated for the top job at DIA, it would likely scuttle any chances of her being posted to a top leadership post in one of the other intelligence agencies.

U.S. Army