According to these stories, a Congressman wants to know if
former NSA chief Gen. Keith Alexander is selling classified info to banks. There
is nothing to this story. It’s gossip based on upon rumor based on speculation
based on innuendo. It’s such obvious character assassination that I shouldn’t
have to write a blog post debunking it, but apparently you people have gone
insane.
It all started with this Bloomberg story citing unnamed
sources that Alexander offered his services to a banking association for
$600,000 a month. This has led some to question what value Alexander can
provide for that money. Cyber pundit Bruce Schneier speculated that the only
thing Alexander could sell for that amount of money is classified information.
This was then quoted by Congressman Grayson calling for a probe into Alexander. This story was then picked up by “journalists” writing
what are clearly hit pieces, furthering the character assassination.
Bruce Schneier is not Cyber’s Holy Prophet, as many in the
media quote him. Schneier isn’t a "full cybersecurity" expert. He’s
certainly a smart guy, and an expert in cryptography, but that’s only a small
part of cybersecurity. Schneier has little expertise in firewalls, sysadmin,
coding, pen-testing, and other important areas of cybersecurity. Cybersecurity is a big field -- nobody knows it all, and nobody is a 100% cybersecurity expert. His fame rests
not on his expertise but his populism: people like what his says about evil
corporations like Microsoft and the evil NSA.
Schneier’s speculation in this case is an example of his populism.
His comment is based on his ignorance, not his expertise. He doesn't even claim that he has evidence for his assertion. Anybody with
experience in such matters would know how Alexander can command that much money
without divulging national secrets.
Alexander’s primary value is his rolodex: he’s got personal
relationships up and own the intelligence community. By “up” I mean Alexander
knows leaders. When he’s got something to sell, he can just call them directly,
and they will trust him. By “down” I mean he knows the capability of people
who have worked for him in the past, people he can pull together in an
organization in order to create something to sell. He knows who wrote Stuxnet,
he knows who has carried out TAO operations.
Because of his rolodex, Alexander is going to earn tens of
millions of dollars over the next several years. I say “next several years”
because his rolodex ages quickly. Personal relationships fade, people retire or
move on. He’s like a young startlett whose beauty is fading fast. In the meantime, if you want lunch with Alexander, then it's going to cost you $5,000, because that's what his time is worthy right now.
It’s hard to know exactly how Alexander might exploit his rolodex.
One way would to just go to work for an existing defense contractor like
Booz-Allen. Another is to become a lobbyist, peddling influence. Another way is
to start his own consulting company. Investors will line up to invest in such a
company, so the funding wouldn’t be hard. From the rumors, that’s apparently
what he’s done.
If he’s building his own consulting company, then it’s going
to be a team of people that he sells. Alexander is a team leader, not an
individual actor. Sure, he's probably absorbed a lot of technical knowledge, but when push comes to shove, he's going to need to refer to a member of his team on a subtle point. That $600,000 is for a team of people accomplishing some goal
– it’s stupid to imagine it was just for him.
Alexander isn’t responding to this character assassination
for two reasons. One of which is that the “journalists” involved are so
obviously writing hit pieces that he knows they won't treat his comments fairly.
The second is that his PR people want him to have a low profile in the press
until he’s ready to make a splash announcing his new company.
Update: Trevor Timm (@trevortimm) conclusively points out that the above paragraph is wrong, that Generals do leak national secrets, such as in this probe of Stuxnet, and Bob Woodward's book Obama's Wars. Those examples are all of leaks of political nature -- which I know happen a lot. I don't know of commercial leaks. I know a lot of former officers that could profit from selling confidential info (and get away with it), but who don't, because of that whole "honor and patriotism" thing.
I’m not sticking up for Alexander here. His prevarications in the Snowden Affair mark him as a bit of a douchebag. His tenure of 8 years as chief of the NSA (and Cyber Command) mark him as a corrupt tyrant. I’m betting he’ll get drawn into influence peddling and lobbying, even if he’s trying to create a non-Washington technical company.
I’m not sticking up for Alexander here. His prevarications in the Snowden Affair mark him as a bit of a douchebag. His tenure of 8 years as chief of the NSA (and Cyber Command) mark him as a corrupt tyrant. I’m betting he’ll get drawn into influence peddling and lobbying, even if he’s trying to create a non-Washington technical company.
I’m just trying to point out that these stories are
bunk, and that apparently, none of you care about the truth or fairness of
these stories, because you enjoy seeing a great man being taken down.
Update: People have criticized calling him a "great man". I'm quoting the Harry Potter movie here people, where the guy who sells Harry's wand points out that Voldermort was a great wizard, a great and terrible wizard. Gen. Alexander revamped cyber in the NSA and the military in his 8 years. For good or bad, it's still a "great" (huge) accomplishment.
Update: People have criticized calling him a "great man". I'm quoting the Harry Potter movie here people, where the guy who sells Harry's wand points out that Voldermort was a great wizard, a great and terrible wizard. Gen. Alexander revamped cyber in the NSA and the military in his 8 years. For good or bad, it's still a "great" (huge) accomplishment.
3 comments:
"Schneier has little expertise in firewalls, sysadmin, coding, pen-testing, and other important areas of cybersecurity."
And a lot of people who have extensive experience in all those areas still don't know SQUAT about "SECURITY"...which Schneier DOES know pretty well. Certainly more than Keith Alexander...
I just don't think it's wise for you to disrespect Schneier. You're literally a nobody. He's one of the few people out there who truly understands and cares about security... "Cyber Pundit"??? have u seriously lost your mind???
Post a Comment