General Keith Alexander may not be the top dog at the NSA anymore, but that doesn’t mean that he’s not keeping busy. As Bloomberg reports, he’s out there preaching cyber-security to the nation’s biggest banks and charging a hefty price to do so.
As the four-star general in charge of U.S. digital defenses, Keith Alexander warned repeatedly that the financial industry was among the likely targets of a major attack. Now he’s selling the message directly to the banks.
Joining a crowded field of cyber-consultants, the former National Security Agency chief is pitching his services for as much as $1 million a month. The audience is receptive: Under pressure from regulators, lawmakers and their customers, financial firms are pouring hundreds of millions of dollars into barriers against digital assaults.
Alexander, who retired in March from his dual role as head of the NSA and the U.S. Cyber Command, has since met with the largest banking trade groups, stressing the threat from state-sponsored attacks bent on data destruction as well as hackers interested in stealing information or money.
Frankly, I have no problem with Alexander using his background and experience to make a buck in the private sector. That’s what America is all about. (Even if that buck comes in the form of a million a month… nice work if you can get it.) But his specific knowledge and history do give him some advantages – which can be passed on to clients – which might give pause to some observers.
Alexander is hardly the first powerful public official to peddle his services in the private sector at a hefty markup after leaving government. And I have no reason to think that Alexander’s dealings are anything but above board. Still, I find this troubling for reasons I can’t quite put my finger on.
Partly, it’s because of the vast amount of classified information he had access to as head of the NSA. Aside from the vast troves gleaned from the NSA’s traditional methods, there’s the insights into American businesses that came from the various datamining operations during Alexander’s tenure. So, not only does he have unique expertise about the cyber threat but he also has a lot of knowledge about the vulnerabilities—and who knows what else—of competing banks. Again, I don’t question Alexander’s integrity. But, for even his discounted rate of three times his former annual salary a month, one presumes the people paying for his services have all that at the back of their minds.
This is a ticklish sort of question. Generally speaking, having specific and rare expertise in a critical area is precisely what qualifies one for a lucrative, top level job. But if that expertise came in the form of having access to tons of information which might include the vulnerabilities and tightly held details of the competitors to your prospective clients… you can see the issue. The same caution might apply to highly placed military specialists and intelligence operatives when they enter the private sector.
I think we have to assume by default that Alexander is an honorable man looking to earn a living who would not violate the law and compromise others in doing so. Absent any proof to the contrary, it’s really the only assumption available. But the banks must be thinking that he may be bringing something extra special to the table if they’re willing to shell out that sort of money. Alexander will need to be keenly aware of that moving forward.