[Infowarrior] - After Profits, Defense Firm Faces Pitfalls of Cybersecurity

Richard Forno rforno at infowarrior.org
Sun Jun 16 09:59:38 CDT 2013


June 15, 2013
After Profits, Defense Firm Faces Pitfalls of Cybersecurity

By DAVID E. SANGER and NICOLE PERLROTH

http://www.nytimes.com/2013/06/16/us/after-profits-defense-contractor-faces-the-pitfalls-of-cybersecurity.html

WASHINGTON — When the United Arab Emirates wanted to create its own version of the National Security Agency, it turned to Booz Allen Hamilton to replicate the world’s largest and most powerful spy agency in the sands of Abu Dhabi.

It was a natural choice: The chief architect of Booz Allen’s cyberstrategy is Mike McConnell, who once led the N.S.A. and pushed the United States into a new era of  big data espionage. It was Mr. McConnell who won the blessing of the American intelligence agencies to bolster the Persian Gulf sheikdom, which helps track the Iranians.

“They are teaching everything,” one Arab official familiar with the effort said. “Data mining, Web surveillance, all sorts of digital intelligence collection.”

Yet as Booz Allen profits handsomely from its worldwide expansion, Mr. McConnell and other executives of the government contractor — which sells itself as the gold standard in protecting classified computer systems and boasts that half its 25,000 employees have Top Secret clearances — have a lot of questions to answer.

Among the questions: Why did Booz Allen assign a 29-year-old with scant experience to a sensitive N.S.A. site in Hawaii, where he was left loosely supervised as he downloaded highly classified documents about the government’s monitoring of Internet and telephone communications, apparently loading them onto a portable memory stick barred by the agency?

The results could be disastrous for a company that until a week ago had one of the best business plans in Washington, with more than half its $5.8 billion in annual revenue coming from the military and the intelligence agencies. Last week, the chairwoman of the Senate Intelligence Committee, Dianne Feinstein, whom Mr. McConnell regularly briefed when he was in government, suggested for the first time that companies like Booz Allen should lose their broad access to the most sensitive intelligence secrets.

“We will certainly have legislation which will limit or prevent contractors from handling highly classified and technical data,” said Ms. Feinstein, a California Democrat. Senior White House officials said they agreed.

Yet cutting contractors out of classified work is a lot harder in practice than in theory. Booz Allen is one of many companies that make up the digital spine of the intelligence world, designing the software and hardware systems on which the N.S.A. and other military and intelligence agencies depend. Mr. McConnell speaks often about the need for the private sector to jolt the government out of its attachment to existing systems, noting, for example, that the Air Force fought the concept of drones for years.

Removing contractors from the classified world would be a wrenching change: Of the 1.4 million people with Top Secret clearances, more than a third are private contractors. (The background checks for those clearances are usually done by other contractors.)

Mr. McConnell himself has been among the most vocal in warning about the risks to contractors. “The defense industrial base needs to address security,” he said in an interview with The New York Times last year, months before Booz Allen hired Edward J. Snowden, its young systems administrator who has admitted to leaking documents describing secret N.S.A. programs. “It should be a condition for contracts. You cannot be competitive in the cyber era if you don’t have a higher level of security.”

Booz Allen is saying little about Mr. Snowden’s actions or the questions they have raised about its practices. Mr. McConnell, once among the most accessible intelligence officials in Washington, declined to be interviewed for this article.

“This has to hurt Mike’s relationship with the N.S.A.,” said a business associate of Mr. McConnell’s who requested anonymity. “He helped set up those contracts and is heavily engaged there.”

Indeed, few top officials in the intelligence world have become greater authorities on cyberconflict than the 69-year-old Mr. McConnell, who walks with a stoop from a bad back and speaks with the soft accent of his upbringing in Greenville, S.C. He began his career as a Navy intelligence officer on a small boat in the backwaters of the Mekong Delta during the Vietnam War. Years later he helped the American intelligence apparatus make the leap from an analog world of electronic eavesdropping to the new age of cyberweaponry.

President Bill Clinton relied on Mr. McConnell as director of the N.S.A., a post he held from 1992 to 1996. He then moved to Booz Allen as a senior vice president, building its first cyberunits. But with the intelligence community in disarray after its failure to prevent the terrorist attacks of Sept. 11, 2001, the fiasco of nonexistent weapons of mass destruction in Iraq and the toll of constant reorganization, President George W. Bush asked him to be the second director of national intelligence from 2007 to 2009.

That was when he made his biggest mark, forcing a reluctant bureaucracy to invest heavily in cybercapability and overseeing “Olympic Games,” the development of America’s first truly sophisticated cyberweapon, which was used against Iran’s nuclear enrichment program. When Mr. Bush needed someone to bring President-elect Barack Obama up to speed on every major intelligence program he was about to inherit, including drones and defenses against electronic intrusions from China, he handed the task to Mr. McConnell.

But Mr. Obama was not interested in keeping the previous team, and Mr. McConnell returned to Booz Allen in 2009. He earned more than $4.1 million his first year back, and $2.3 million last year. He is now vice chairman, and the company describes him as the leader of its “rapidly expanding cyberbusiness.”

In Washington he is often Booz Allen’s public face, because of his ties to the intelligence agencies and his extensive and loyal network of federal intelligence officials who once worked with him.

Two months ago, the company announced the creation of a Strategic Innovation Group, staffed by 1,500 employees who are pursuing, among other projects, one of Mr. McConnell’s favorites: the development of “predictive” intelligence tools that its clients can use to scour the Web for anomalies in behavior and warn of terror or cyberattacks. He has also hired a senior counterterrorism official to market products in the Middle East. This year, the company began working on a $5.6 billion, five-year intelligence analysis program for the Defense Intelligence Agency.

The company’s profits are up almost eightfold since it went public in late 2010. Its majority shareholder is the Carlyle Group, which matches private equity with a lot of Washington power, and its executives, chief among them Mr. McConnell, drum up business by warning clients about the potential effects of cyberweapons.

“The digital capabilities are a little bit like W.M.D.’s,” Mr. McConnell said in the interview last year. The good news, he said, is that countries like China and Russia recognize limits in using those weapons, and terror groups have been slow to master the technology. “The people that would do us harm aren’t yet in possession of them,” he said.

As director of national intelligence, Mr. McConnell kept a giant world map propped up in front of his desk. Countries were sized by Internet traffic, and the United States ballooned bigger than all others — a fact that he told a visitor was at once “a huge intelligence advantage and a huge vulnerability.”

The advantage was that the United States’ role as the world’s biggest Internet switching center gave it an opportunity to sort through the vast troves of metadata — including phone records, Internet activity and banking transactions — enabling analysts to search for anomalies and look for attacks in the making. But he chafed at the legislative restrictions that slowed the process.

So in 2007, as the intelligence chief, he lobbied Congress for revisions to the Foreign Intelligence Surveillance Act to eliminate some of the most burdensome rules on the N.S.A., including that it obtain a warrant when spying on two foreigners abroad simply because they were using a wired connection that flowed through a computer server or switch inside the United States.

It made no sense in the modern age, he argued. “Now if it were wireless, we would not be required to get a warrant,” he told The El Paso Times in August of that year.

The resulting changes in both law and legal interpretations led to many of the steps — including the government’s collection of logs of telephone calls made in and out of the country — that have been debated since Mr. Snowden began revealing the extent of such programs. Then Mr. McConnell put them into effect.

In 2007, “Mike came back into government with a 100-day plan and a 500-day plan for the intelligence community,” said Stephen J. Hadley, Mr. Bush’s national security adviser. “He brought a real sense of the private sector to the intelligence world, and it needed it.”

The new technologies created a flood of new work for the intelligence agencies — and huge opportunities for companies like Booz Allen. It hired thousands of young analysts like Mr. Snowden. The intelligence agencies snapped them up, assigning them to sensitive, understaffed locales, including the Hawaii listening station where Mr. Snowden downloaded his materials.

Only last month, the Navy awarded Booz Allen, among others, the first contracts in a billion-dollar project to help with “a new generation of intelligence, surveillance and combat operations.”

The new push is to take those skills to American allies, especially at a time of reduced spending in Washington. So while the contract with the United Arab Emirates is small, it may be a model for other countries that see cyberdefense — and perhaps offense — as their future. The company reported net income of $219 million in the fiscal year that ended on March 31. That was up from net income of $25 million in 2010, shortly after Mr. McConnell returned to the company.

But the legal warnings at the end of its financial report offered a caution that the company could be hurt by “any issue that compromises our relationships with the U.S. government or damages our professional reputation.”

By Friday, shares of Booz Allen had slid nearly 6 percent since the revelations. And a new job posting appeared on its Web site for a systems administrator in Hawaii, “secret clearance required.”

D avid E. Sanger reported from Washington, and Nicole Perlroth from San Francisco.

---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.



More information about the Infowarrior mailing list