Former NSA Director Gen. Keith Alexander Tells Foreign Policy Why He Thinks He’s Worth One Million Dollars Per Month
Shane Harris has a July 29, 2014 article in Foreign Policy with former NSA Director General (retired) Keith Alexander, who discusses the new cyber security company he is co-founding; and, why he’s worth one million dollars a month to his customers. “What insights, or expertise about cyber security could possibly justify such a sky-high fee, some wondered — even for a man as well-connected in the military-industrial complex as the former head of the nation’s largest intelligence agency,” asks Mr. Harris.
“The answer,” Mr. Harris writes, “given by Gen. Alexander” in a Monday interview with Foreign Policy, “is a new technology, based on a patented and “unique” approach to detecting malicious hackers and cyber-intruders that the retired Army general said he has invented, along with his partners at IronNet Cyber Security Inc.” “The technology,” Mr. Harris adds, “is directly informed by the years of experience has had in tracking hackers; and, the insights he gained from classified operations as Director of NSA — which gave [gives] him a competitive advantage over the many firms competing for a share of the cyber security market.”
Gen. Alexander told Foreign Policy that he will “file at least 9 patents, and possibly more, for a system to detect so-called advanced persistent threats, or hackers who clandestinely burrow into a computer network to steal secrets or damage the network itself.” “It was those kinds of hackers who Alexander, when he was running NSA, said were responsible for “the greatest transfer of wealth in American history,” because they were routinely stealing trade secrets and competitive from U.S. companies — and, giving it to their competitors — often in China,” wrote Mr. Harris.
“Alexander is believed to be the first ex-NSA Director to file patent’s on technology that’s directly related to the job he had in government,” adds Mr. Harris. Gen. Alexander stated that he had talked to lawyers at the NSA, as well as his own private attorney’s — “to ensure that his patents were “ironclad;” and, “didn’t rely on any work that he’d done for the agency — which still holds the intellectual property rights to other technology that [Gen.] Alexander invented while at NSA,” wrote Mr. Harris.
“Gen. Alexander is on firm legal ground,” contends Mr. Harris, “as long as he can demonstrate that his invention is original; and, sufficiently distinct from other patented technologies.” “Government employees are allowed to retain the patents for technology they invent while working in public service, but, only under certain conditions,” patent lawyers said. “If an NSA employee’s job, for instance, is to research and develop new cyber security technologies or techniques, then the government would likely retain any patent, because the invention was directly related to the employee’s job,” Mr. Harris noted. “However,” he added, “if the employee invented the technology on his own time; and, separate from his/her core duties, he/she might have a stronger argument to retain the exclusive rights to the patent,” he wrote.
“There is no easy black-and-white answer to this,” said Scott Felder, a partner with the law firm Wiley Rein LLP in Washington, adding that it’s not uncommon for government employees to be granted patents for their inventions.” “A source familiar with Alexander’s situation, and asked not to be identified – according to Mr. Harris, said that “the Director developed this new technology on his private time; and added, he addressed any potential infractions — before deciding to seek his patents.” “But,” says Mr. Harris, “Alexander started his company almost immediately upon leaving NSA; and, as for how much the highly classified knowledge in his head influence his latest creation, only Alexander knows.”
During the interview with Foreign Policy, Mr. Harris writes that “Alexander insisted that the cyber security technology he’s inventing now — is distinct enough from his work at the NSA, that he can file for new patents — and, reap all the benefits that come with them. A patent, he adds, “prohibits any other individual, company, or government agency from using the underlying invention without a license from the patent holder.”
“But, even if Alexander’s new technology is legally unique, it is shaped by the nearly nine years he spent running an intelligence colossus,” contends Mr. Harris. He adds that Alexander was “the longest serving Director in the history of the NSA; and the first Commander of the U.S. Cyber Command (USCYBERCOM), responsible for all cyber security personnel [military and government civilians] defensive — and offensive — in the Defense Department.” From those two perches,” notes Mr. Harris, “Alexander had access to government’s most highly classified intelligence about hackers trying to steal U.S. secrets and disable critical infrastructure, such as an electrical power grid.” “Indeed,” says Mr. Harris, “he [Alexander} helped to invent new techniques for finding those hackers; and, filed seven patents on cyber security technologies while working for the NSA.”
“Alexander,” Mr. Harris notes, “used his influence to warn companies they were blind to cyber threats that only the NSA could see; and that, unless they accepted his help, — they risked devastating losses. Alexander wanted to install monitoring equipment on financial companies’ websites, but he was rebuffed, according to financial executives who took part in the discussions. His attempts to make NSA a cyber watch-dog on corporate networks — were seen as a significant intrusion by government into private business.”
“Few, if any, independent inventors have seen such detailed, classified information about the way hackers work; and, what classified means the government has developed to fight them, — all of which gives Alexander a competitive advantage in his new life as a businessman,” writes Mr. Harris. “That insider knowledge has raised eyebrows on Capital Hill,” notes Mr. Harris, “where Rep. Alan Grayson (D. Fla.) has publicly questioned whether Alexander is effectively selling classified information in exchange for his huge consulting fee.” (Bloomberg reported that the figure dropped to $600K, after the $1M figure raised hackles in Washington and among computer-security experts.)
“Alexander says his new approach is different from anything that’s been done before, because it uses “behavioral models,” to help predict what the hacker might do next. Rather than rely on analysis of malicious software,” writes Mr. Harris, “to try and catch a hacker in the act, Alexander aims to spot them early on in their plots. Only the market will tell if his approach is as novel as he claims. (One former national security official with decades of experience in security technology, and who asked to remain anonymous, said the behavioral model is a speculative approach and has never been used successfully).”
“Asked why he didn’t share this new approach with the Federal government while he was in charge of protecting its most important computer systems, Alexander said the key insight about using behavioral models came from one of his business partners, whom he also declined to name, and that it takes an approach that the government hadn’t considered. It’s these methods, that Alexander intends to patent,” Mr. Harris wrote. The general said “if he determines that he needs to use technology or methods that NSA has patented, he will pay for a license, including for anything he helped invent while he was in office; and, for which he doesn’t own the rights. Gen. Alexander insisted the behavioral modeling and other characteristics represent a fundamentally new approach that will “jump” ahead of the technology that’s now being used in government, and in the private sector,” Mr. Harris wrote.
“Alexander said company executives were particularly worried hackers could steal, or even erase the proprietary data on their companies’ computers — especially the Wiper [wiper] virus, a malicious computer program that targeted the Iranian Oil Ministry in April 2012, erasing files and data,” wrote Mr. Harris. “That will come as a supreme irony to many computer security experts,” Mr. Harris noted, “who said the Wiper is a cousin of the notorious Stuxnet virus, which was built by NSA — while Alexander was in charge — in cooperation with Israeli intelligence.”
I wish nothing but good things for General (retired) Alexander; and, I hope he can do some good at the same time. Having said all that, I am not a big fan of behavioral modeling — other than it can be additive to an overall analytical picture; but, I am skeptical it will be additive enough to justify the kind of fees we’re talking here. V/R, RCP