Quantcast
  

Saturday, April 19, 2014         

NEW YORK TIMES


 Print   Email   Comment | View 1 Comments   Most Popular   Save   Post   Retweet

After profits, defense contractor faces the pitfalls of cybersecurity

By DAVID E. SANGER and NICOLE PERLROTH

POSTED:



WASHINGTON » When the United Arab Emirates wanted to create its own version of the National Security Agency, it turned to Booz Allen Hamilton to replicate the world's largest and most powerful spy agency in the sands of Abu Dhabi.

It was a natural choice: The chief architect of Booz Allen's cyberstrategy is Mike McConnell, who once led the NSA and pushed the United States into a new era of big data espionage. It was McConnell who won the blessing of the U.S. intelligence agencies to bolster the Persian Gulf sheikdom, which helps track the Iranians.

"They are teaching everything," one Arab official familiar with the effort said. "Data mining, Web surveillance, all sorts of digital intelligence collection."

Yet as Booz Allen profits handsomely from its worldwide expansion, McConnell and other executives of the government contractor - which sells itself as the gold standard in protecting classified computer systems and boasts that half its 25,000 employees have Top Secret clearances - have a lot of questions to answer.

Among the questions: Why did Booz Allen assign a 29-year-old with scant experience to a sensitive NSA site in Hawaii, where he was left loosely supervised as he downloaded highly classified documents about the government's monitoring of Internet and telephone communications, apparently loading them onto a portable memory stick barred by the agency?

The results could be disastrous for a company that until a week ago had one of the best business plans in Washington, with more than half its $5.8 billion in annual revenue coming from the military and the intelligence agencies. Last week, the chairwoman of the Senate Intelligence Committee, Dianne Feinstein, whom McConnell regularly briefed when he was in government, suggested for the first time that companies like Booz Allen should lose their broad access to the most sensitive intelligence secrets.

"We will certainly have legislation which will limit or prevent contractors from handling highly classified and technical data," said Feinstein, D-Calif. Senior White House officials said they agreed.

Yet cutting contractors out of classified work is a lot harder in practice than in theory. Booz Allen is one of many companies that make up the digital spine of the intelligence world, designing the software and hardware systems on which the NSA and other military and intelligence agencies depend. McConnell speaks often about the need for the private sector to jolt the government out of its attachment to existing systems, noting, for example, that the Air Force fought the concept of drones for years.

Removing contractors from the classified world would be a wrenching change: Of the 1.4 million people with Top Secret clearances, more than a third are private contractors. (The background checks for those clearances are usually done by other contractors.)

McConnell himself has been among the most vocal in warning about this risk to contractors. "The defense industrial base needs to address security," he said in an interview with The last year, months before Booz Allen hired Edward J. Snowden, its young systems administrator who has admitted to leaking documents describing secret NSA programs. "It should be a condition for contracts. You cannot be competitive in the cyber era if you don't have a higher level of security."

Booz Allen is saying little about Snowden's actions or the questions they have raised about its practices. McConnell, once among the most accessible intelligence officials in Washington, declined to be interviewed for this article.

"This has to hurt Mike's relationship with the NSA," said a business associate of McConnell's who requested anonymity. "He helped set up those contracts and is heavily engaged there."

Indeed, few top officials in the intelligence world have become greater authorities on cyberconflict than the 69-year-old McConnell, who walks with a stoop from a bad back and speaks with the soft accent of his upbringing in Greenville, S.C. He began his career as a Navy intelligence officer on a small boat in the backwaters of the Mekong Delta during the Vietnam War. Years later he helped the U.S. intelligence apparatus make the leap from an analog world of electronic eavesdropping to the new age of cyberweaponry.

President Bill Clinton relied on McConnell as director of the NSA, a post he held from 1992 to 1996. He then moved to Booz Allen as a senior vice president, building its first cyberunits. But with the intelligence community in disarray after its failure to prevent the terrorist attacks of Sept. 11, 2001, the fiasco of nonexistent weapons of mass destruction in Iraq and the toll of constant reorganization, President George W. Bush asked him to be the second director of national intelligence from 2007 to 2009.

That was when he made his biggest mark, forcing a reluctant bureaucracy to invest heavily in cybercapability and overseeing "Olympic Games," the development of the United States' first truly sophisticated cyberweapon, which was used against Iran's nuclear enrichment program. When Bush needed someone to bring President-elect Barack Obama up to speed on every major intelligence program he was about to inherit, including drones and defenses against electronic intrusions from China, he handed the task to McConnell.

Obama was not interested in keeping the previous team, though, and McConnell returned to Booz Allen in 2009. He earned more than $4.1 million his first year back, and $2.3 million last year. He is now vice chairman, and the company describes him as the leader of its "rapidly expanding cyberbusiness."

In Washington he is often Booz Allen's public face, because of his ties to the intelligence agencies and his extensive and loyal network of federal intelligence officials who once worked with him.

Two months ago, the company announced the creation of a Strategic Innovation Group, staffed by 1,500 employees who are pursuing, among other projects, one of McConnell's favorites: the development of "predictive" intelligence tools that its government clients can use to scour the Web for anomalies in behavior and warn of terror or cyberattacks. He has also hired a senior counterterrorism official to market products in the Middle East. This year, the company began working on a $5.6 billion, five-year intelligence analysis program for the Defense Intelligence Agency.

The company's profits are up almost eightfold since it went public in late 2010. Its majority shareholder is the Carlyle Group, which matches private equity with a lot of Washington power, and its executives, chief among them McConnell, drum up business by warning clients about the potential effects of cyberweapons.

"The digital capabilities are a little bit like WMDs," McConnell said in the interview last year. The good news, he said, is that countries like China and Russia recognize limits in using those weapons, and terror groups have been slow to master the technology. "The people that would do us harm aren't yet in possession of them," he said.

As director of national intelligence, McConnell kept a giant world map propped up in front of his desk. Countries were sized by Internet traffic, and the United States ballooned bigger than all others - a fact that he told a visitor was at once "a huge intelligence advantage and a huge vulnerability."

The advantage was that the United States' role as the world's biggest Internet switching center gave it an opportunity to sort through the vast troves of metadata - including phone records, Internet activity and banking transactions - enabling analysts to search for anomalies and look for attacks in the making. But he chafed at the legislative restrictions that slowed the process.

So in 2007, as the intelligence chief, he lobbied Congress for revisions to the Foreign Intelligence Surveillance Act to eliminate some of the most burdensome rules on the NSA, including that it obtain a warrant when spying on two foreigners abroad simply because they were using a wired connection that flowed through a computer server or switch inside the United States.

It made no sense in the modern age, he argued. "Now if it were wireless, we would not be required to get a warrant," he told The El Paso Times in August of that year.

The resulting changes in both law and legal interpretations led to many of the steps - including the government's collection of logs of telephone calls made in and out of the country - that have been debated since Snowden began revealing the extent of such programs. Then McConnell put them into effect.

In 2007, "Mike came back into government with a 100-day plan and a 500-day plan for the intelligence community," said Stephen J. Hadley, Bush's national security adviser. "He brought a real sense of the private sector to the intelligence world, and it needed it."

The new technologies created a flood of new work for the intelligence agencies - and huge opportunities for companies like Booz Allen. It hired thousands of young analysts like Snowden. The intelligence agencies snapped them up, assigning them to sensitive, understaffed locales, including the Hawaii listening station where Snowden downloaded his materials.

Only last month, the Navy awarded Booz Allen, among others, the first contracts in a billion-dollar project to help with "a new generation of intelligence, surveillance and combat operations."

The new push is to take those skills to U.S. allies, especially at a time of reduced spending in Washington. So while the contract with the United Arab Emirates is small, it may be a model for other countries that see cyberdefense - and perhaps offense - as their future. The company reported net income of $219 million in the fiscal year that ended March 31. That was up from net income of $25 million in 2010, shortly after McConnell returned to the company.

But the legal warnings at the end of its financial report offered a caution that the company could be hurt by "any issue that compromises our relationships with the U.S. government or damages our professional reputation."

By Friday, shares of Booz Allen had slid almost 7 percent since the revelations. And a new job posting appeared on its website for a systems administrator in Hawaii, "secret clearance required."






 Print   Email   Comment | View 1 Comments   Most Popular   Save   Post   Retweet

COMMENTS
(1)
You must be subscribed to participate in discussions
By participating in online discussions you acknowledge that you have agreed to the TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. Because only subscribers are allowed to comment, we have your personal information and are able to contact you. If your comments are inappropriate, you may receive a warning, and if you persist with such comments you may be banned from posting. To report comments that you believe do not follow our guidelines, email commentfeedback@staradvertiser.com.
Leave a comment

Please login to leave a comment.
manakuke wrote:
In the real danger zones!
on June 16,2013 | 06:03AM
IN OTHER NEWS
Latest News/Updates