THE NASTY BUSINNESS OF SURVEILLANCE IN THE NAME OF
PROTECTING THE NACION FROM THERRORISTS THREATS. PART 1
AFTER PROFITS, DEFENSE CONTRACTOR FACES THE PITFALLS
OF CYBERSECURITY. http://www.nytimes.com
Mike McConnell, vice chairman of
Booz Allen Hamilton, was a director of national intelligence.
WASHINGTON —
When the United Arab Emirates wanted to create its own version of the National Security Agency, it turned to Booz Allen Hamilton to replicate the world’s
largest and most powerful spy agency in the sands of Abu Dhabi.
It
was a natural choice: The chief architect of Booz Allen’s cyberstrategy is Mike
McConnell, who once led the N.S.A. and pushed the United States into
a new era of big data espionage. It was Mr. McConnell who won the blessing of
the American intelligence agencies to bolster the Persian Gulf sheikdom, which
helps track the Iranians.
“They
are teaching everything,” one Arab official familiar with the effort said.
“Data mining, Web surveillance, all sorts of digital intelligence collection.”
Yet
as Booz Allen profits handsomely from its worldwide expansion, Mr. McConnell
and other executives of the government contractor — which sells itself as the
gold standard in protecting classified computer systems and boasts that half
its 25,000 employees have Top Secret clearances — have a lot of questions to
answer.
Among
the questions: Why did Booz Allen assign a 29-year-old with scant experience to
a sensitive N.S.A. site in Hawaii, where he was left loosely supervised as he
downloaded highly classified documents about the government’s monitoring of
Internet and telephone communications, apparently loading them onto a portable
memory stick barred by the agency?
The
results could be disastrous for a company that until a week ago had one of the
best business plans in Washington, with more than half its $5.8 billion in
annual revenue coming from the military and the intelligence agencies. Last
week, the chairwoman of the Senate Intelligence Committee, Dianne Feinstein,
whom Mr. McConnell regularly briefed when he was in government, suggested for the first time
that companies like Booz Allen should lose their broad access to the most
sensitive intelligence secrets.
“We
will certainly have legislation which will limit or prevent contractors from
handling highly classified and technical data,” said Ms. Feinstein, a
California Democrat. Senior White House officials said they agreed.
Yet
cutting contractors out of classified work is a lot harder in practice than in
theory. Booz Allen is one of many companies that make up the digital spine of
the intelligence world, designing the software and hardware systems on which
the N.S.A. and other military and intelligence agencies depend. Mr. McConnell
speaks often about the need for the private sector to jolt the government out
of its attachment to existing systems, noting, for example, that the Air Force
fought the concept of drones for years.
Removing
contractors from the classified world would be a wrenching change: Of the 1.4
million people with Top Secret clearances, more than a third are private
contractors. (The background checks for those clearances are usually done by
other contractors.)
Mr.
McConnell himself has been among the most vocal in warning about the risks to
contractors. “The defense industrial base needs to address security,” he said
in an interview with The New York Times last year, months before Booz Allen
hired Edward J. Snowden, its young systems administrator who has admitted to
leaking documents describing secret N.S.A. programs. “It should be a condition
for contracts. You cannot be competitive in the cyber era if you don’t have a
higher level of security.”
Booz
Allen is saying little about Mr. Snowden’s actions or the questions they have
raised about its practices. Mr. McConnell, once among the most accessible
intelligence officials in Washington, declined to be interviewed for this
article.
“This
has to hurt Mike’s relationship with the N.S.A.,” said a business associate of
Mr. McConnell’s who requested anonymity. “He helped set up those contracts and
is heavily engaged there.”
Indeed,
few top officials in the intelligence world have become greater authorities on
cyberconflict than the 69-year-old Mr. McConnell, who walks with a stoop from a
bad back and speaks with the soft accent of his upbringing in Greenville, S.C.
He began his career as a Navy intelligence officer on a small boat in the backwaters
of the Mekong Delta during the Vietnam War. Years later he helped the American
intelligence apparatus make the leap from an analog world of electronic
eavesdropping to the new age of cyberweaponry.
President
Bill Clinton relied on Mr. McConnell as director of the N.S.A., a post he held
from 1992 to 1996. He then moved to Booz Allen as a senior vice president,
building its first cyberunits. But with the intelligence community in disarray
after its failure to prevent the terrorist attacks of Sept. 11, 2001, the
fiasco of nonexistent weapons of mass destruction in Iraq and the toll of
constant reorganization, President George W. Bush asked him to be the second
director of national intelligence from 2007 to 2009.
That was when he made his biggest
mark, forcing a reluctant bureaucracy to invest heavily in cybercapability and
overseeing “Olympic Games,” the development of America’s first truly
sophisticated cyberweapon, which was used against Iran’s nuclear enrichment program.
When Mr. Bush needed someone to bring President-elect Barack Obama up to speed
on every major intelligence program he was about to inherit, including drones
and defenses against electronic intrusions from China, he handed the task to
Mr. McConnell.
But
Mr. Obama was not interested in keeping the previous team, and Mr. McConnell
returned to Booz Allen in 2009. He earned more than $4.1 million his first year
back, and $2.3 million last year. He is now vice chairman, and the company
describes him as the leader of its “rapidly expanding cyberbusiness.”
In
Washington he is often Booz Allen’s public face, because of his ties to the
intelligence agencies and his extensive and loyal network of federal
intelligence officials who once worked with him.
Two
months ago, the company announced the creation of a Strategic Innovation Group,
staffed by 1,500 employees who are pursuing, among other projects, one of Mr.
McConnell’s favorites: the development of “predictive” intelligence tools that
its clients can use to scour the Web for anomalies in behavior and warn of
terror or cyberattacks. He has also hired a senior counterterrorism official to
market products in the Middle East. This year, the company began working on a
$5.6 billion, five-year intelligence analysis program for the Defense
Intelligence Agency.
The
company’s profits are up almost eightfold since it went public in late 2010.
Its majority shareholder is the Carlyle Group, which matches private
equity with a lot of Washington power, and its executives, chief
among them Mr. McConnell, drum up business by warning clients about the
potential effects of cyberweapons.
“The
digital capabilities are a little bit like W.M.D.’s,” Mr. McConnell said in the
interview last year. The good news, he said, is that countries like China and
Russia recognize limits in using those weapons, and terror groups have been
slow to master the technology. “The people that would do us harm aren’t yet in
possession of them,” he said.
As
director of national intelligence, Mr. McConnell kept a giant world map propped
up in front of his desk. Countries were sized by Internet traffic, and the
United States ballooned bigger than all others — a fact that he told a visitor
was at once “a huge intelligence advantage and a huge vulnerability.”
The
advantage was that the United States’ role as the world’s biggest Internet
switching center gave it an opportunity to sort through the vast troves of
metadata — including phone records, Internet activity and banking transactions
— enabling analysts to search for anomalies and look for attacks in the making.
But he chafed at the legislative restrictions that slowed the process.
So
in 2007, as the intelligence chief, he lobbied Congress for revisions to the Foreign Intelligence Surveillance Act to
eliminate some of the most burdensome rules on the N.S.A., including that it
obtain a warrant when spying on two foreigners abroad simply because they were
using a wired connection that flowed through a computer server or switch inside
the United States.
It
made no sense in the modern age, he argued. “Now if it were wireless, we would
not be required to get a warrant,” he told The El
Paso Times in August of that year.
The
resulting changes in both law and legal interpretations led to many of the
steps — including the government’s collection of logs of telephone calls made
in and out of the country — that have been debated since Mr. Snowden began
revealing the extent of such programs. Then Mr. McConnell put them into effect.
In
2007, “Mike came back into government with a 100-day plan and a 500-day plan
for the intelligence community,” said Stephen J. Hadley, Mr. Bush’s national
security adviser. “He brought a real sense of the private sector to the
intelligence world, and it needed it.”
The
new technologies created a flood of new work for the intelligence agencies —
and huge opportunities for companies like Booz Allen. It hired thousands of
young analysts like Mr. Snowden. The intelligence agencies snapped them up,
assigning them to sensitive, understaffed locales, including the Hawaii
listening station where Mr. Snowden downloaded his materials.
Only
last month, the Navy awarded Booz Allen, among others, the first contracts in a
billion-dollar project to help with “a new generation of intelligence,
surveillance and combat operations.”
The
new push is to take those skills to American allies, especially at a time of
reduced spending in Washington. So while the contract with the United Arab
Emirates is small, it may be a model for other countries that see cyberdefense
— and perhaps offense — as their future. The company reported net income of
$219 million in the fiscal year that ended on March 31. That was up from net
income of $25 million in 2010, shortly after Mr. McConnell returned to the
company.
But
the legal warnings at the end of its financial report offered a caution that
the company could be hurt by “any issue that compromises our relationships with
the U.S. government or damages our professional reputation.”
By
Friday, shares of Booz Allen had slid nearly 6 percent since the revelations.
And a new job posting appeared on its Web site for a systems administrator in
Hawaii, “secret clearance required.”
D avid E. Sanger reported from Washington, and Nicole Perlroth from San Francisco
---------------
A version of this article appeared in print
on June 16, 2013, on page A1 of the New York edition with the headline: After
Profits, Defense Contractor Faces the Pitfalls of Cybersecurity.
==============
No hay comentarios:
Publicar un comentario