Could Keith Alexander's Advice Possibly Be Worth $600K a Month?

Ex-NSA director Keith Alexander has his own consulting company: IronNet Cybersecurity Inc. His advice does not come cheap:

Alexander offered to provide advice to Sifma for $1 million a month, according to two people briefed on the talks. The asking price later dropped to $600,000, the people said, speaking on condition of anonymity because the negotiation was private.

Alexander declined to comment on the details, except to say that his firm will have contracts "in the near future."

Kenneth Bentsen, Sifma's president, said at a Bloomberg Government event yesterday in Washington that "cybersecurity is probably our number one priority" now that most regulatory changes imposed after the 2008 credit crisis have been absorbed.

SIFMA is the Securities Industry and Financial Markets Association. Think of how much actual security they could buy with that $600K a month. Unless he's giving them classified information.

Digby:

But don't worry, everything Alexander knows will only benefit the average American like you and me. There's no reason to suspect that he is trading his high level of inside knowledge to benefit a bunch of rich people all around the globe. Because patriotism.

Or, as Recode.net said: "For another million, I'll show you the back door we put in your router."

EDITED TO ADD (7/13): Rep. Alan Grayson is suspicious.

Posted on June 24, 2014 at 2:30 PM • 53 Comments

Comments

readerrrrrrJune 24, 2014 2:56 PM

Is that even allowed in this very special case. I have read some software engineers had contracts that prohibited them from working at a competitor for a certain time period, or something on that note.

Tim!June 24, 2014 3:13 PM

@readerrrrrr: yes some software engineers have non-compete agreements in their contracts. It's also common for bookkeepers and accountants. There are likely other fields where it is also common.

Non-compete doesn't apply in this case though.
a) government entities are in theory not competing with private companies in general
b) IronNet Cybersecurity Inc. specifically does not provide the same services as the NSA. The NSA has ceased its mission of securing American communications in favor of its other mission of defeating communication security.

AndyJune 24, 2014 3:23 PM

On the bright side, Keith has already had a peek inside your network and has read your emails. Maybe that's the reason for the high price of services, he knows what he's getting into.

BenniJune 24, 2014 3:34 PM

One question: Do these guy Alexander and Hayden still have clearance to log into Xkeyscore?
The point is: The US government says it does not give any information of its spying to domestic companies. Good. But at this conference,

http://www.heise.de/newsticker/meldung/Ehemaliger-NSA-Technikchef-Der-NSA-gehoert-das-Netzwerk-2188605.html

the NSA whistleblower Binney said that around the NSA, "external contractors" like "it service companies" and many "consulting companies" have access to the NSA data.

Thereby domestic US companies would, according to Binney, use their advice to create better offers than their foreign competitors.

Binney said that the surrounding of the NSA complex does not want to solve this probllem but just gather the next contract of someone they could advise.

I guess, for exampe if I were cisco, I would pay some 600k in order to get the pricing models and business plans of Huawei.

General Alexander is not anymore workong at the NSA, so in that sense it is true that the "US government" itself does not give any information to domestic companies.....

Mike the goatJune 24, 2014 3:45 PM

Wow, $600k/month! It is hard to imagine that any company in their right mind would pay that kind of cash to a consultant unless the information they were getting was of significant import.

BenniJune 24, 2014 3:52 PM

I guess the US government statement: "We do not give any information that we recived during secret NSA operations to domestic companies"...

Is of similar value than the statement of Obama: "I do not sent jets after a 29 year old hacker".

No, the us government agencies do not give classified information. But the external consultants with clearance to NSA data give it.

Similarly, Obama did not send many "jets" after Snowden, but instead he just send one single rendition airplane after him...

Bruce SchneierJune 24, 2014 4:13 PM

"Wow, $600k/month! It is hard to imagine that any company in their right mind would pay that kind of cash to a consultant unless the information they were getting was of significant import."

I know. I think I am seriously undercharging for my consulting services.

Nicholas WeaverJune 24, 2014 4:35 PM

Of course, however, he's probably not selling security, but he's selling access to people: contact in the senate, in the administration, etc.

Yet even so, this price does seem suspiciously high, "Securities Industry and Financial Markets Association" is a bit out of his normal wheelhouse. Basically, I would have expected such a deal, but the other party would be Ratheon, Boeing, Booze/Allen/Hamilton, or some other defense contractor/beltway bandit.

WaelJune 24, 2014 4:36 PM

I worked for companies that payed around $700.00 an hour per resource to consultants from bigname firms. Used them for a few months. Six or seven of them would total 40x4x700 = 448000 a month. Who knows how many resources he's "putting on it" and how much an hour they charge...

JacobJune 24, 2014 5:24 PM

For that amount of money, the customer instead can hire an armed guard to accompamy each and every byte as it travels down the wire...

AnuraJune 24, 2014 6:30 PM

That article sounds like it's security consulting. I don't know about you, but for $600k a month, I would hire a lot of people from a lot of different backgrounds: former black hats, white hats, academics, specializing in networking, software, systems, etc. For an average of about $300 per hour, you should be able to get a dozen really good people auditing systems, auditing code, doing penetration testing, etc.

Nick PJune 24, 2014 6:53 PM

Let's all remember in this discussion the so-called "Revolving Door" of the Pentagon and intelligence circles. Various companies, especially defense contractors, get plenty of money and support from government organizations. Way more than they could ever justify. Those senior people that authorized it later leave the public sector and get six figure jobs at the private companies they benefited. Seemless corruption.

So, if they're paying $600k/mo, I think there's a form of corruption at play rather than mere security knowledge transferring. Alexander is getting paid back for something already done or being paid for something that will be done.

If it was about security and I was Alexander, I'd have the NSA do their security under some "public-private partnership for national security" where I pocketed the cash and the taxpayers covered way more in actual security. It's public knowledge that NSA has done plenty of stuff like that in the past that benefited certain companies much more than others. I could see a corrupt version of it.

Nick PJune 24, 2014 7:30 PM

@ whpratt

Nice one. :) Even better because the Burrough's B5000 I've often praised was the inspiration for archvillain "Master Control."

Nick PJune 24, 2014 7:41 PM

@ Bruce Schneier

re NSA boss on defense

I forgot to mention that it's a joke to go to him for that to begin with. The US govt's track record is military and state department loosing unknown number of documents to Wikileaks, followed by NSA and top contractor loosing unknown number of documents to Snowden. And each loss could've been prevented or at least detected by standard commercial security that apparently wasn't applied. I've seen a grocery chain do better despite an IT department of 2-3 people with $500k/yr total annual budget.

If anything, the Alexander and NSA need to be paying consultants $600,000 a month worth of security advice *for them*.

WaelJune 24, 2014 8:00 PM

@Nick P,
Give the guy a break! That's just pure... jealousy! He is used to paying $500.00 for a hammer. So 600K a month is within reasonable range. Let's just hope he "tweets" his "findings" so we get "free" advice :)

WaelJune 24, 2014 8:06 PM

I fear that @Bruce Schneier is "scoping" and anchoring us to a figure! His next post will say:

My next book is not for $600K, not even 400K! It's on sale for 75K, it has advice that’ll cost you 1.2M a year, and I'll sign it for free, too! Matter of fact, that guy took the advices from my book. Forget real estate! Buy one copy of this book, and you'll be on your way to charging 600K a month. Now go ahead, buy the book, and be somebody!

Nick PJune 24, 2014 8:16 PM

@ Wael

If his hammer's cost $500, the $600,000 might be the monthly payment on a new mid-range sedan. It's starting to sound more reasonable now that you mention government commodities pricing.

Chris AbbottJune 24, 2014 8:34 PM

Oh he knows exactly where every exploit/vulnerability/implant is in everything. And he can always say he "found the vulnerability or backdoor" rather than leaking it. How convenient! It might be worth the money to find all that shit, although I consider this no more ethical than what the Cryptolocker boys do.

65535June 24, 2014 8:43 PM

I have always thought Alexander was a confidence man at the core. Look at the budget allocations he accumulated. He is just applying the usual con-games where the money is located – at the banks.

"Do these guy Alexander and Hayden still have clearance to log into Xkeyscore?" - Benni

That is a good question. I wonder what the answer is. BTW, I did answer you squid post – a little late. Keep up the interesting posts.

“Alexander is getting paid back for something already done or being paid for something that will be done.” Nick P

That is another good question. His contacts on the "inside" are extensive. He probably can pull a lot of strings.

Spaceman SpiffJune 24, 2014 8:47 PM

Alexander - his time is worth about 60 cents per hour. That's about $100 per month. Yeah. That seems more reasonable to me.

ThothJune 24, 2014 9:20 PM

Does it smell like a NSA shell company or some Government shell company on a mission ?

ThomasJune 25, 2014 12:13 AM

Or, as Recode.net said: "For another million, I'll show you the back door we put in your router."

For another 2 million I won't show your competitor.

Coyne TibbetsJune 25, 2014 2:56 AM

Alexander has presided over the greatest system security breaches in our time, all in the name of national security. How could anyone trust him to secure their systems, and not to facilitate the opening of those systems to national intelligence?

If it were me as CEO, Alexander couldn't pay me enough to use his services.

Jukka VJune 25, 2014 4:24 AM

If I had an icnome of 600k/month and in need for a security guru, I would propably hire Bruce over Keith - eventhough Mr. Alexander might know exactly what's going on secretly under the hood, I just can't help it but I feel one of these gentlemen would stab me in the back at any given point. The other man seems to be actually concerned about the issue, maybe because he understand he's in the very same boat as us.

Now, if I could have it for $99 with a reversi ..

fajensenJune 25, 2014 7:20 AM

Maybe he should sell "QOS" instead: "You pay and your trades will not be copied to Goldman Sachs before being routed twice round the planet - Hell - for a while you could front-run THEM for a change".

ChrisJune 25, 2014 7:51 AM

I am not sure he is worth it moneywise, however: he has alot of knowledge which goes both ways: He knows alot of stuff and for that he is rewarded somehow perhaps as a thank you for drinking a cup of "Shut the fuck up".

Secondary he is a value for ALOT of companies that want some nice contracts with the Governement, that are willing to go that extra mile and pay him some unusual amount of money.

Allthough I somehow think that the first option is more valid...

When it comes to his knowhow etc I cant tell, but I doubt he is stupid.
Whats money anyway, give him 2 million a month for all I care.

But with this in mind I do realize I charge alittle bit too little.

//chris

CpragmanJune 25, 2014 7:51 AM

Ex gov cache wears off quickly. Retirement's gotta be funded somehow.
He'll help get someone a few gov contracts, and then fade into obscurity.

GopiballavaJune 25, 2014 11:07 AM

I've always wondered how much of former officials doing lobbying relates to knowing "where the bodies are buried", metaphorically speaking.

You go up to one of your former co-workers who's still in government.

"Hi, I'm getting paid $500/hour to ask you to do . Think you can do it? If you don't, then I'll lose my job..."

They don't need to say it that way; everybody knows how it works. Not only do they not necessarily need to remind anybody about the secrets they know, they might not even need to know them. If you've done something wrong you don't want to take the risk that your former boss or co-worker knows and can reveal something nefarious, some mistake you made, etc.

ronwJune 25, 2014 11:26 AM

Ret. Gen. Alexander to banker:

"Nice bank you have here. Be a shame if something happened to it."

Rufo guerreschiJune 25, 2014 12:08 PM

Former NSA chief Alexander, and who knows how many others, can make millions in consulting only because the It industry and experts have not even started working on computing solutions that would make such knowledge useless because they are so extremely simplified in sw and hw, to afford and allow for extreme verification of all hw and sw involved at all stages, including manufacturing and design of any critical components.

Possibly,the main problem is the same that has prevented us to see how far NSA had gone. There is a problem in the dynamics of IT security media and blogs, similar to other sectors, where a range of acceptable opinions are created, out of which all are paranoid.

Experts are still differentiating between mass surveillance and targeted surveillance. Whereas if what the most pessimist day about hardware vulnerabilities is true, than large scale undetectable targeted surveillance may be so low cost to render any encryption tools we are using or improving useless for the masses (or at least for its most active citizenry).

SinOdonusJune 26, 2014 12:58 AM

Arthur Sinodinos, former assistant federal treasurer for the Australian Government received a $200,000 salary for 10 days work.

Senator Sinodinos, a former Australian Water Holdings (AWH) director and NSW Conservative Liberal Party treasurer stood to make up to $20 million if AWH won a lucrative contract with the state-owned Sydney Water company. Senator Sinodinos told the hearing he did not know AWH paid $75,000 in donations to the Liberal Party when he was on the AWH board and NSW Liberal Party treasurer.

Senator Sinodinos spent between 25 and 45 hours a year working as a director for AWH for a $200,000 salary, though he stated he sometimes travelled 90 minutes to a meeting and that should be considered part of the time that he worked. Senator Sinodinos also stated "I participated in the board discussion."

- So you see, some people talk at work, spend a couple days a year at work, and drive to work, which they consider quite an effort, and so feel they are entitled to the ludicrous amounts of money they receive.

Note - Australian Water Holdings is currently the focus of very serious ongoing corruption investigations by the NSW Independent Commission Against Corruption.

Arthur SinodinosJune 26, 2014 1:03 AM

I only got $200,000 a year for just under 1 days work a month! I should of asked for more!

David MJune 26, 2014 6:59 AM

"...speaking on condition of anonymity because the negotiation was PRIVATE."

Excuse me, there is no such thing as the need for privacy. After all, if you have nothing to hide, you shouldn't be concerned if your actions are spied upon...

PMustermannJune 26, 2014 2:19 PM

@Thoth "Does it smell like a NSA shell company or some Government shell company on a mission?"

Smells like a LNG biz cyber job.

Problem: "The Lack of Major Wars May Be Hurting Economic Growth"
http://nyti.ms/1ixGlhT

Analysis: "Europe’s Energy Dependence on Russia Can’t Last" (WSJ)
http://dailysign.al/1sIwb7S

Solution: “Suspected Russian spyware Turla targets Europe, United States" (Reuters)
http://reut.rs/1f7ONGm

Rogers and Alexander will take good care of US 1%er interests.
"Fuck the EU!" (Nuland)
http://bit.ly/1qyLL1Q

GopiballavaJune 27, 2014 11:30 AM

@SinOdonus:

"...though he stated he sometimes travelled 90 minutes to a meeting"

Hey, based on the number of hours he worked, those 90 travel minutes are a significant fraction of his work time. Instead of between $4400 and $8000/hr, he might've only been getting $3000 or $4000/hr. Much more reasonable!

This reminds me of a story I read a few years ago. Prisons in California have a problem with contraband being smuggled in - often by prison guards. The problem is that the prison guard union agreement makes it effectively impossible for the guards to be searched before they work.

That sounded pretty bad to me. I had to keep reading to understand how a contract like that could've been signed. It turned out that the contract required that any time spent going through security procedures would be considered part of their paid work time.

So: Their employer wanted to tell them to wait in line, on the job site, doing things that the employer asked, but not getting paid. I'm gonna side with the union on this one.

Carl HJune 27, 2014 4:47 PM

My favorite Alexander-ism was when Maine Senator Collins asked if it was true that Snowden could listen to phone calls from his desk. Alexander gave a helpless look and said that was false, that he knew of no technology that would allow that.

CALEA is a 1995 law that requires a government port on every phone switch in America, and requires intercepted communications to be immediately conveyed off of phone company premises.

Sprint won the contract for backhaul from switches with their Peerless IP Network.

The FBI is very proud of DCSNet, which isn't a network at all, it's a Windows application. The FBI describes it as a point-and-click browser for virtually any in-progress phone call in America, land-line or mobile, using the CALEA switch ports and the Peerless IP Network.

Urbane, professional, General Alexander had no knowledge of these long-standing government wiretapping resources. I, living in rural Central Texas amidst the cattle, coyotes, and other decent, honest critters wandering the prairie knew all about it.

Clearly I am more qualified than General Alexander, and I'll work for just $500,000 a month. I'm a bargain!

Wesley ParishJune 28, 2014 2:46 AM

Unfortunately I can think of a reason why he can charge so highly:

"I know ... what you did last summer .... I do take cheques, you know ..."

PMustermannJune 28, 2014 4:28 AM

What does Alexander have useful to offer at that price other than secrets?

Thats easy to answer in a world of limited resources. His customers may hope to get a place on the top of the NSA support queue if cyber SHTF. Connections...


"Top cybersecurity leaders in government are now hashing out how various cybersecurity-related agencies will handle the mission to protect critical infrastructure from cyber attacks."

c4isrnet: http://bit.ly/1qyLL1Q

kompressotJune 28, 2014 10:25 AM

How does this compare value wise to what Weev is trying to bill the US Govt. for his time in prison?

Not a chanceJune 28, 2014 10:27 PM

Bruce, You are likely seriously undercharging for your consulting services. In our economy, things - including consulting services - are worth what you can get for them. Alexander's prior careers (plural) make him worth the kind of money that is being discussed to those who want and need him. Consider this: if he positively influences a Board of Directors to increase their focus on security and privacy, he easily pays for himself. You can dislike and distrust him and his past activities if you want, but you can not deny that he has the stature to command attention where it matters most in corporate America: in the board rooms and offices of the decision makers. Moreover, he - of all people - knows quite well what happens to someone who leaks classified information. After all, in his recent NSA job, it was his classified information that Snowden raided.

Clive RobinsonJune 29, 2014 5:00 AM

@ Not a Chance,

Moreover, he [Alexander] - of all people - knows quite well what happens to someone who leaks classified nformation. After all, in his recent NSA job, it was his classified nformation that Snowden raided.

He also knows that senior staff don't get touched for security violations that lesser mortals would get the equivalent of whole life sentances for. As has been seen by an ex head of the CIA and others like Dept Sec of State Richard Armitage in Plamegate, even Scooter Libby got to walk away from a thirty month jail sentance even though convicted of lying to Federal Investigators and a grand jury (it's been said that no full pardon for Libby came from Bush due to the behaviour of Dick Cheney "souring the pitch").

It is the old "Ceasers Wife is above suspicion" mentality that also makes the likes of banks "to big to fail" etc when they have commited the equivalent of criminal activity, the small fish get fried while the big fish have a whale of a time... Alexander knows which side of the dividing line he's on and is thus going to make it big, arguably much bigger than he would have been without the Ed Snowden Revelations which will bolster his worth for many many years to come, providing he "milks it right".

PMustermannJune 30, 2014 4:01 AM

Looks like KAs new job is organized federal civilian information sharing in cybersecurity. So it's not leaking, it's a new private public partnership mission...


"The National Cybersecurity and Communications Integration Center Act of 2014 would codify the existing cybersecurity and communications operations center at DHS, known as the National Cybersecurity and Communications Integration Center. The bill calls on the center is to serve as the federal civilian information sharing interface for cybersecurity."

http://www.hstoday.us/industry-news/general/single-article/bipartisan-legislation-to-enhance-nations-cybersecurity-efforts-introduced-in-senate/83b22c2930962942e737f8441dd5e538.html


"Washington, D.C., June 25, 2014-SIFMA today released the following statement from Kenneth E. Bentsen, Jr., SIFMA president and CEO on the passage of the National Cybersecurity and Communications Integration Center Act of 2014 by the Senate Committee on Homeland Security and Governmental Affairs: ... We applaud the legislation's codification of the NCCIC and its recognition of the capabilities that the NCCIC provides to the financial services sector as well as the critical infrastructure sectors that we rely on to operate.""

http://www.nationaljournal.com/library/168455


Smells like Cyber-Blackwater or Cyber-Constellis now. :)

name.withheld.for.obvious.reasonsJune 30, 2014 10:44 AM

Looks like the pieces are falling into place. I'd suggest looking at what committees Mike Rodgers (the whore and ass) and marry that with Alexander's new assignment...where do you think this is going? I have an idea and the DHS, FCC, NTIA, the telcos, and a few contracting "orgs" are in on scheme...it's all a matter of connecting the dots. Just make sure you do before the dot turns red and appears on all your shirts and hats.

PMustermannJune 30, 2014 11:54 AM

@name.withheld Connecting some dots is easy.


It's support for the 0,1%, in a world of limited resources...


"(6) upon request, providing timely technical
assistance to Federal and non-Federal entities with
respect to cybersecurity threats and attribution, vul-
nerability mitigation, and incident response and re-
mediation; ...

‘‘(e) NO RIGHT OR BENEFIT.—The provision of as-
sistance or information to, and inclusion in the operations
center of, governmental or private entities under this sec-
tion shall be at the discretion of the Under Secretary ap-
pointed under section 103(a)(1)(H). The provision of cer-
tain assistance or information to, or inclusion in the oper-
ations center of, one governmental or private entity pursu-
ant to this section shall not create a right or benefit, sub-
stantive or procedural, to similar assistance or information
for any other governmental or private entity.’’."

http://www.hsgac.senate.gov/download/national-cybersecurity-and-communications-integration-center-act-of-2014


Seems they fear somethig like "punitive cyber sanctions by Russia" for instance, KA's "9/11 in cyberspace" argument.

"“The Germans want FISA reform now and that’s definitely going to be a
focus of conversation,” Tom Kellermann, chief cybersecurity officer at
Trend Micro, told MC. “But I’d suggest ...
begin to strategically think about how to defend against punitive
cyber sanctions by Russia should further economic sanctions be put into
effect.
”"

http://www.politico.com/morningcybersecurity/0614/morningcybersecurity14382.html


Is this mic marketing talk or something real? I don't know.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.