From a wall-mounted video monitor at the International Spy Museum in Washington, former U.S. spy chief Mike McConnell warns about the perils of terrorists hacking into computer systems.
A cyber attack on a major bank network or utility grid “could have pretty terrible consequences,” he says in the video, echoing advice he has shared with the last three U.S. presidents.
McConnell, 67, is a former Navy vice admiral who ran the National Security Agency in the mid-1990s and served as director of national intelligence under George W. Bush. In 2009, he took his decades of experience to the private sector for a second stint at Booz Allen Hamilton Holding Corp., where he is an executive vice president charged with expanding the government contractor’s intelligence business, including cybersecurity.
As a private-sector executive, McConnell hasn’t changed his message, whether delivered to tourists in a video’s continuous loop or in testimony before Congress. If a cyberwar broke out, the U.S. would lose, he said at a February 2010 hearing of the Senate Commerce Committee.
Underscoring McConnell’s warnings, Booz Allen yesterday said it recently was hit by a hacker attack itself, exposing files from one of its systems.
“I’m a code breaker, an intel guy, a spy at the National Security Agency, so I understand what our vulnerabilities are,” McConnell said in an interview with Bloomberg Government. “A relatively small group of terrorists could get in and penetrate this soft underbelly.”
Such rhetoric has provoked criticism that McConnell is inflating the risk of attack to further Booz Allen’s interests.
“That kind of talk is irresponsible -- it’s classic threat exaggeration,” said Jim Harper, a cybersecurity specialist at the Cato Institute in Washington, which promotes limited government. “McConnell is trying to move policy in the direction that benefits him, trying to motivate Congress and the American public to take action when there’s no actual war.”
McConnell stands by his remark at last year’s Senate hearing and says he made it to illustrate a point.
“My worry is we’re going to talk about it and not act,” he said. “What galvanizes this nation to act is crisis.”
The computer-security debate in Washington has intensified after hacking incidents at Lockheed Martin Corp. and Google Inc. Spurred by those and other recent assaults, Senate lawmakers are drafting legislation to boost protections for government and private-sector networks.
Booz Allen Hacked
Booz Allen said yesterday that some of its files were posted on the Internet after an attack on an information-technology system. The data pertained “to a learning management system for a government agency,” the company said in a news release without naming the U.S. agency.
“Admiral McConnell must be very upset about this,” Richard Falkenrath, a principal at Chertoff Group, a Washington-based security advisory firm, said today in an interview on Bloomberg Television. “He was really one of the early evangelists of cybersecurity. He was the first senior official in the U.S. government to really push this.” Falkenrath is a contributing editor at Bloomberg Television.
Booz Allen declined today to make McConnell available to comment on the attack. An online activist group called Anonymous claimed on July 11 that it stole thousands of military passwords from Booz Allen, the Associated Press reported yesterday. The company is conducting a full review of the incident and doesn’t believe the attack affected other data, its statement said.
Last month, the Obama administration offered its recommendations for cybersecurity legislation, urging wider disclosure of data breaches and tighter oversight of companies deemed vital to the U.S. economy. McConnell briefed then-candidate Barack Obama on the issue in September 2008, and Obama ordered a 60-day cybersecurity review shortly after taking office, declaring the initiative a national priority.
As the government moves on cybersecurity, Booz Allen is competing with other contractors, including Arlington, Virginia-based CACI International Inc., the second-largest provider of information-technology services to the Defense Department, and New York-based L-3 Communications Holdings Inc.
Founded in 1914 as a management-consulting firm, Booz Allen has evolved into one of the largest providers of technology and personnel to U.S. defense and intelligence agencies. In July 2008, Washington-based Carlyle Group, the world’s second-largest private-equity firm, purchased the company’s government-services unit for $2.54 billion.
Carlyle took the unit public in November as Booz Allen Hamilton Holding Corp. in an offering that raised $238 million while keeping a 71 percent stake. Booz Allen’s shares closed at $19.87 today, up 17 percent from the IPO price of $17.00.
The intelligence business that McConnell runs accounted for $1.2 billion, or 22 percent of Booz Allen’s $5.6 billion in revenue in the fiscal year that ended March 31, according to a regulatory filing. About 97 percent of the McLean, Virginia-based company’s sales are to the U.S. government.
McConnell’s business unit is driving sales growth at Booz Allen, said Michael Lewis, an analyst at Lazard Capital Markets LLC who has a target price of $24 on the stock and rates the shares as a “buy.”
The company is poised to profit as agencies and private businesses look to thwart hackers, Lewis said in an interview. He said he expects Booz Allen’s sales to grow about 10 percent annually, with its cyber business expanding 15 percent a year.
In April, Booz Allen won a contract worth as much as $189.4 million to support Navy cybersecurity efforts, following deals last year to help build a Pentagon cyberwar command center and strengthen Air Force network defenses.
“With regard to their cyber business, they have a very strong position within the National Security Agency, and Mr. McConnell has been very instrumental in that,” Lewis said. “Mr. McConnell has built Booz Allen’s cyber business and will now leverage his expertise as the company expands into the commercial sector.”
In fiscal year 2010, McConnell received $4.1 million in compensation, according to a company filing with the Securities and Exchange Commission.
“In many ways Admiral McConnell can be more influential in supporting the intelligence community now than when he was in office,” Ellen McCarthy, president of the Intelligence and National Security Alliance, a group of industry and public sector members that promotes national-security issues, said in an interview. “He’s not constrained by the bureaucracy, and is viewed as a senior statesman operating in an advisory capacity.”
McConnell, who is fond of swing-dancing and collecting Irish antiques, was born and raised in Greenville, South Carolina, where his textile worker father advocated for organized labor and civil rights. McConnell received an economics degree from Furman University in his hometown and volunteered for Navy service after his 1966 graduation.
During his 29 years in the Navy, he rose through the ranks to serve as an adviser to General Colin Powell, who chaired the Joint Chiefs of Staff during the first Gulf War.
In 1992, President George H.W. Bush tapped McConnell to lead the National Security Agency, which uses some of the world’s most powerful computers to conduct surveillance. McConnell ran the NSA through early 1996, when he retired from the Navy as a vice admiral and left the agency to join Booz Allen, where he worked for the next 11 years.
McConnell rejoined the government in February 2007, when he was named director of national intelligence by President George W. Bush. The position was created by Congress in 2004 to coordinate information-sharing by the 16 U.S. intelligence agencies and prevent a repeat of the communications breakdowns that preceded the Sept. 11, 2001, attacks.
As Bush’s intelligence chief, McConnell led administration lobbying for legislation to boost U.S. eavesdropping authority. The bill, approved by lawmakers in July 2008, included a provision ending more than 40 lawsuits that accused phone companies of violating customer privacy by aiding government wiretaps of suspected terrorists.
Privacy groups including the San Francisco-based Electronic Frontier Foundation assailed the bill. The EFF sued the NSA in September 2008, saying the increased eavesdropping powers granted by the measure were unconstitutional.
“The entire premise of the legislation was inappropriate,” said Kevin Bankston, a senior staff attorney at EFF. “We’re still grappling with the legacy that Mike McConnell has left and that is a legacy of mass surveillance that impacts the privacy of every American that uses that technology.”
McConnell says national security trumps personal freedom when it comes to protecting the electric grid, financial networks and other critical infrastructure from cyber attacks.
“Many people worry about this issue as a civil liberties and privacy debate,” he said. “Here’s the fundamental thing that most people just don’t understand: We all ride the same physical infrastructure.”
The International Spy Museum, which has drawn 6 million visitors since its 2002 opening, asked McConnell in 2009 to record videotaped remarks for an exhibit called “Weapons of Mass Disruption” on the risk of cyber attack.
In a series of clips, McConnell outlines his worst-case scenario for a network intrusion, which he says would result in “chaos,” and likens the current lack of safeguards on the Internet to the “wild west of 1870.”
When McConnell stepped down as director of national intelligence, many people thought he was being alarmist about cybersecurity, Pat Gorman, chief information security officer at Bank of America Corp. and former chief information officer for the director of national intelligence, said in an interview.
“But looking back over the past two years, things have come out exactly as he has said,” said Gorman, who has known McConnell for two decades and previously worked as an executive at Booz Allen. “The cyber game has changed, and Mike had the foresight to point that out in advance.”