Booz Allen Hamilton Holding Corp.’s vice chairman said former employee Edward Snowden provided a “playbook” to enemies and did a “great disservice” to the U.S. by leaking top-secret documents about electronic surveillance.
“The sources and methods that he compromised, it is a playbook for those who we would consider adversaries,” John “Mike” McConnell said.
McConnell, national intelligence director under President George W. Bush, spoke at Bloomberg Government’s cybersecurity conference today in Washington.
“What was compromised will cause loss of life and great disadvantage, not only for the United States but for our allies,” McConnell said.
Booz Allen, the McLean, Virginia-based consulting company majority owned by Washington-based private-equity firm Carlyle Group LP, employed Snowden as a contractor to the National Security Agency.
Booz Allen fired Snowden, 30, in June, after news reports based on the information appeared in the U.K.’s Guardian newspaper and the Washington Post. Snowden had been employed as a technical assistant in Hawaii. He is now in Russia on temporary asylum.
Booz Allen is the No. 13 federal contractor, receiving $4 billion in awards in the 2012 fiscal year, according to Bloomberg Government. U.S. government awards were the source of almost all its $5.76 billion in revenue in the year ended March 31, according to a regulatory filing. Some 23 percent, or $1.3 billion, of its fiscal 2013 revenue was from intelligence agencies.
German Chancellor Angela Merkel shouldn’t be surprised that her phone calls were monitored, McConnell said.
“The No. 1 target on the globe is the president of the United States by everyone,” he said. “All nation-states do this.”
He said the U.S. is engaged in a “cyberwar now and we’re losing,” adding it will “take a cyber-Pearl Harbor” before the U.S. takes the steps necessary to protect computer systems controlling critical infrastructure.
Efforts to get businesses to agree to voluntary steps to protect against hackers have failed because companies are concerned they could be subject to lawsuits from customers or business partners, McConnell said. They want the government to provide liability protection as an incentive to participate, he said.
In addition, privacy advocates want to limit the information the government can collect, he said.
McConnell called President Barack Obama’s executive order on cybersecurity “necessary but insufficient.” The president in February ordered the development of voluntary standards for power grids, air-traffic control and other vital systems.
Obama yesterday met with corporate leaders from consumer, utility and defense companies to discuss the new standards.
“We’ll get it right but it will be messy,” he said. “We have the capability. We do not have the legal framework and we do not have the will.”
McConnell, in an interview, said Iranian hackers have probably infiltrated networks of major banks during cyber-attacks that started in January 2012.
Economic sanctions are “hurting them and and hurting them badly,” he said. “Iran is looking for options to give them the ability to punch back in a big way.”
He said the hackers were looking for vulnerabilities “and I think they probably found some.”
One of Booz Allen’s large banking clients doubled security spending to $300 million a year from $150 million, he said. When the bank learned it was being attacked by a nation-state, not a hacking group, the bank official wondered why the U.S. government didn’t retaliate, he said.
The Obama administration’s position is that the consequences “are not severe enough yet,” McConnell said. “They have the position, ‘You deal with it.’ ”