The Complex

NSA boss tells lawmakers the gov't wants even more data, 'dozens' of attacks thwarted

National Security Agency chief Gen. Keith Alexander may be under fire for collecting millions of Americans' phone records and Internet data. But the nation's top electronic spy told a Congressional panel Wednesday that he wants the feds to slurp up even more information - and distribute it more widely throughout the government.

During the same hearing with Senate Appropriations Committee, Alexander claimed that the intelligence collected by the NSA has potentially foiled "dozens of terrorist events." But he wouldn't give more specific number, or delve into specific plots. It was all part of a Capitol Hill hearing that saw the four-star general pledging more transparency -- yet deferring many details on the matter to a classified session tomorrow.

"The reason I want to get this exactly right, Senator, is I want the American people to know that we're being transparent in here," said Alexander in response to questions from Vermont Sen. Patrick Leahy. The general then promised to give more specific unclassified numbers within a week on the amount of potential attacks that have been thwarted by the millions of pieces of electronic data.

"We do want to get this right and it has to be vetted across the community [so that] what we give you, you know is accurate," said Alexander.

Sen. Dick Durban revealed that there's been a huge spike in the amount of times U.S. government has requested authority under Section 215 of the Patriot Act to obtain phone records and possibly medical records, tax records, Internet search records and credit card records -- some 212 times last year compared to the 21 such instances in 2009.

(Section 215 allows the goverment to ask a Foreign Intelligence Surveillance Act or FISA court to order a business to hand over customer records to federal investigators.)

"Clearly this authority is being used for something other than phone records," said Durbin.

Alexander denied that NSA has used section 215 to collect anything but telephone data.

The Pentagon's top electronic spy also pushed back on senators' efforts to get more information as to how and when the NSA is authorized to start scooping up metadata on massive numbers of cellphone calls in the United States.

This came as Oregon Sen. Jeff Merkley held up his cellphone asking Alexander, here I have my Verizon cellphone, what authorized investigation, gave you the grounds for acquiring my cellphone data?"

"As it's been described in the press, the standard for collecting phone records for Americans is now all phone records, all the time, all across America," said Merkley

Alexander deferred answering the question until tomorrow's classified hearing.

He simply said the "I do think what we should do as part of perhaps the closed hearing tomorrow, walk through that with the intent of taking what you asked and seeing if we can get it declassified so we can get it out to the American people."

For the government to get Section 215 authority, it is required to give a FISA court a "statement of facts showing reasonable grounds" that the data sought are relevant to an "authorized investigation" into terrorism, according to Merkley.

Later in the hearing, Alexander would only say that the NSA will begin looking at American phone records of people who are talking someone the government has a "reasonable, articulable suspicion" is a terrorist outside the United States. "We can then look at who was this person talking to in the United States and why."

NSA can then pass this information to the FBI, who can get a court order to dive deeper into the communications of these people. "To do any kind of search on a U.S. person, it would take a court order," said the general.

While Alexander repeatedly said he throught there should be a public dicsussion about government surveillance, he also said he did not want to endanger national security by revealing too much about the NSA's spy programs.

"Great harm has already been done by opening this up," said the general.

"I would rather take a public beating and have people think I'm hiding something than to jeopardize the security of this country," he added, even while encouraging a public debate on the topic of the government's surveillance powers within the U.S.

When asked by Maine Senator Susan Collins if Edward Snowden's claim that he could he could tap into virtually any American's phone call or e-mails. True or false?" Alexander said, "False. I know of no way to do that.

Despite the media uproar caused by the news about the NSA's intelligence efforts focus on U.S. businesses, Alexander is telling lawmakers that the government needs to gather and share even more electronic information than it already does in order to effectively combat cyberthreats.

The NSA, the Department of Homeland Security (DHS), and the FBI -- a trio Alexander described as the core of the U.S. Federal Cybersecurity Team (a term we haven't heard before) -- are developing an "information sharing environment that will create a cross-governmental shared situational awareness that is [extenable] to other partners such as state and local governments and our allies," according to Alexander's written opening statement   

In English, that means the government is developing a way to collect and share cyber intelligence from a ton of sources. For example, the NSA can share intelligence it collects on foreign actors (and perhaps U.S. actors too, given last week's news) with DHS; the FBI can share cyber intelligence it collects domestically with the NSA; or a local government can share information with the NSA, DHS, or FBI.

The initiative Alexander described is one in which it matters little which agency  collects a piece of cyber intelligence; he wants a system in which digital intelligence can be collected from around the globe and passed quickly to whomever in the government -- and potentially the private sector -- can act on it.

"Together we are helping to increase our global situational awareness through our growing collaboration with federal government mission partners and other departments and agencies, as well as with private industry and other countries," the four-star general said. "That collaboration allows us to better understand what is happening across the cyber domain, which enhances our situational awareness, not only for DOD but also across the U.S. government."

"Successful operations in cyberspace depend on collaboration between defenders and operators," said Alexander. "Those who secure and defend must synchronize with those who operate, and their collaboration much be informed by up-to-date intelligence."

"We operate in a way that ensures we keep the trust of the American people because that trust is a sacred requirement," said the general's statement against the backdrop of recent news. "We do not see a tradeoff between security and liberty." However, he admitted in his statement that "few outside" the government can see how private citizens civil liberties are protected.

Alexander justified this extensive information-sharing by citing the oft-repeated threat of a destructive cyber-attack against power companies or some other so-called critical infrastructure provider by private hackers or a state enemy.

It is possible "that some regime or cyber actor could misjudge the impact and the certainty of our resolve" to strike back hard after a destructive cyber attack, said Alexander. "In particular, we are not yet deterring the persistent cyber harassment of private and public sites, property and data. Such attacks have not yet caused loss of life, but they have been destructive to both data and property in other countries," said Alexander.

"It is only a matter of time before the sort of sophisticated tools developed by well-funded state actors find their way to groups or even individuals who in their zeal to make some political statement do knot know or do not care about the collateral damage they inflict on bystanders and critical infrastructure," said the general. (He was referring to the increasingly sophisticated yet easy-to-use hacking tools and cyber weapons that are available on the black market.)

Alexander went on to warn that energy firms, transport companies, banks, communications providers, and the like are "doubly at risk" of a devastating cyber attack.

"On a scale of one to ten, with ten being strongly defended, our critical infrastructure's preparedness to withstand a destructive cyber attack is about a three based on my experience," he said.

Getty Images

National Security

Booz brags: our workers can do 'grave damage' to U.S. security

Booz Allen Hamilton is the place where NSA whistleblower Edward Snowden worked just before he called it quits in dramatic style last month. So maybe it's shouldn't be a surprise that the giant intelligence contractor was only recently boasting about how many of its employees could do "exceptionally grave damage to national security" if they ever spilled the beans.

While it might be impossible to suss-out exact numbers, the Carlyle Group-owned beltway bandit, has mountains of staff working throughout the U.S. Intelligence Community.  Just like battlefield contractors played a massive role in the Iraq war and continue to do so in Afghanistan, private spooks play a huge role in the intelligence world doing everything from secret aviation missions to turning reams of raw data into actionable intelligence.

"They're in almost every office, they're all over the place," a former Booz Allen employee who worked at NSA told Killer Apps about the role of private contractors in the U.S. Intelligence Community.

"In my office, there were probably three Booz Allen [employees] to every one civil servant," said the former private spy who also served several tours in Iraq and the Pentagon as a U.S. military intelligence officer.

"They can get clearances for everything," he added.

In fact, 22-percent of U.S. security clearance holders were contractors in 2012.

These clearances are vital to Booz Allen's business with 76-percent of the company's nearly 25,000 employees possessing security clearances, according to this May 2013 SEC filing by the firm.  ("Persons with the highest security clearance, Top Secret, have access to information that would cause ‘exceptionally grave damage' to national security if disclosed to the public" the company brags about the caliber of its people in a beautiful piece of irony.)

Still, the fact that each office at a place like NSA is compartmentalized, meaning only the people in a particular office know what that office is working on, makes it difficult to figure out just how many staff are private contractors versus government spies.

However, the presence of a nice suit at a place full of nerds like the NSA can sometimes be a giveaway that someone is a contract spy, according to the former spy who also served several tours in Iraq and the Pentagon as a U.S. military intelligence officer.

"The Boozers tended to dress nicer" than civil servants, he said (though he pointed out that this hardly a scientific way of measuring who works directly for Uncle Sam and who doesn't). "The Booz Allen people have to wear suits."

While the intelligence community is full of contractors from a ton of different firms, from PC-maker Dell (who Edward Snowden worked for before going to Booz Allen) to Lockheed Martin and Boeing to lesser known giants like SAIC and CACI, Booz Allen seems to some to have larger proportion than other firms.

"Booz Allen seemed to run the show in the group where I worked," he said.

In fact, former Navy admiral Mike McConnell, who served as U.S. Director of National Intelligence from 2007 to 2009 and director of the NSA from 1992 to 1996, is now the company's vice chairman. Jim Woolsey, CIA director from 1993 to 1995 serves as a senior vice president at the firm. In the In fact, it's ties to the intelligence establishment go way back to include Miles Axe Copeland Jr. (yes, Stewart Copeland's dad) who worked at Booz Allen in the 1950s while also working undercover for the CIA. Copeland Jr. one of the original members of the Office of Strategic Services, the CIA's World War II forerunner.

Military, intelligence and government security work has been key to Booz Allen since 2008 when the firm split its government and corporate contracting firms into two separate businesses. Since then, Booz Allen's government division has focused on garnering federal security contracts; doing billions in work for the U.S. military involving everything from top secret intelligence analysis and collection to cyber operations, secret air operations, counter IED work and even providing cloud computing services.

As this Wall Street Journal article points out, the firm makes 55-percent of its revenues from DOD contracts, 23-percent from intelligence agency contracts and 22-percent from contracts with other government agencies.

In April, Booz Allen created a special business unit dedicated to fielding "predictive" intelligence services for "cyber threat solutions, protection, and detection capabilities and the application of social media analytics designed to provide early identification of trends that would otherwise not be possible using after-the-fact analysis of traditional data sources."

To get a sense of how all-encompassing the work Booz Allen does in the secret world, take a look at the following contracts from this past year. (Click here to sift through the 42,000-plus search results you get after typing "Booz Allen" into the DOD's contract award database.)

On May 8, the Navy gave the firm and bunch of other beltway bandits a piece of what's expected to amount to nearly $1 billion in open-ended contracts to provide "sustainable, secure, survivable, and interoperable command, control, communication, computers, combat systems, intelligence, surveillance, reconnaissance, information operations, enterprise information services and space capabilities." In English, that means it's providing the Navy with just about every type of cyber-related system.

Then there's this July 2012 contract for $5.6 billion to provide the Defense Intelligence Agency with "professional support services to the intelligence analysis mission, war fighters, defense planners, and defense and national security policy makers." Again, in English, that means they're doing intelligence work for the DIA.

In January, the company announced that it won $95 million from three contracts with the Navy's space and naval warfare command. One of those contracts was for $22 million whereby the firm will provide $22 million multiple award to support "maritime Intelligence, Surveillance, Reconnaissance, and Information Operations (ISR/IO), or any autonomous and non-autonomous systems or air system that could be used in ISR/IO operations." That's right, it sounds like Booz Allen is helping the Navy operate autonomous spy robots and cyber intelligence tools. Let's hope for their sake they don't have another Edward Snowden working on this program (though it would give us great stuff to write about.)

Getty Images