Former National Security Agency and U.S. Cyber Command head Gen. Keith Alexander told Congress Tuesday it’s possible to stop China’s endless campaign of economic espionage and hacking with help from the private sector.
“All they’re doing is stealing everything they can to grow their economy,” Alexander told the Senate Armed Services Committee Tuesday. “It’s intellectual property, it’s our future. I think it’s the greatest transfer of wealth in history.”
“And interestingly, we could stop that,” Alexander continued. “I believe that, I really do.”
The former commander of U.S. Cyber Command said that could be accomplished by having the tech industry work directly with the government to share data on attacks launched against their networks, and take part in cyber exercises with intelligence and defense agencies.
“Industry is willing to pay their portion for cyber defense,” Alexander said. “I’m convinced of that.”
The ex-NSA director knows that better than most. Since retiring from his dual government posts in 2014 in the wake of the Snowden leaks, Alexander has spent the last year establishing his own security-focused tech startup — IronNet Cybersecurity — to contract with financial, infrastructural and tech firms to boost their cyber defenses for a consulting fee reportedly in the seven-figure range.
Based less than 20 miles from NSA’s Fort Meade headquarters in Maryland, IronNet announced last week it raised $32.5 million in Series A funding from two well-known venture capital firms — Trident Capital Cybersecurity and Kleiner Perkins Caufield & Byers — a leading firm in Silicon Valley.
“Criminal syndicates and nation states are inflicting tremendous harm on the private sector, costing hundreds of billions of dollars annually,” Alexander, IronNet’s CEO, said in a statement last week. “Cybersecurity has become the most pressing threat to both the global private sector and our national security, and existing approaches and defenses to protect networks are falling short.”
“IronNet is creating a new standard in cybersecurity by providing technology that gives our clients an unprecedented level of network visibility, data control, and security,” Alexander said.
Last summer Alexander explained the company is working on revolutionary commercial technology for private sector companies to detect and prevent advanced persistent threats. The technology, based on multiple patent-pending designs from Alexander himself, provides real-time visualization of a firm’s cyber infrastructure, analytics and behavioral modeling to predict, prevent and defend against cyberattacks from private hacker regimes to nation states.
“And if [private companies] did their part right in defending what they need to do in setting up the ability to tell the nation when they’re under attack, you could stop attacks from Iran, Russia, and China,” Alexander said Tuesday. “And we should do that.”
The four-star general’s comments were a late endorsement of the Cybersecurity Information Sharing Act, legislation granting companies legal immunity to share “cyber threat indicators” with the government, even if the data they share includes private information on their users that could run afoul of their privacy agreements.
Last week senators overwhelmingly passed the bill, which will help facilitate Alexander’s own business model with IronNet. The company endorsed companion House legislation earlier this year, now part of the conference discussions between the two chambers on a final version of the data-sharing bill.
West Virginia Democrat Joe Manchin pointed out not all cyber threats are external, and asked Alexander what NSA and private companies could do to protect against threats posed by insiders — something the former NSA director gained significant experience with at the end of his government career.
“I was surprised that a person who we had entrusted to move data from one server to another really was untrustworthy,” Alexander said of former NSA contractor Edward Snowden. “His level was exaggerated by himself — he was actually a very low-level systems administrator with an important job of moving information from the continental United States to servers in Hawaii. And in doing that, he took data from those servers.”
Before retiring from NSA, Alexander said he and the signals intelligence agency came up with 42 different methods shared across the government and with eligible private entities on how to stop insider attacks. In subsequent simulations at NSA, Alexander said they were able to detect insider threats “every time.”
He added behavioral analytics and modeling, services offered by IronNet, could be used to tackle those threats.
“I think we did a good step, but you note a very important point,” Alexander told Manchin. “We were caught flat-footed on Snowden.”