Keith Alexander's Unethical Get-Rich-Quick Plan

Defense Department file photo

Keith Alexander is trying to explain himself. The former director of the NSA stoked astonishment when reports surfaced that he would ask from $600,000 to as much as $1 million per month as a cybersecurity consultant. What could make him so valuable, save the highly classified secrets in his head? A congressman went so far as to speculate that he'd be selling state secrets. But it isn't so, Alexander says. In an interview with Foreign Policy, he offers a new accounting:

The answer, Alexander said in an interview Monday, is a new technology, based on a patented and "unique" approach to detecting malicious hackers and cyber-intruders that the retired Army general said he has invented, along with his business partners at IronNet Cybersecurity Inc., the company he co-founded after leaving the government and retiring from military service in March. But the technology is also directly informed by the years of experience Alexander has had tracking hackers, and the insights he gained from classified operations as the director of the NSA, which give him a rare competitive advantage over the many firms competing for a share of the cybersecurity market.

Details on the "unique approach" are thin, but it wouldn't surprise me if Freedom of Information Act requests are already being prepared to send to the U.S. Patent Office:

Alexander said he'll file at least nine patents, and possibly more, for a system to detect so-called advanced persistent threats, or hackers who clandestinely burrow into a computer network in order to steal secrets or damage the network itself. 

As FP notes, these are the sorts of "cyberattacks" that Alexander harped on while in government, claiming they already represented "the greatest transfer of wealth in American history."

Let's mull that over. While responsible for countering cybersecurity threats to America, Alexander presides over what he characterizes as staggering cyber-thefts and hugely worrisome security vulnerabilities. After many years, he retires. And immediately, he has a dramatically better solution to this pressing national-security problem, one he never implemented in government but plans to patent and sell! 

FP's Shane Harris talked to some lawyers and reports:

Alexander is believed to be the first ex-director of the NSA to file patents on technology that's directly related to the job he had in government. He said that he had spoken to lawyers at the NSA, and privately, to ensure that his new patents were "ironclad" and didn't rely on any work that he'd done for the agency—which still holds the intellectual property rights to other technology Alexander invented while he ran the agency.

Alexander is on firm legal ground so long as he can demonstrate that his invention is original and sufficiently distinct from any other patented technologies. Government employees are allowed to retain the patents for technology they invent while working in public service, but only under certain conditions, patent lawyers said. If an NSA employee's job, for instance, is to research and develop new cybersecurity technologies or techniques, then the government would likely retain any patent, because the invention was directly related to the employee's job. However, if the employee invented the technology on his own time and separate from his core duties, he might have a stronger argument to retain the exclusive rights to the patent.

This is an emperor-has-no-clothes moment. We're supposed to believe that Alexander went home and developed much of a million-dollar-per-month cybersecurity technology in his spare time, while doing two different demanding national-security jobs, without using NSA resources or classified information, in a way that was somehow separate from his core duties, which included a cyber-security portfolio?

It beggars belief: 

He was the longest-serving director in the history of the NSA and the first commander of the U.S. Cyber Command, responsible for all cybersecurity personnel—defensive and offensive—in the military and the Defense Department. From those two perches, Alexander had access to the government's most highly classified intelligence about hackers trying to steal U.S. secrets and disable critical infrastructure, such as the electrical power grid. Indeed, he helped to invent new techniques for finding those hackers and filed seven patents on cybersecurity technologies while working for the NSA.

He'd now have us belief that in his spare time he was developing even better techniques than the ones he developed in government. Even if true that would be a scandal! Harris posed the obvious question: "Asked why he didn't share this new approach with the federal government when he was in charge of protecting its most important computer systems, Alexander said the key insight about using behavior models came from one of his business partners, whom he also declined to name, and that it takes an approach that the government hadn't considered. It's these methods that Alexander said he will seek to patent."

So there you go.

Alexander toils in his spare time. The million-dollar idea is almost there ... but not quite. Then, just as he retires, a mystery man comes through with a veritable flux capacitor. How fortuitous!

The business partner, whose name we're not allowed to know, and with whom Alexander was able to collaborate immediately upon leaving his job, but not before, contributed the crucial insight—ostensibly without any assistance from his future business partner, who had access to all the most useful possible classified information—but despite coming up with this ostensibly invaluable intellectual property independently, the mystery man is willing to cut Alexander in for a seven- or eight-figure payday.

As if that weren't enough:

Alexander said they were particularly worried about threats like the Wiper virus, a malicious computer program that targeted the Iranian Oil Ministry in April 2012, erasing files and data. That will come as a supreme irony to many computer security experts, who say that Wiper is a cousin of the notorious Stuxnet virus, which was built by the NSA—while Alexander was in charge—in cooperation with Israeli intelligence.

 The man who both presided over the creation of the most sophisticated cyber-weapon in history and hyped the threat of cyberattacks more than anyone else in America will now patent and privately sell for millions a product to stop cyberattacks. When did the business partnership with the mystery man form, one wonders? The whole story, which could only happen in America, would seem to lend some urgency to Jason Leopold's lawsuit trying to secure Alexander's financial disclosure forms from the NSA, which is refusing to give them up

If the limited facts on offer don't stink enough to prompt a congressional inquiry—ideally one that gets Alexander testifying under oath—what possible fact pattern would rouse the branch of government charged with oversight? At the very best, he is stoking a perception of impropriety so extreme that it speaks poorly of his character that he's chosen to retire in this fashion. If anything more nefarious is going on, hopefully either Congress or the press will be able to expose it. The stakes are certainly high enough to justify digging.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by Brocade

    Best of 2016 Federal Forum eBook

    Earlier this summer, Federal and tech industry leaders convened to talk security, machine learning, network modernization, DevOps, and much more at the 2016 Federal Forum. This eBook includes a useful summary highlighting the best content shared at the 2016 Federal Forum to help agencies modernize their network infrastructure.

  • Sponsored by CDW-G

    GBC Flash Poll Series: Merger & Acquisitions

    Download this GBC Flash Poll to learn more about federal perspectives on the impact of industry consolidation.

  • Sponsored by One Identity

    One Nation Under Guard: Securing User Identities Across State and Local Government

    In 2016, the government can expect even more sophisticated threats on the horizon, making it all the more imperative that agencies enforce proper identity and access management (IAM) practices. In order to better measure the current state of IAM at the state and local level, Government Business Council (GBC) conducted an in-depth research study of state and local employees.

  • Sponsored by Aquilent

    The Next Federal Evolution of Cloud

    This GBC report explains the evolution of cloud computing in federal government, and provides an outlook for the future of the cloud in government IT.

  • Sponsored by Aquilent

    A DevOps Roadmap for the Federal Government

    This GBC Report discusses how DevOps is steadily gaining traction among some of government's leading IT developers and agencies.

  • Sponsored by LTC Partners, administrators of the Federal Long Term Care Insurance Program

    Approaching the Brink of Federal Retirement

    Approximately 10,000 baby boomers are reaching retirement age per day, and a growing number of federal employees are preparing themselves for the next chapter of their lives. Learn how to tackle the challenges that today's workforce faces in laying the groundwork for a smooth and secure retirement.

  • Sponsored by Hewlett Packard Enterprise

    Cyber Defense 101: Arming the Next Generation of Government Employees

    Read this issue brief to learn about the sector's most potent challenges in the new cyber landscape and how government organizations are building a robust, threat-aware infrastructure

  • Sponsored by Aquilent

    GBC Issue Brief: Cultivating Digital Services in the Federal Landscape

    Read this GBC issue brief to learn more about the current state of digital services in the government, and how key players are pushing enhancements towards a user-centric approach.

  • Sponsored by CDW-G

    Joint Enterprise Licensing Agreements

    Read this eBook to learn how defense agencies can achieve savings and efficiencies with an Enterprise Software Agreement.

  • Sponsored by Cloudera

    Government Forum Content Library

    Get all the essential resources needed for effective technology strategies in the federal landscape.


When you download a report, your information may be shared with the underwriters of that document.