As Keith Alexander tells it, when he led the National Security Agency, he didn't exist. Alexander discovered that 'fact' after he retired on May 21 as director of the NSA and commander of the Cyber Command and began shopping to buy a new home.
His bank wanted to conduct a credit check, but when it ran his Social Security number, nothing came up. Here's how Alexander puts it in his keynote address at the Gartner Security and Risk Management Summit on June 24:
I went to my military aide and said, 'Mac, I don't exist.' He said, 'Yep, welcome to the real world.'
Banker: "You don't exist."
Alexander: "Really. Since when? I said I feel like I'm here."
Banker: "Well, we checked your Social Security number and there's nothing there."
Alexander: "I went to my military aide and said, 'Mac, I don't exist.' He said, 'Yep, welcome to the real world.'"
As a security precaution, the Social Security Administration and FBI block the Social Security numbers of the federal government's most senior officials to prevent criminals or others with malevolent intent from going after the nation's top leaders.
But Alexander's story gets more interesting. He asked that the block be lifted on his Social Security number, and the bank ran the credit check. But someone subsequently got hold of Alexander's Social Security number and applied for credit cards under his name. "He got the money, I got the bill," Alexander said, as the audience of mostly IT security practitioners laughed. "That's kind of like a partnership. ...
"But they did one thing wrong; they picked on me. It's like that movie "Taken" [starring Liam Neeson as a former CIA operative]. We have special skills, but I was not allowed to use them [laughter]. I did talk to some friends that were allowed to use them [more laughter], and the FBI amazingly caught that guy. There's one cybercrime that was solved."
Making a Serious Point
Alexander, of course, used humor to make a very serious point. Cybercrime is taking its toll on the world's economy, to the tune of $445 billion a year, he says, citing a study by James Lewis of the Center for Strategic and International Studies.
And one way to help mitigate cybercrime, as well as virtual assaults by terrorists and nation states, is for the government and business to share cyberthreat information, he says. That's why Alexander calls on lawmakers to pass legislation to provide antitrust liability protection to businesses to encourage them to share cyberthreat information.
Such legislation has stalled in Congress because lawmakers and the president cannot agree on how broad those liability protections should be. Alexander says that's no excuse for Congress not to act.
In a brief interview with Information Security Media Group after the keynote address, Alexander expressed frustration at Congress' failure to enact a cyberthreat sharing law. He said security leaks by former Pvt. Chelsea Manning and NSA contractor Edward Snowden have complicated the ability of Congress to act. "The intelligence committees knows how important this is, but ... it's hard to get consensus today in Congress," Alexander says (see Senate to Mull Cyberthreat Sharing Bill). "At some point, we have to move beyond that, and for the good of our nation we have to have that [information sharing] capability."
The Obama administration has threatened to veto the version of the threat information sharing bill that has passed the House of Representatives (see Obama Threatens CISPA Veto, Again) but Alexander says that shouldn't deter further congressional action.
"Congress ought to act and do what it thinks is best and see where the administration is, and then deal back and forth," he said. "That's how our constitution talks about it; perhaps we ought to use it."
That's known as compromise, a commodity missing in action on Capitol Hill, and so far neither side seems ready to budge. Let's hope they soon will.