fb-pixelCybersecurity stings expert it has rewarded - The Boston Globe Skip to main content

Cybersecurity stings expert it has rewarded

Questions raised over companies’ access to secrets

J. Michael McConnell expressed concerns about security.Mary F. Calvert/New York Times/NYT

WASHINGTON — When the United Arab Emirates wanted to create its own version of the National Security Agency, it turned to Booz Allen Hamilton to replicate the world’s largest and most powerful spy agency in the sands of Abu Dhabi.

It was a natural choice: The chief architect of Booz Allen’s cyberstrategy is J. Michael McConnell, who once led the NSA and pushed the United States into a new era of big data espionage. It was McConnell who won the blessing of the US intelligence agencies to bolster the Persian Gulf sheikdom, which helps track the Iranians.

“They are teaching everything,” one Arab official familiar with the effort said. “Data mining, Web surveillance, all sorts of digital intelligence collection.”


Yet as Booz Allen profits handsomely from its worldwide expansion, McConnell and other executives of the government contractor — which sells itself as the gold standard in protecting classified computer systems and boasts that half its 25,000 employees have Top Secret clearances — have a lot of questions to answer.

Among the questions: Why did Booz Allen assign a 29-year-old with scant experience to a sensitive NSA site in Hawaii, where he was left loosely supervised as he downloaded highly classified documents about the government’s monitoring of Internet and telephone communications, apparently loading them onto a portable memory stick barred by the agency?

The results could be disastrous for a company that until a week ago had one of the best business plans in Washington, with more than half its $5.8 billion in annual revenue coming from the military and the intelligence agencies.

Last week, the chairwoman of the Senate Intelligence Committee, Dianne Feinstein, whom McConnell regularly briefed when he was in government, suggested for the first time that companies like Booz Allen should lose their broad access to the most sensitive intelligence secrets.


“We will certainly have legislation which will limit or prevent contractors from handling highly classified and technical data,” said Feinstein, a California Democrat. Senior White House officials said they agreed.

Yet cutting contractors out of classified work is a lot harder in practice than in theory. Booz Allen is one of many companies that make up the digital spine of the intelligence world, designing the software and hardware systems on which the NSA and other military and intelligence agencies depend.

McConnell speaks often about the need for the private sector to jolt the government out of its attachment to existing systems, noting, for example, that the Air Force fought the concept of drones for years.

Removing contractors from the classified world would be a wrenching change: Of the 1.4 million people with Top Secret clearances, more than a third are private contractors. (The background checks for those clearances are usually done by other contractors.)

McConnell himself has been among the most vocal in warning of this risk.

“The defense industrial base needs to address security,” he said in an interview with The New York Times last year, months before Booz Allen hired Edward J. Snowden, its young systems administrator who has admitted to leaking documents describing secret NSA programs. “It should be a condition for contracts. You cannot be competitive in the cyber era if you don’t have a higher level of security.”

Booz Allen is saying little about Snowden’s actions or the questions they have raised about its practices. McConnell, once among the most accessible intelligence officials in Washington, declined to be interviewed for this article.


“This has to hurt Mike’s relationship with the NSA,” said a business associate of McConnell’s who requested anonymity. “He helped set up those contracts and is heavily engaged there.”

Indeed, few top officials in the intelligence world have become greater authorities on cyberconflict than the 69-year-old McConnell, who walks with a stoop from a bad back and speaks with the soft accent of his upbringing in Greenville, S.C.

He began his career as a Navy intelligence officer on a small boat in the backwaters of the Mekong Delta during the Vietnam War. Years later he helped the US intelligence apparatus make the leap from an analog world of electronic eavesdropping to the new age of cyberweaponry.

President Bill Clinton relied on McConnell as director of the NSA, a post he held from 1992 to 1996. He then moved to Booz Allen as a senior vice president, building its first cyberunits. But with the intelligence community in disarray after its failure to prevent the terrorist attacks of Sept. 11, 2001, the fiasco of nonexistent weapons of mass destruction in Iraq and the toll of constant reorganization, President George W. Bush asked him to be the second director of national intelligence from 2007 to 2009.

That was when he made his biggest mark, forcing a reluctant bureaucracy to invest heavily in cybercapability and overseeing “Olympic Games,” the development of the United States’ first truly sophisticated cyberweapon, which was used against Iran’s nuclear enrichment program.


When Bush needed someone to bring President-elect Obama up to speed on every major intelligence program he was about to inherit, including drones and defenses against electronic intrusions from China, he handed the task to McConnell.

Obama was not interested in keeping the previous team, though, and McConnell returned to Booz Allen in 2009. He earned more than $4.1 million his first year back, and $2.3 million last year.