Keith Alexander Has Finance Worried about Being Zeroed Out, Just Like President’s Review Group

Keith Alexander’s clients in the finance industry are proposing what he proposed to them: a government-finance industry council to protect against cyberthreats.

Alexander had been pitching Sifma and other bank trade associations to purchase his services through his new consulting firm, IronNet Cybersecurity Inc., for as much as $1 million per month, according to two people briefed on the talks.

He has made much the same argument to Sifma as the association is now making to the government about the emergence of new kinds of software assaults.

How tidy.

I’ll have more to say about their plot in a follow-up. But for the moment, look at what the consider one of the threats to the industry.

The next wave of attacks “in the near-medium term” is likely to be more destructive and could result in “account balances and books and records being converted to zeros,” while recovering the lost information “would be difficult and slow,” according to the Sifma document.

“We are concerned that the industry may not have the capabilities that we would like to effectively defend against this newer form of potential attack, the capability that we would like to stop such an attack once commenced from spreading to other financial institutions, or the capability we would like of effectively recovering if an initial attack is followed by waves of follow-on attacks,” the document says.

This seems like tacit admission that the finance industry doesn’t create enough backups, but instead of doing that, they apparently prefer setting up this government-finance council.

It’s great to see Keith Alexander creating such a profitable panic among the richest industry.

But I can’t help but note that this fear mimics one the President’s Review Group raised in an oblique recommendation.

(2) Governments should not use their offensive cyber capabilities to change the amounts held in financial accounts or otherwise  manipulate the financial systems;

Second, governments should abstain from penetrating the systems of financial institutions and changing the amounts held in accounts there. The policy of avoiding tampering with account balances in financial institutions is part of a broader US policy of abstaining from manipulation of the financial system. These policies support economic growth by allowing all actors to rely on the accuracy of financial statements without the need for costly re-verification of account balances. This sort of attack could cause damaging uncertainty in financial markets, as well as create a risk of escalating counter-attacks against a nation that began such an effort. The US Government should affirm this policy as an international norm, and incorporate the policy into free trade or other international agreements.

So are these seeming parallel worries based on classified information? If so, has Keith Alexander already started leaking classified information, as Alan Grayson raised concerns about?

image_print
5 replies
  1. orionATL says:

    genaral keith sez:

    “.. The next wave of attacks “in the near-medium term” is likely to be more destructive and could result in “account balances and books and records being converted to zeros,” while recovering the lost information “would be difficult and slow,” according to the Sifma document.
    “We are concerned that the industry may not have the capabilities that we would like to effectively defend against this newer form of potential attack, the capability that we would like to stop such an attack once commenced from spreading to other financial institutions, or the capability we would like of effectively recovering if an initial attack is followed by waves of follow-on attacks,” the document says…”

    what does this quote remind me of?

    why, congr mike “greaser” ford’s (deliberately) inarticulate cyberwar-boo! story as related here a week or two ago.

    greaser and general k seem to be reading aloud from the same page in the cyberwar-boo! story book.

    • orionATL says:

      continuing:

      from ew on 6/12/14

      “..But Rogers’ rant gets truly bizarre later in the same video (after 1:23) where he explains what the security interest is:

      ‘We have one particular financial institution that clears, somewhere about $7 trillion dollars in global financial transactions every single day. Imagine if tomorrow that place gets in there and through an attack of which we know does exist, the potential does exist where the information is destroyed and manipulated, now you don’t know who owes what money, some of that may have lost transactions completely forever, imagine what that does to the economy, $7 trillion. Gone — right? Gone. It’s that serious.’

      • orionATL says:

        “… It’s great to see Keith Alexander creating such a profitable panic among the richest industry….”

        like any experienced natsec bureaucrat, creating profitable (for nsa) panics has been alexander’s stock in trade. going to the private sector for big money is similar to conning the whitehouse and the congress.

        from my perspective, seeing even one example of “cyberterrorism”. heretofore specifying cyberwarfare/cybersecurity seems to have been ignored or verbotten.

        but now that gen k is a consultant who is helping very worthy individuals (banks), we suddenly are permitted to see what is behind the cyterr curtain.

  2. scribe says:

    Not very original. Tom Clancy had that sort of bug as a plot device to crash the US stock markets about 6 or 8 novels ago. The one where Japan decided to go to war with us over … something.

    In that novel, the evildoers put a bug into the recording software at Depository Trust, where Wall Street cleared all its trades, to turn all the trades into one abbreviation and the same price. Panic reigned until they figured out that they could just start the day over fresh and take a Mulligan.

    Now, that was written pre 9/11 IIRC. One would think Alexander could be more original in his fearmongering and the financial industry could exercise its fiduciary responsibilities more thoroughly and address potential problems like that one. But that might be asking too much.

Comments are closed.