WASHINGTON (Reuters) - Depending on your point of view, U.S. General Keith Alexander is either an Army four-star trying to stave off a cyber Pearl Harbor attack, or an overreaching spy chief who wants to eavesdrop on the private emails of every American.
Alexander, 61, has headed the National Security Agency since 2005, making him the longest-serving chief in the history of an intelligence unit so secretive that it was dubbed “No Such Agency.” Alexander also runs U.S. Cyber Command, which he helped to create in 2010 to oversee the country’s offensive and defensive operations in cyberspace.
The dual role means Alexander has more knowledge about cyber threats than any other U.S. official, since the NSA already protects the most sensitive U.S. data, extracts intelligence from foreign networks and uses wiretaps to track suspected terrorists. But it also puts the general at the center of an intense debate over how much power the government should have to spy on private citizens in the name of protecting national security.
“He’s lasted as long as he has because he’s focused and he’s persistent. I’ve never heard him yell,” said retired four-star general Michael Hayden, who was Alexander’s predecessor at the NSA. “He doesn’t spread himself too thin. He decides what’s important and puts his personal energy into those things.”
Raised near Syracuse, New York, Alexander graduated from West Point, the Army’s elite training academy, in 1974. He had planned to serve in the military for just five years but got hooked on the work when he served in Germany as an intelligence officer, monitoring what he once described as “sensitive issues on the border of East Germany and Czechoslovakia.”
After Germany, Alexander held a series of increasingly senior intelligence jobs and spent the first Gulf War as a senior Army intelligence officer in Saudi Arabia. Over the years, he also earned four master’s degrees, in electronic warfare, physics, business and national security studies.
In 2005, after two years as the Army’s top intelligence officer, Alexander replaced Hayden at the helm of the NSA, where he continued to run a warrantless surveillance program initiated after the September 11, 2001, hijacking attacks.
The program, which bypassed a federal court that authorizes domestic wiretapping, was first revealed late in 2005, sparking lawsuits, congressional hearings, leak investigations and a furor that still dogs the agency - and Alexander.
Against this backdrop, his push to expand the NSA’s role in domestic cybersecurity has drawn criticism from privacy advocates, and sometimes put Alexander at odds with the White House and the Department of Homeland Security, according to current and former officials.
Alexander had wanted the NSA to control a government security program to aid non-military companies against cyber threats, but others at DHS insisted on civilian control of the project, and they ultimately prevailed, the officials said.
Jane Holl Lute, who stepped down this month as the No. 2 at DHS, said she has had intense conversations with Alexander about the roles of their two agencies in improving cyber security. She declined to detail any differences of opinion, but said they were all judgment calls and she respected the general.
“He pushed up his hill, and I pushed up mine, and what we came to was essentially two sides of the same hill,” Lute said.
“We didn’t always call balls and strikes the same way. That does not mean he wasn’t trying to get it right,” she said. “I would challenge anyone who would question his integrity.”
Alexander, who told Reuters he plans to retire in the first half of 2014, has presided over one of the busiest times in the NSA’s 61-year history, from tracking the cellphone calls that helped pinpoint Osama bin Laden to drawing national attention to cybersecurity. He played a key role in shaping a series of recent cyber policy orders from the Obama administration.
More controversial has been the NSA’s construction of a $1.2 billion data center in Utah, which has fanned concerns about the agency’s expansive eavesdropping capabilities.
NSA whistleblower William Binney, a former senior crypto-mathematician, last year accused the agency of building the Utah facility to collect data on virtually every American, including private emails, cellphone calls and Google searches.
Alexander told the Reuters Cybersecurity Summit that such claims about the Utah project are completely false. He rattled off a long list of agencies that oversee the NSA’s work, including the Justice Department, White House and Congress. “Either all of them are complicit in us doing this or the allegations are absolute baloney. It’s the latter,” he said.
He told Reuters the center was built in Utah instead of Maryland, where the NSA is based, to take advantage of cheaper electricity. “I’m not a brain surgeon,” he said. “But you can try to put power where it’s expensive, Maryland, or you can put it (where there is) really cheap power.”
According to Alexander, the NSA has its hands full keeping tabs on potential terrorists, and does not have the bandwidth to read the 420 billion emails generated by Americans each day - even though some foreign governments were trying to do that.
“The great irony is we’re the only ones not spying on the American people,” he quipped.
Alexander has tried to make the NSA appear more transparent, crisscrossing the country to talk about cyber issues. He likes to pepper his speeches with jokes, once blaming his late arrival at a Washington event on a “distributed denial of service” hacking attack on city street lights.
A gadget lover, Alexander is known to roll up his sleeves to become versant with the latest security technologies. On one flight, he and his aide-de-camp learned “BackTrack,” a Linux-based product that helps people test their network security. Aides say the general often scores over 1 million points on the “Bejeweled Blitz” online puzzle game.
Alexander’s biggest strength is his ability to reach out to a wide range of audiences, said Shawn Henry, former FBI executive assistant director. He cites a speech Alexander gave at the Defcon hackers conference last year, an appearance that would have been unheard of a few years ago.
“Here’s a guy who is seen as a symbol of oppressive government ... and he stands up in front of a thousand people, many of whom probably have hacked networks over the years,” said Henry, recalling that Alexander had ditched his decorated uniform for jeans and a black T-shirt. “He is just trying to connect, talking about coordination, collaboration.”
Alexander has asked the Pentagon to give Cyber Command the same elevated status as other major military commands, but it is not yet clear if that request will be granted.
Ira Winkler, president of the Information Systems Security Association, said Alexander’s leadership of both NSA and Cyber Command is an advantage but also a complication.
“He’s stuck in a bad position. He basically has to defend U.S. cyberspace which requires securing commercial websites and infrastructure, but no one wants him to have access to those networks, since he’s also in charge of NSA,” Winkler said.
Alexander said he feels strongly that whoever succeeds him should continue to wear the two hats, but not everyone agrees.
“How much can you consolidate before it gets so huge that one person can’t manage it,” said Harry Raduege, a retired Air Force general and former director of the Defense Information Systems Agency, which oversees military IT systems. “It’s an awful lot for somebody at the top of those organizations to deal with.”
Still, Raduege, now with the consulting firm Deloitte, said he expects the Pentagon to elevate Cyber Command to a full unified command before the general’s retirement next year.
“There’s no one in a better position to know the depth, magnitude and broad-based nature of today’s increasing and evolving cyber threats,” said Raduege. “When Keith Alexander talks about cyber attacks, we should all listen.”
Additional reporting by Joe Menn in San Francisco, and Warren Strobel and Peter Apps in Washington; Editing by Tiffany Wu, Tim Dobbyn and Mohammad Zargham