by Peter Maass and Megha Rajagopalan
Gen. Keith Alexander is the director of the National Security Agency and oversees U.S. Cyber Command, which means he leads the government’s effort to protect America from cyberattacks. Due to the secretive nature of his job, he maintains a relatively low profile, so when he does speak, people listen closely. On July 9, Alexander addressed a crowded room at the American Enterprise Institute in Washington, D.C., and though he started with a few jokes — his mother said he had a face for radio, behind every general is a stunned father-in-law — he soon got down to business.
Alexander warned that cyberattacks are causing "the greatest transfer of wealth in history," and he cited statistics from, among other sources, Symantec Corp. and McAfee Inc., which both sell software to protect computers from hackers. Crediting Symantec, he said the theft of intellectual property costs American companies $250 billion a year. He also mentioned a McAfee estimate that the global cost of cybercrime is $1 trillion. "That’s our future disappearing in front of us," he said, urging Congress to enact legislation to improve America’s cyberdefenses.
These estimates have been cited on many occasions by government officials, who portray them as evidence of the threat against America. They are hardly the only cyberstatistics used by officials, but they are recurring ones that get a lot of attention. In his first major cybersecurity speech in 2009, President Obama prominently referred to McAfee’s $1 trillion estimate. Sen. Joseph Lieberman, I-Conn., and Sen. Susan Collins, R-Maine, the main sponsors of the Cybersecurity Act of 2012 that is expected to be voted on this week, have also mentioned $1 trillion in cybercrime costs. Last week, arguing on the Senate floor in favor of putting their bill up for a vote, they both referenced the $250 billion estimate and repeated Alexander’s warning about the greatest transfer of wealth in history.
A handful of media stories, blog posts and academic studies have previously expressed skepticism about these attention-getting estimates, but this has not stopped an array of government officials and politicians from continuing to publicly cite them as authoritative. Now, an examination of their origins by ProPublica has found new grounds to question the data and methods used to generate these numbers, which McAfee and Symantec say they stand behind.
Source: Pro Publica