By ALEX NUNES/ecoRI News contributor
Anyone at all familiar with Congressman Jim Langevin knows he likes to talk about cybersecurity — a lot.
He's the co-founder and co-chair of the Congressional Cybersecurity Caucus, and he has an evangelist’s fervor for the subject. He believes the United States could “face a cyber attack on the scale of Pearl Harbor or 9/11” and says the only way to avert catastrophe is to remain ever vigilant — and spend billions and billions of dollars to prove it.
Rep. Langevin, D-R.I., was once featured at length on 60 Minutes making his usual pitch on the dangers posed by cyber threats and America’s woeful unpreparedness. He’s a more-than-eager cable TV pundit when it comes to anything cyber. And he’s a virtual dial-a-quote for print journalists writing about the subject, at least most of the time. ecoRI News contacted Langevin's office for this story, but was told the lawmaker would not be able to do an interview at this time.
But what we never hear from Langevin in any of these interviews are the many reasons we have to question his motives and credibility regarding cybersecurity.
What I’m talking about is the fact that Langevin’s nearly decade-long cyber fixation — he co-founded the Congressional Cybersecurity Caucus in 2008 — has always come with immense benefits to the very national security and defense profiteers who bankroll his campaigns.
Langevin — by way of his campaign committee and leadership PAC — has received $749,400 in PAC and individual donations from the defense industry over the course of his career, according to the Center for Responsive Politics, including $313,600 from contributors categorized under defense electronics.
The Washington, D.C.-based nonprofit ranks General Dynamics and Raytheon one and two in terms of Langevin donations linked to a single company, with $168,950 and $104,350 coming from the defense juggernauts, respectively. Not much further down the list is Northrop Grumman, also among the nation’s top five defense contractors, at $73,800. All three companies are heavily invested in the future of cybersecurity.
To be sure, I’m not saying cybersecurity is a non-issue. Obviously, it’s something we should pay close attention to and be doing something about.
But, when a congressman accepts that much money from the very people benefiting handsomely from U.S. cyber policy, it makes you wonder about alarmist analogies like “Cyber 9/11” and “Cyber Pearl Harbor.”
This all, of course, isn’t without consequence to his constituents who have a few more priorities than shuffling as many billions of dollars as possible over to corporate opportunists.
That point was obvious to me last month, when I heard word that Langevin was back home, crisscrossing Rhode Island to promote the less-than-altruistic “Cybersecurity Awareness Month.”
I thought: How come no similar tour for “Single-Payer Healthcare Awareness Month”? His constituents (including me) have been pushing him on that for a long time, and he’s done virtually nothing to advocate for it since giving a Medicare For All bill his token endorsement in September.
Or how about spending more time talking about affordable housing, childhood hunger, or other social-justice issues? It would be nice to see him use the authority of his office to promote something other than cyber, cyber, cyber.
This “cyber skeptic” line of criticism isn’t new. The possibility that cyber threats have been deliberately hyped for the sake of self-serving interests — namely corporations, the members of Congress who do their bidding, and proponents of mass surveillance — has been raised many times over the years.
According to the Center for Responsive Politics, Langevin’s campaign war chest has received $347,100 from contributions attributed to donors connected to three defense contractors that are invested heavily in cybersecurity: General Dynamics, $168,950; Raytheon, $104,350; Northrop Grumman, $73,800
And voices across the ideological spectrum have raised concerns about the issue: from journalist Glenn Greenwald of the Edward Snowden leak fame to the ACLU to the Koch-backed Mercatus Center at George Mason University.
When you look closely at Langevin’s history of statements on cybersecurity and his industry connections, it’s easy to see why there’s reason for suspicion.
Not too long ago, in May 2016, Langevin sent out a fairly overlooked tweet — only seven likes and four retweets — that read, “Cyberspace is an important frontier in our nat'l secy landscape @gwcchs @northropgrumman #DoDCyber.”
The tweet might appear innocuous, but it’s not once you break down Langevin’s esoteric batch of alphabet soup:
@gwcchs refers to the George Washington University Center for Cyber & Homeland Security, a think tank whose board of directors is filled with past and present operators in the “nonprofit” and for-profit cybersecurity fields, including the founder and co-chair of a private equity firm that specializes in federal contracting and a “fellow emeritus” from the far right-leaning Heritage Foundation, dubbed “Donald Trump’s think tank” for its outsized influence so far in the Trump presidency.
@northropgrumman is the Twitter handle for Northrop Grumman, a firm that scored $2.2 billion in net income last year and $24.5 billion in revenue, according to figures provided by researches at the UMass Lowell Center for Industrial Competitiveness.
#DoDCyber is, I imagine, a hashtag few people other than Langevin use to refer to the Department of Defense and its cyber operations.
To take this line of inquiry further, I’m going to layout some additional facts and then put them into context:
Northrop Grumman CEO Wesley Bush — a man who has gobbled up $233 million in total compensation since becoming the head of the company in 2010, according to the Center for Industrial Competitiveness — has been on a Langevin campaign contribution kick in recent years, according to the Federal Election Commission, donating $13,400 since 2014.
Both Bush and Langevin, as well as Sen. Sheldon Whitehouse, D-R.I., spoke at the West Point Cyber Conference in 2012, which Langevin promoted ahead of time with this ominous warning: “[C]yber risks will soon pass terrorism as our most serious national security threat, and we hope this conference will help generate solutions to the challenges our country faces.”
The “solutions” Langevin referred to undoubtedly involve(d) contracts to Bush’s company.
Langevin also has cozy relationships with smaller companies and even brought the president of one cyber firm as his guest to President Obama’s final State of the Union address.
Langevin’s former staffer Tim DelGiuidice has gone on to a rather successful career at Raytheon, where, as his resume notes, he has worked to “[d]evelop and maintain relationships with Members of Congress.” DelGiudice is now chairman of the board for the Southeastern New England Defense Industry Alliance and a regular Langevin campaign donor: $1,600 since 2009.
Another former staffer, Davis Hake, is now a self-described “policy leader and entrepreneur” who has fashioned himself a go-to expert on all things cyber; his post-Langevin career includes a stint at the Santa Clara, Calif.-based security firm Palo Alto Networks as director of cybersecurity strategy.
A cyber-industry darling, Langevin has had awards heaped on him by the cybersecurity industrial complex: the 2017 Excellence in Cybersecurity Award presented by the tech industry group CompTIA; the Cybersecurity Privacy & Innovation Public Service Award from the Online Trust Alliance; and the Transcend Award from the Institute for Critical Infrastructure Technology.
In 2011, when an alleged Russian hack triggered a water-pump failure at an Illinois utility plant, Langevin quickly took to MSNBC to call the event “a real wake-up call.” However, an investigation later revealed there was no Russian hack, only a mechanical failure. I was unable to find any evidence of a mea culpa from Langevin on the role he played in this technopanic.
My point in bringing all this up, as I noted earlier, isn’t to argue that cybersecurity is a hoax. Certainly, retail establishments, corporations and data-gathering firms have had information compromised, and obviously there’s good reason to believe the government should take foreign cyber threats seriously.
The point is that Langevin’s word on this important issue looks compromised. Can we trust he’s pursuing the most effective and cost-efficient solutions? Can we say with certainty he’s not just promoting what’s good for the industry and his own career?
If Langevin wants to be a credible cybersecurity advocate, he should dissociate himself from the conflicts — i.e., stop taking campaign contributions from the companies benefiting from his political support.
Ultimately, it’s unfair that many of Langevin’s constituents have to chase him down at town halls and scripted luncheons to make their case for single-payer health insurance, state-supported child care and pre-K education, or housing assistance, while out-of-state millionaire executives get VIP access.