What is new, NSA officials said, is that the agency is hitching together under one roof threat detection, cyberdefense and future-technologies personnel. They are calling it the Cybersecurity Directorate.
“The mission of the organization is to prevent and eradicate threats,” said its director, Anne Neuberger, who reports directly to the NSA director, Gen. Paul Nakasone. “Our focus is going to be on operationalizing intelligence.”
The creation of the directorate also elevates the cybersecurity function to more prominence. The Information Assurance Directorate, whose head reported to the NSA director, was folded into a new directorate of operations in a reorganization several years ago, leading to what some viewed as a diminishment of the defensive mission.
“The cyber directorate is the right idea, period,” said Thomas Bossert, former homeland security adviser to President Trump. “If only our country could combine the NSA cyber directorate with [the Department of Homeland Security’s cybersecurity organization] and trust in our institutions, we could make an even bigger difference for our security.”
The public knows the NSA as a powerful electronic spy agency that collects intelligence by intercepting radio, satellite and phone communications and increasingly by hacking computers of foreign targets overseas. Few know about the agency’s defensive mission to protect digital systems, a job enabled by the data gathered from the “offensive,” or intelligence-gathering, side of the house.
Now the agency — which used to be so secretive that people joked its initials stood for “No Such Agency” — is seeking to be more public in its defensive work. And the new directorate will strive to declassify threat intelligence in a timely manner so it can be used by as many private-sector firms as possible, officials said.
The directorate, ordered up by Nakasone, may have the most impact in the defense industry, analysts say. The NSA’s record there is mixed. In 2011 it conducted a pilot project in which it shared threat “signatures,” or malware samples, with the major Internet providers to the defense contractors. But often the signatures were stale by the time they were shared and so were not that useful to the companies.
Neuberger acknowledged the pilot had challenges. But this time, she said, the data will arrive fresher and faster. Moreover, she said, the key is to get the most useful information to the right hands, including by partnering with the Department of Homeland Security, Neuberger said. DHS, for instance, has begun working with the NSA to identify specific systems within the banking sector that are most vulnerable to hacking so the agency’s threat detection personnel can keep an eye out for them.
One example is “wholesale payments systems,” through which banks facilitate high-value, large-volume financial transactions between banks. “In some cases, [the target] will be the big banks, but it’s also some of the niche players and the boutique software suppliers,” said Christopher Krebs, head of DHS’s Cybersecurity and Infrastructure Security Agency. “We’ll say, ‘These are the things you need to be looking for, the things you need to refine your analytics against.’ ”
The goal, Neuberger said, is “integrating all of our cyber mission so there’s one focus . . . sharing all of our unclassified information as early as possible, as quickly as possible, so we can target that sharing to the right entity and then partner with DHS on critical infrastructure . . . to build the security of that sector.”
One former senior intelligence official praised the NSA for seeking “to have a more active role” in sharing intelligence to protect the private sector. “My only point is they could have been doing this years ago,” said the former official, requesting anonymity to speak candidly about a sensitive matter. “You could have made a decision that the IAD was going to do that. You didn’t need to stand up a new directorate. The authorities were there from day one. It’s just a matter of having the will do to it.”
The new organization also will continue the work that NSA’s cyberdefensive arm has always done — developing security standards for military and commercial technologies. But it will focus as well on future technologies, Neuberger said.
“If you build secure products, it is so much easier and less costly to defend,” she said.
Defense companies expressed an openness to the initiative but are taking a wait-and-see attitude. Overseas partners, meanwhile, are rooting for its success.
If the NSA and DHS can partner effectively in the cybersecurity mission, it “could be incredibly powerful,” said Ciaran Martin, the head of Britain’s National Cyber Security Center. His organization, which is part of Britain’s electronic spy agency, GCHQ, effectively combines under one roof the British equivalent of the cyberdefense components of DHS and the NSA.
The new directorate, he said, “provides the opportunity to take the transatlantic cybersecurity relationship to a new level.”