with Aaron Schaffer

The National Security Agency, which once did its work almost entirely in the shadows, is evolving into a far more public institution that’s eager to cooperate with parts of the private sector. 

The most visible symbol of that shift is a cybersecurity collaboration center that opened in January and is custom-designed for agency officials to host industry cybersecurity pros and hash out responses to major hacking challenges. 

The agency has worked out deals with numerous defense and technology companies to make regular visits to the center, said Rob Joyce, director of NSA’s Cybersecurity Directorate, although he declined to name the companies or provide a specific number that have joined. 

The goal is for some company officials to be based in the center full time, though that has been delayed by the pandemic, Joyce said. 

If you dealt with NSA a couple of years ago in cybersecurity, we were happy to catch things you would throw over that fence line, but we did not have the authorities and the processes to engage in a conversation back,” Joyce said, referring to the physical barrier that surrounds the agency’s home base in Fort Meade, Md., which is mostly inaccessible to folks without security clearances. 

“That's what's changed,” he said. 

Joyce made the comments during a media tour of the collaboration center — another event that would have seemed outlandish a few years ago for the spy outfit that was jokingly referred to as “no such agency.”

There are two key things that prompted the NSA’s transformation. 

First was the backlash to Edward Snowden’s 2013 revelations about the agency’s widespread surveillance, which sometimes scooped up communications from U.S. citizens who were in contact with foreign surveillance targets.

In the wake of the leaks, NSA officials pledged to be far more transparent with the public about their operations. That's been a difficult task while also maintaining secrecy about spying operations. 

The second major driver is the pace and scale of cyberattacks, which increasingly are threatening to destabilize the economy and threaten public safety. 

The Colonial Pipeline ransomware attack in May disrupted gas supplies across the southeastern United States. The SolarWinds attack could have brought large chunks of the government and top companies to a screeching halt if the Russian hackers allegedly behind the operation had opted to launch a destructive attack rather than simply steal information. 

Things have to change because doing what we did yesterday isn't going to solve the problem,” Joyce said. 

Joyce wants the government to be better at preventing cyberattacks against industry rather than mopping up the damage once it’s already happened, he said.

“We don't want the federal government to be exceptional at incident response. At that point it's too late,” he said. 

Collaborating more closely with industry will also give NSA better visibility into the kind of attacks hackers are launching and a possible early warning about actions by adversaries such as Russia and China, Joyce said.

The center is designed for collaboration specifically with companies in the defense industrial base and that provide large-scale technology services. 

That second category could include major technology platforms, cybersecurity companies and providers of cloud computing services. 

“We have [company officials] coming in for meetings, conversations where we talk about specific actors or specific activity that we've been seeing,” the center’s chief, Morgan Adamski, said. “We also facilitate analytical, collaborative workshops so our partners can come in and we can work a specific topic for multiple days at a time.”

The center isn't giving up secrecy entirely

Company representatives who spend a substantial amount of time there are expected to have security clearances so they can collaborate using information that’s not shared with the broader public, Adamski said. 

About one-third of the 36,000-square-foot center is set up for such classified conversations, though the remainder looks more like a traditional tech workspace with cubicles, large glass windows and pillars with inspirational slogans printed on them, such as “imagine,” “ideate” and “transform.”

The center’s connected through a virtual chat room with analysts at NSA’s main campus who can share insights based on the agency’s foreign intelligence collection. 

The unclassified portion of the center is WiFi enabled, another novelty for the NSA because of concerns about leaking secrets. 

Joyce made a show of tweeting from his personal cellphone during the news briefing, something that’s not usually possible in the classified environments he works in.

In a further nod to transparency, the agency is working on setting Joyce up with an official government Twitter account to post from rather than his personal account, he said. 

Correction: This post has been updated to correct the square footage of the NSA center. It was printed incorrectly on a fact sheet. 

On the move

Chris Krebs is joining the advisory board of the cybersecurity company SentinelOne. 

The former director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has also launched a consulting firm with former Facebook cybersecurity chief Alex Stamos since involuntarily leaving office late in the Trump administration. 

Krebs praised SentinelOne, noting that the company, which uses automated tools to probe for evidence of hacking, could help companies combat threats such as ransomware. “Traditional, human-powered approaches and solutions are struggling to match the pace of the increasingly automated threat,” he said. 

President Donald Trump fired Krebs by tweet after his agency vouched for the security of the 2020 election, which Trump said without evidence had been undermined by fraud. 

The keys

Executives at a French spyware company were indicted on charges of “complicity in acts of torture.”

Four current and former employees of the company Amesys, which is now known as Nexa Technology, are facing charges over sales of spyware to Libya and Egypt. Critics say the spyware helped those governments torture and disappear dissidents, MIT Technology Review’s Patrick Howell O'Neill reports. The next step is for judges to determine whether there is sufficient evidence to send the case to a criminal court.

The indictments are “unprecedented,” according to Amnesty International Tech Director Rasha Abdul Rahim. She said the indictments “send a clear message to surveillance companies that they are not above the law, and could face criminal accountability for their actions.” Nexa did not respond to a request for comment.

The United States and European allies created a joint working group to “address the scourge of ransomware.”

The group's work will include sharing information about hacking groups and best practices for combating them, Politico EU’s Laurens Cerulus and Clothilde Goujard report.

Homeland Security Secretary Alejandro Mayorkas and European officials “agreed on the importance of together combating ransomware including through law enforcement action, raising public awareness on how to protect networks as well as the risk of paying the criminals responsible, and to encourage those states that turn a blind eye to this crime to arrest and extradite or effectively prosecute criminals on their territory,” a joint statement noted.

Colonial Pipeline is facing a potential class-action lawsuit after a ransomware attack.

The lawsuit would be brought on behalf of about 11,000 gas stations that ran short on fuel during the attack, Bloomberg News’s Christopher Yasiejko reports. It claims that the May ransomware attack hit Colonial “despite advance knowledge and warnings,” and that the company “repeatedly ignored and rejected efforts by the applicable regulatory agency to meet with it so as to check on its cybersecurity.” 

Colonial did not respond to a request for comment. The company has defended its response to the hack, which included paying hackers a $4.4 million ransom that was partially recovered by U.S. law enforcement.

Global cyberspace

Securing the ballot

Asked on June 22 about Arizona’s election audit, Senate Minority Leader Mitch McConnell (R-Ky.) said he supports states handling their own elections. (The Washington Post)

Cyber insecurity

Hill watch

Daybook

  • The Senate Armed Services Committee’s cyber panel holds a hearing on ransomware today at 2 p.m.
  • FBI director Christopher A. Wray testifies before a Senate Appropriations Committee panel today at 2 p.m.
  • The House Small Business Committee holds a hearing on CMMC cybersecurity implementation on Thursday at 10 a.m.
  • Cybersecurity and Infrastructure Security Agency officials discuss ransomware at an Infosec webinar on Thursday at noon.
  • The Cyber Threat Alliance holds a webinar on botnets and cybersecurity labeling on Thursday at 11 a.m.
  • John Sherman, the Pentagon’s acting chief information officer, testifies before a House Armed Services subcommittee on June 29 at 2 p.m.

Secure log off