The National Security Agency, the largest electronic spy agency in the world, is undertaking a major reorganization, merging its offensive and defensive organizations in the hope of making them more adept at facing the digital threats of the 21st century, according to current and former officials.
In place of the Signals Intelligence and Information Assurance directorates — the organizations that historically have spied on foreign targets and defended classified networks against spying, respectively — the NSA is creating a Directorate of Operations that combines the operational elements of each.
“This traditional approach we have where we created these two cylinders of excellence and then built walls of granite between them really is not the way for us to do business,” said NSA Director Michael S. Rogers, hinting at the reorganization — dubbed NSA21 — that is expected to be publicly rolled out this week.
“We’ve got to be flat,” he told an audience at the Atlantic Council last month. “We’ve got to be agile.”
Some lawmakers who have been briefed on the broad parameters consider restructuring a smart thing to do because an increasing amount of intelligence and threat activity is coursing through global computer networks.
“When it comes to cyber in particular, the line between collection capabilities and our own vulnerabilities — between the acquisition of signals intelligence and the assurance of our own information — is virtually nonexistent,” said Rep. Adam B. Schiff (Calif.), the ranking Democrat on the House Intelligence Committee. “What is a vulnerability to be patched at home is often a potential collection opportunity abroad and vice versa.”
But there have been rumblings of discontent within the NSA, which is based at Fort Meade, Md., as some fear a loss of influence or stature.
Some advocates for the comparatively small Information Assurance Directorate, which has about 3,000 people, fear that its ability to work with industry on cybersecurity issues will be undermined if it is viewed as part of the much larger “sigint” collection arm, which has about eight times as many personnel. The latter spies on overseas targets by hacking into computer networks, collecting satellite signals and capturing radio waves.
“The NSA21 initiative will ensure the National Security Agency continues to be the preeminent signals intelligence and information assurance organization in the world,” said Jonathan Freed, director of strategic communications at the NSA. “These core missions are critical as we position NSA to face complex and evolving threats to the nation. Out of respect for our workforce, we cannot comment on any details or speculation before the plan is announced.”
The change comes about a year after the CIA did its own revamping, ending divisions that have been in place for decades and creating new centers that team analysts with operators. The NSA’s new Directorate of Operations also will place analysts with operators.
In a speech in December, Rogers characterized the change as “among the most comprehensive” at the NSA since the late 1990s. He began the effort about a year ago, giving a team of employees from across the agency what he called the “director’s charge.” Among the major questions they were asked were: How can the agency better innovate? And how “do we inculcate collaboration and integration” in operations?
For instance, said one former U.S. official familiar with the plan, both information assurance and foreign intelligence gathering rely on similar processes for data analysis and depend on each other. “But the challenge is they are very much two different cultures,” the official said. “Unless you’ve worked on both sides of the house, you don’t inherently trust each other.”
The Information Assurance Directorate (IAD) seeks to build relationships with private-sector companies and help find vulnerabilities in software — most of which officials say wind up being disclosed. It issues software guidance and tests the security of systems to help strengthen their defenses.
But the other side of the NSA house, which looks for vulnerabilities that can be exploited to hack a foreign network, is much more secretive.
“You have this kind of clash between the closed environment of the sigint mission and the need of the information-assurance team to be out there in the public and be seen as part of the solution,” said a second former official. “I think that’s going to be a hard trick to pull off.” Both former officials spoke on the condition of anonymity because the details of the plan are not yet public.
Richard George, a former technical director for the IAD, said he saw how techniques that the defense side developed have helped the offensive operations and vice versa. “It’s got to be really useful to have those groups closer together where they’ll be sharing ideas and techniques more frequently,” said George, now a senior adviser on cyber issues at the Johns Hopkins University Applied Physics Lab.
Former NSA director Michael V. Hayden undertook one of the agency’s other major reorganizations, creating the Signals Intelligence Directorate (SID) in 2000 by merging two directorates — of operations and technology. He said he opted not to fold in the IAD. “From the outside perspective,” he said, “I needed an organization that was, and was seen to be, committed to defense.”
At the time, he added, the IAD needed to be strengthened and adapted to the cyber age. “Keeping it separate allowed me more direct visibility into that,” he said. “That said, as the cyber mission matured, the operational and technological aspects of the SID and IAD missions merged more and more.”
By 2005, as cyberthreats were growing, Hayden decided to create a new organization that would enable the agency to leverage the intelligence it was getting from spying on overseas networks to help it defend against intrusions into the government’s classified networks. The NSA Threat Operations Center was an experiment in combining offense and defense. “It was wildly successful,” the first former official said.
NTOC dispelled the myth, the official said, that one person cannot operate under two sets of legal authorities — offensive and defensive. “I can actually sit at my desk and one minute be using sigint data and authorities . . . and the next minute I could be using IA data and authorities and my mission is not changing,” the official said. “You need checks and balances. You need to know what authority you’re using at any given time, but it’s possible.”
Still, some congressional aides briefed on the broad outlines of the plan have expressed concern about mixing funding for intelligence activities and that for cybersecurity activities.
One area where the sigint side is ahead of information assurance is in using “big data” analytical tools to manipulate large volumes of information quickly. “What we want to do is take advantage of that knowledge, to apply it as needed to the IA analysis,” the first former official said.
The reorganization plan also includes separate directorates of capabilities and research.
“One of the fundamental tenets you’ll see us outline as we try to position NSA for . . . the environment I think we’re going to see five, 10 years from now is a much more integrated approach to doing business,” Rogers said at the Atlantic Council. “I don’t like these stovepipes of SID and IAD. I love the expertise. And I love when we work together. But I want the integration to be at a much lower level and much more foundational.”