Inside the NSA's New Cybersecurity Directorate

NSA's Integrated Cyber Center will be home to mission teams providing real-time intelligence and 24/7 worldwide cyber operations.

NSA's Integrated Cyber Center will be home to mission teams providing real-time intelligence and 24/7 worldwide cyber operations. Liam Davitt/NSA

The National Security Agency has a new state-of-the-art center and a new attitude about sharing its threat information.

For decades, the National Security Agency went by the unofficial nickname “No Such Agency” as it gobbled up international communications and surveillance data and provided super-secret intelligence to policymakers.

The agency avoided headlines and publicity in all but the rarest circumstances, but it’s taking a different approach with its Cybersecurity Directorate, which it launched last week to unify its foreign intelligence and cyber defense missions in one still-very-secret and state-of-the-art facility on its Fort Meade, Maryland campus.

“For us to be most effective, we have to be out there. If we’re going to be effective, we need to be more open,” Neal Ziring, the NSA’s technical director, told reporters Thursday at its new Integrated Cyber Center.

The ICC is a $520 million, 380,000 square foot facility that houses up to 1,400 personnel from NSA and U.S. Cyber Command, the defense contracting community and other defense and intelligence agencies. The epicenter of the facility, which opened last year, is a command center that would make any James Bond supervillain blush. 

Three massive video monitors—the largest of which is 57 feet wide and 20 feet tall—loom overhead of a warehouse-sized floor where teams of cyber gurus and data scientists hover over souped-up computers with screens displaying all variants of code. The command center is staffed 24/7, and teams cycle in every 12 hours to monitor real-time internet activity and cyber threats as they unfold over the world. Its connectivity with global intelligence partners ensures immediate communication over global cyber crises.

Reporter visits to NSA facilities are rare, and Thursday’s bussing in of more than a dozen reporters to show off its ICC was a first-of-its-kind effort, evidencing what cybersecurity directorate Chief Anne Neuberger acknowledged was “a little bit different for us than the traditional No Such Agency approach.”

The directorate’s openness and default to sharing information is by design, Neuberger said, and applies especially to government, industry and academic partners. The NSA has long had a presence in cyberspace, mostly through its Information Assurance Directorate, but much of its classified doings didn’t filter down unclassified chains to important networks and systems, such as financial, energy or critical infrastructure systems. Neuberger said one of her new directorate’s goals is to provide more actionable threat intelligence at the unclassified level so that partners, customers and private sector firms can actually reap benefits in real-time. The NSA, she said, will strive to declassify and share threat intelligence faster.

“We need to have persistent intelligence collection to protect against the next threat, but if intelligence isn’t used to prevent a threat from happening, then what’s the point?” Neuberger said.

The Cybersecurity Directorate’s early mission is to “prevent and eradicate threats” to national security and weapons systems and the defense industrial base, which face increasingly complex cyber threats from China, Russia, Iran and North Korea. 

Speaking Oct. 9 at a conference hosted by FireEye, NSA Chief Gen. Paul Nakasone said adversaries are using cyberspace to steal intellectual property developed on American soil. That’s particularly problematic for the defense sector that supplies weapons systems to the Pentagon but is made of a hodge-podge of small and large companies with varying resources and capabilities to defend themselves from attacks.

“We must better protect our nation’s advantage in the defense sector from intellectual property theft,” Nakasone said.

One of the ways the Cybersecurity Directorate aims to do that is by producing “better threat alerts with more context,” Neuberger said. The directorate released such an advisory on Oct. 7, detailing to the public how multiple nation-state actors “have weaponized” certain virtual private network vulnerabilities. The advisory included a list of affected systems and recommended patches and other strategies to harden systems against intrusion.

The Cybersecurity Directorate will have other jobs, too. For starters, Neuberger said her directorate will expand its nascent work protecting other critical sectors, such as the energy sector.

Previous components of the directorate also helped monitor the 2018 midterm election for digital interference.  Now folded under the same roof, the fully staffed and integrated Cybersecurity Directorate will provide assistance to the Homeland Security Department and FBI in protecting the 2020 presidential election from the kinds of meddling that impacted the 2016 election, in addition to its main objective of monitoring potential global cyber crises.