NSA Cyber Directorate Touts Election, Pandemic Security Work in 2020 Review

Daniel J. Macy/Shutterstock

Anne Neuberger, NSA’s director of cybersecurity, said the agency “surged rapidly” to secure telework and protect networks used in vaccine development.

The National Security Agency’s Cyber Directorate touted its role in securing the 2020 presidential election and response to the COVID-19 pandemic in supporting vaccine protection and the Defense Department’s pivot to telework in a new report. 

NSA’s Cyber Directorate, established in October 2019, released its 2020 NSA Cybersecurity Year in Review highlighting the directorate’s accomplishments in its first full year of operation Friday. The review comes as NSA and other federal agencies continue to deal with the fallout of a major hack that likely originated in Russia affecting multiple federal agencies

Anne Neuberger, NSA’s director of cybersecurity who according to Politico is set to be named to President-elect Joe Biden’s National Security Council, wrote in a letter included in the review that connecting personal devices to enterprise networks during the pandemic has expanded the cyberattack surface. The president-elect’s transition team has not announced an appointment for Neuberger at this time.

“We surged to rapidly deliver capacity for secure telework, and provide intelligence and cybersecurity advice to protect networks used in developing and approving a coronavirus vaccine,” Neuberger wrote, adding the directorate also collaborated with the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and U.S. Cyber Command to secure November’s presidential election. 

In order to facilitate DOD’s pivot to telework, NSA reviewed and approved 16 solution registrations for Commercial Solutions for Classified capabilities, which the agency estimates enabled 100,000 users to telework securely, according to the review. 

To help protect vaccine development, NSA “provided cyber threat intelligence, cybersecurity assessments, and foundational cybersecurity guidance,” the report reads. This included the release, made jointly with CISA, the U.K. and Canada, of a report detailing how the group known as “Cozy Bear,” “the Dukes,” or Advanced Persistent Threat 29 has been attempting to steal intelligence related to vaccine development. APT29 is “almost certainly” a part of Russian intelligence services, according to the report. 

NSA’s election security work in 2020 included providing almost 4,000 indicators of compromise to partner agencies, making nearly 200 tips notifying partner agencies of company or agency compromise, and responding to nearly 250 inquiries for additional reporting, according to the review. 

The review also details NSA’s efforts to build a more diverse workforce, strengthen public-private partnerships, and modernize encryption and cryptography. NSA has publicly released 30 cybersecurity products since the directorate’s creation, according to the review. 

In terms of future threats, the year in review points to Russia, China and Iran as key adversaries. 

“Information sharing is only as good as the action it compels,” NSA’s review concludes. “This year, take action. Prioritize cybersecurity investments against the greatest threats to drive down risk. Join us in advocating for innovative public-private partnerships.”