Few agencies are more concerned with cybersecurity than the National Security Agency. One might say NSA has cyber in its DNA. Recently the agency’s cybersecurity directorate marked a full year of operations. For details on what it’s managed to get done, deputy director Dave Luber spoke to Federal Drive with Tom Temin.
Insight by Cloudera: Learn about what a few federal agencies are doing to tackle data security challenges and improve their cyber data posture in this exclusive e-book.
Tom Temin: Mr. Luber, good to have you on.
Dave Luber: Tom, great to be here today.
Tom Temin: So first of all tell us roughly in general terms what the Cybersecurity Directorate does for NSA, and I guess you’ve got a kind of a government wide mission also.
Dave Luber: Well, thanks Tom. Cybersecurity Directorate was formed in 2019, and was created to integrate NSA cybersecurity mission to prevent and eradicate threats to our nation’s most sensitive systems and critical infrastructure. The Cybersecurity Directorate integrates NSA threat intelligence, vulnerability analysis, cryptographic knowledge, defensive operations and diverse technical expertise. Our cybersecurity year end review goes into more detail to this work we did towards the mission in 2020. And that’s the first year of our full year as a Cybersecurity Directorate.
Tom Temin: Alright. And how many people are involved? Give us a sense of the scope of the activity here. And by the way, are you headquartered at the main NSA location?
Dave Luber: We are headquartered at the NSA main location in Fort Meade. And we have a vast number of folks that are part of our team, and just a great group of folks and professionals.
Tom Temin: And before we get into some of the specific accomplishments listed in the annual report, I just wanted to ask you, you think of the Cybersecurity and Infrastructure Security Agency at Homeland Security, CISA, as being in a similar type of activity. Do you to talk to one another and is there some sort of collaboration or cooperation there?
Dave Luber: Absolutely, in fact, CISA’s one of our prime partners, but not the only partner that we have across the US government. And I’ll get into a little bit more of that when I talk about some of the activities that we’ve engaged on collectively together.
Tom Temin: Well, let’s get into that annual report that’s online. And what do you consider some of the top highlights?
Dave Luber: Well, first off, the top highlights, the Cybersecurity Year in Review was really created to demonstrate the returns on investment that NSA made in the cybersecurity area and for the stakeholders and the American taxpayers. Really, the document is a testament to the skills and resiliency of the NSA people, and the partners across the public and private sectors who worked together throughout the year to protect the US in cyberspace. The Year in Review, we really created this to highlight and an unclassified way the accomplishments that were driven by our tremendous workforce and the partners, and to even provide greater transparency to the audiences as we lean forward in this first year. And I’d be happy to go into some additional details on some of the things that we worked in that report.
Tom Temin: Well, you mentioned that there were 30 actionable cybersecurity products. And tell us more about those these are things that you coded or programmed? You tell me.
Dave Luber: Really, when I talk about the cybersecurity advisories and products, what I’m really talking about is security guidance, or assessments that we’ve put together to help our customers in the national security system, national security systems owners, the Department of Defense, the defense industrial base, and many others within government, understand how to configure their systems and understand also the threats that they may see from cyber actors. So whether that’s making sure that we protect our nation’s vital vaccine and make sure the networks are protected from actors who may try and target vaccine makers, or when we talk about nation states that may want to use public vulnerabilities to gain access to your networks.
Tom Temin: Got it. And here’s where maybe the collaboration with CISA would come in, and also maybe the National Institute of Standards and Technologies. They have advisories and guidance and so forth, yours seems to be maybe more oriented toward the intelligence community and DoD, the classified end.
Dave Luber: Both national security systems owners, yes, on the classified end, but also the unclassified end. So just to give you an example, one of the efforts that we put together in one of our products, we issued this jointly between NSA, CISA and partners in the UK and Canada to warn against a particular advanced persistent threat targeting organizations engaged in COVID-19 vaccine research in the US and the UK and Canada. So that joint advisory provided really important indicators of compromise and detection techniques, and actionable mitigations. And as you might imagine, those sorts of advisories then help those in the vaccine process and developing the vaccine to really go and look at their networks, examine those networks and put mitigations in place.
Tom Temin: There’s one highlight that’s really interesting and that is you supported the DoD’s transition to telework and releasing written products and providing commercial solutions for classified capability packages. And this applies to 100,000 people. Tell us more about that one.
Dave Luber: Sure, absolutely. And COVID-19 really made us rethink how we work across government. And just like the rest of the the United States, the US government started transitioning many of their employees to working from home. So our experts in the cybersecurity mission rose to the occasion really to support the DoD into the transition of telework, but also enabling more than 100,000 users to telework securely. And as you might imagine, that included everything from releasing the best practices and products to use in a telework environment, as well as how to identify and mitigate compromises to personal home networks as more users begin to use those as part of their official business.
Tom Temin: Yes, because that’s a mode of work that’s likely to continue at a high level for some time, maybe even after the pandemic.
Dave Luber: Absolutely. So this work continues and we are constantly engaging with many partners across the DoD and other national security systems owners to further refine that guidance and provide additional insights as we learn more about the best ways to operate securely in a telework environment.
Tom Temin: And getting back to the operation warp speed, which you supported again with advisories and so forth, and what to watch out for, did you detect any particular heightened activity other than what goes on normally out there in the wild directed toward that research and toward those companies?
Dave Luber: As I mentioned, NSA provides threat intelligence and cybersecurity advisements. And if we start to see demonstrated activity where advanced persistent threats are targeting organizations, especially those that are important to our national security, such as the vaccine research that was going on, we’re absolutely going to get those advisories out and get that information out to those so they can protect their networks. Operation Warp Speed is really a whole government effort led by the Department of Defense and Health and Human Services. We wanted to make sure that that team was poised and charged to produce and deliver safe and effective COVID vaccine capabilities.
Tom Temin: So now all you have to do is get it made and distributed and the country will be better off. And let me ask you this, what are you looking for in 2021 and beyond? You helped secure an election, that’s over with, and Operation Warp Speed is mostly done because there is a vaccine. So what comes up next?
Dave Luber: Certainly when you think about what comes up next, we have been working, as you might know, on a number of different activities going on. Our cybersecurity advisories continue to be a very important part of our future and making sure that we can get those insights out to our customers, and to make sure that they have the best guidance possible to secure their networks against very advanced cyber threats.
Tom Temin: Because a lot of agencies including DoD and their statutory requirements to get after security of the supply chain, and then the SolarWinds issue hit which was a supply chain breach, so is supply chain part of what you’re looking at in depth coming up?
Dave Luber: Absolutely. This was a cyber espionage operation which was executed at scale and speed with very nuanced tactics and techniques and procedures. The actor targeted private sector technology providers who both serve the government and corporate clients and used that access to gain a foothold into their victims. And then they carefully picked specific victims of interest. So due to the nature of the foreign intelligence and cybersecurity mission, we are out there providing support to both US government entities that have been affected by this activity.
Tom Temin: And one more question, at the website there is a illustration It looks like a wall chart of the 2020 accomplishments. And it says can you find the hidden message in this graphic, but it’s very tiny on a web browser. And no matter what I did, I couldn’t get that to enlarge. So how do people get to that wall chart so that they can solve the hidden message in the graphic?
Dave Luber: I believe our wall chart is available on nsa.gov.
Tom Temin: Alright, and someone could download and print it and stick it up and figure it out?
Dave Luber: That’s correct.
Tom Temin: Dave Luber is Deputy Director of the Cybersecurity Directorate at the National Security Agency. Thanks so much for joining me.
Dave Luber: Thank you.