The National Security Agency’s new cybersecurity directorate is less than a month away from reaching initial operating capability (IoC) and three-and-a-half months from full operational capability (FoC).
In the meantime, NSA is reorganizing some of its mission areas to fit better under the new directorate, and along with that comes the shifting of people and resources.
Anne Neuberger, the director of cybersecurity at NSA, said at the 10th annual Billington Cybersecurity Summit that the new organization will bring together four cyber communities, including the threat intelligence and vulnerability assessment offices.
She said the two other offices are more on the operational side.
“Our traditional keys and codes mission … that builds a million plus keys a year that are at the root of all secure communications across the armed forces and allies,” she said after her speech in a briefing with reporters. “Our operational mitigation teams that generate the various indicators that we tip to partners across the U.S. government and others. We want our folks to see that the directorate coming together gives them a way to have diversity in their careers and to really learn from those other communities to have that more unified, holistic impact.”
NSA also is preparing the workforce for both the Oct. 1 IoC and Dec. 31 FoC by addressing some typical and necessary administrative changes as well as creating work space so the different communities can work more closely together.
“There are certain priorities we are changing, and there are certain ways we are massing resources on particular problems. So if you are a vulnerability researcher, we will change the way we do vulnerability research by, for example, doing it more in an unclassified space and bringing different kinds of people together to do that mission,” Neuberger said. “But other than that, we want people to have that stability within the confines of the changes we are making to deepen our impact.”
NSA also will be opening up new jobs for current employees or other cyber experts to apply for as part of this reorganization.
“In our traditional security mission, the security and cryptographic standards and cryptographic systems, we are really investing in that mission again,” Neuberger said. “In the broader national security shift, we are moving from our counter terrorism fight, though we are still focused on it, but we also are recognizing that nation states are key adversaries today and we have to make shifts to ensure we are keeping up on that.”
The shift Neuberger is talking about isn’t just with people, but in the strategy and operational areas too.
Neuberger said over the course of the next few months she is focused on unifying the cyber organization, focusing on the hardest problems and enhancing collaboration across the public and private sectors.
“We want to deepen the collaboration between our threat analysis community, our vulnerability assessment community and our mitigations communities, and most importantly the people in those communities,” Neuberger said. “NSA generates hundreds of threat intelligence reports on cybersecurity. In those we detail adversary capabilities and threats. We also have a defensive mission that builds the cryptographic algorithms, cryptographic solutions and provides security advice for the nation’s most sensitive systems. They work together, but we need to deepen that and generate one product, ideally unclassified and quickly, to make it really usable.”
She said by concentrating on these areas, NSA will bring offensive and defensive capabilities closer together, and share threat analyses and offer more tactical intelligence to partners.
“There is a shift because we’ve heard a lot of feedback that some of the information we would share, for example IP addresses or domain names, are temporary and by the time they are shared they are no longer useful,” Neuberger said. “And when we share threat information at the unclassified level, there needs to be more context. What are the overall goals of the actor? How do they pull together those goals using an exploit or a particular infrastructure against a particular set of targets? We want to change from the more tactical elements being shared to pictures that help cybersecurity individuals who work the mission each day use that information each day to better impact.”
Chris Krebs, the director of the Cybersecurity and Infrastructure Security Agency (CISA) said at the Billington event that working with NSA and other agencies as the Energy Department to improve the security of the nation’s critical infrastructure and federal networks is vital.
“It’s almost like a concept that is widespread in the military where there is a supporting command and a supported command. We are the supported command and NSA is providing us with information to help us execute our mission — elections is just one example — but broader critical infrastructure,” Krebs said after he spoke at the summit. “There is no overlap [with the NSA]. This is understanding the lanes in the road and being able to execute in the same direction.”